As PCI compliance is tied to not only the point-to-point encrypted solution that our software uses to process payments, but to the ways merchants store and manage cardholder information, all merchants must attest to PCI compliance.
To help you with this, CenterEdge Payments partners with SecurityMetrics, a leading provider of data security and compliance, to streamline PCI compliance for merchants. You will fill out a PCI Self-Assessment Questionnaire (SAQ) to help you assess how you secure cardholder data to avoid compromise, which could lead to a security breach, fines, loss of processing, etc.
You will need to follow the steps below and as outlined in the emails you should have received to enroll and complete your compliance.
- Watch for emails from: firstname.lastname@example.org which contain the steps and links.
- Register on the SecurityMetrics website here and start the questionnaire.
- Select DataCap Net Epay, Express payment triPOS, or Authorize.net as your credit card processing method depending on your setup.
- Contact Support if you're not sure.
- Complete the PCI self-assessment questionnaire (SAQ) – it has 33 yes/no questions, and if your answers are all yes, you’re done!
- If you need help with the questions see the PCI Compliance Guide.
- Call SecurityMetrics at (800) 557-4797 if you have any additional questions.
Complete this SAQ within 90 days to avoid a $25 monthly fee for Non-Receipt of Validation.
Who is SecurityMetrics?
SecurityMetrics is a global leader in merchant data security and compliance for all business sizes and merchant levels and has helped secure over 1 million payments systems. Security Metrics has been in the PCI industry since 2000.
Why do I need to be compliant?
To avoid a data breach. Of cyber-attacks, 43% target small businesses, which could result in loss of revenue, fines, lawsuits and more. It is also required to accept credit card payments.
Payment Card Industry (PCI) Data Security Standard (DSS) compliance is designed to protect businesses and their customers from credit card theft and fraud. All businesses or service providers that store, process, or transmit payment card data are required to comply with the data standard - regardless of business size or the amount of annual payment card transactions.
What happens if I am not PCI Compliant?
You run the risk of cyber-attacks, breach of customer information, fines, penalties as well as disruption of card acceptance and a $25.00 monthly non-compliance fee will be added to the processing account.
How do I become compliant?
SecurityMetrics sends merchants a series of emails for sign up. You create an account and complete the questionnaire.
How much does it cost me to do the questionnaire?
This service is free and includes a compliance dashboard from SecurityMetrics. Upon completion, you'll receive $100,000 in breach assistance.
How long do I have to complete the questionnaire?
You have 90 days from when your credit card processing account was opened to verify your compliance.
How often do I have to complete the questionnaire?
You will need to complete the questionnaire once a year and you will be advised when your PCI Compliance is going to expire through SecurityMetrics via email.
What should I know about the questionnaire?
There are 4 parts to this SAQ and the sections are as follows:
Policy: You will answer questions regarding training and documenting your security measures around your processing account.
Physical access: You will answer questions on who has access to the data and your POS system.
Stored Data: You will answer questions on how you store and dispose of said information.
How you accept cards: You will list all your POS systems and processing providers.
Find more detailed information in the PCI Compliance Guide.
How many questions do I have to answer?
Our merchants are set up on the P2PE questionnaire, which has 33 questions that need to be answered, 3 of which SecurityMetrics has prefilled for you.
What do I do if I don’t know how to answer a question?
See the PCI Compliance Guide or Call SecurityMetrics at (800) 557-4797 for help. They are available 24/7.
What should I do after I complete the questionnaire?
You do not need to do anything. Our provider can see your compliance status and certification via a SecurityMetrics partner portal. Once we see that you are compliant, we will print your certificate and have the fee removed from your processing account.
How do I know I passed?
SecurityMetrics will notify you that you passed, and a PCI certificate of compliance will be added to your SecurityMetrics account.
Why do I have to pay a $25.00 monthly fee?
You do not have to pay a monthly PCI fee if you complete the questionnaire and certify your compliance. The fee is set to offset any costs that may be incurred due to lack of PCI compliance.
Can I be refunded PCI non-compliance fees?
No, these fees are associated with your non-compliance and cannot be refunded after you become compliant. If you complete this within 90 days of opening your credit card processing account, no fee will be applied.
Is there any summary info on PCI?
Click here to see a summary of PCI SAQ Tips and Tricks. Keys to taking the PCI SAQ include:
- Know your cardholder environment – the way you process, store and transmit cardholder data.
- Use the SAQ as a roadmap to compliance and better security.
- Everything you need to know and do are in the SAQ.