PCI for B2B

Introduction

Payment card industry (PCI) compliance is mandated by credit card companies to help ensure the security of credit card transactions in the payments industry. It exists to protect cardholders from having their sensitive card data stolen and subsequently used without their consent.

As a merchant who is qualified to accept card payments, you must attest to your compliance, regardless of how much or how often you accept credit cards, even if not at all!

This guide will assist you with the login and profile questions for your business. This form will not provide answers to the questionnaire and only the merchant can complete the questionnaire. We are not authorized to complete this questionnaire for you and this is not legal or compliance advice. 

You should expect this form to take about 45-90 minutes to complete.

This applies if you're using any of the following products:

• Integrated Point-of Sale
• E-Commerce Website (fully/partially developed by yourself or third-party developer)

Step-by-Step Guide:

Step 1 - Login to MX Merchant

Click the link in the email from norely@mxmerchant.com or go to www.mxmerchant.com 

You must use the Google Chrome web browser. Other web browsers are not fully supported for all features and may cause technical issues. 

Then, login using your existing username and password. If you forgot your password, click the "Forgot Password" link to reset. If you forgot your username or are having another issue/error, call or email us:

Step 2 - Select Location

If you only have one location, skip to Step 3.

If you have more than one location, verify you are connected to the right account. You may have to edit your "Location". To do this, select the    in the top right-hand corner. Select "Edit" next to "Location". A pop-up will appear. Search for the correct location by name. Select the checkbox next to the correct location and hit "Save". 

Please note, that many merchants have both an in-person, “Brick & Mortar” account as well as an online, “e-Commerce” account. Ensure you have the proper account selected before you begin.

Step 3 - Enable Application

In the lefthand menu, select . A grid layout will appear. 

Navigate to the app titled "Sysnet Global Solutions". On the app, in the lower righthand corner, select .

An activation confirmation message will appear. Select "OK".

A green bar will appear at the top of your web browser window confirming the app has successfully been activated. 

On the app, you should now see the  button where the  button was before. This means the app is now activated. 

Step 4 - Create Your Account

The application has been activated, but you must create an account. For security, you will be required to re-login after creating your account for the first time.

Hover over the Sysnet app with your mouse. Click . You will be redirected to a webpage at https://pciprotection.com. 

Create a username and password by selecting "Register" and following the prompts. 

A pop-up confirming you are integrating your compliance into your online portal will appear. Select "Allow". You will be redirected back to the "Apps" page of your MX Merchant account.

Like before, hover over the Sysnet app with your mouse. Click .

Step 5 - Complete Your Compliance

Your dashboard will show “Not compliant” and three boxes for:

1. Your Business Profile
2. Be Scan Compliant
3. Complete Security Assessment
   

You'll start with the business profile. Correctly answering the business profile is critical – if the wrong profile is selected, your security assessment or “questionnaire” will not be accurate to your business. 

Step 6 - Business Profile: SAQ-A

Answer the questions:

Q: Does your organization provide payment related services, have access to credit card information for another company's customers, or provide services that could impact the security of credit card information for another organization?

A: No

 

Q. Select your processing method:

A. Check "Pay by Link"

 

Q. Your Pay By Link solution provider

A. MX Merchant Gateway

 

Q. Does your business electronically store credit card numbers?

Do not keep credit card information in electronic files unless you have a compelling business reason to store the information. In most cases, you will reduce the level of effort required to comply with the PCI standard if you do not electronically store credit card numbers after authorization.

A. No

 

Q. Do you agree with the above statements?

A. Yes

 

Q. Your company policy for information security

A. I already have an Information Security Policy in place that covers ALL of the relevant clauses of the Payment Card Industry Data Security Standard (PCI DSS)

 

Q. All media (electronic and hard copy) is physically secured (including but not limited to computers, removable electronic media, paper receipts, paper reports, and faxes), as listed below:

A. Yes

 

Q. All of the proper controls are in place as listed, to ensure that only those who need access are granted such access:

A. Yes

 

Q. All requirements involving service providers, as listed, are being met

A. Yes

 

Q. All password standards are followed as listed

A. Yes

 

Q. All software and related system components are kept patched and updated, as listed, in order to provide protection from attack:

A. Yes

 

Q. Do you enforce a minimum password length of seven characters, containing both numeric and alphabetic characters, for user accounts on all POS devices, computers and systems in your business?

A. Yes

The rest is to "Answer all questions accurately and honestly." the questionnaire CANNOT be passed without answering "yes" to all questions. The basic SAQ-A profile means that your business does not direclty handle cardholder data or Sensitive Authentication Data (SAD) which means the questionnaires may also not apply to you. If you select "N/A" on an answer it will require a short reply, such as "SAD does not apply to us". This answer does need to be complex.