Skip to main content

PCI Compliance for Sail/EMV/Swipe

Introduction

What is PCI?

Payment Card Industry Data Security Standards (PCI DSS) compliance is mandated by credit card companies and the payment network to ensure the security of credit card transactions and cardholder data. It exists to protect cardholders from having their sensitive card data stolen and subsequently used without their consent.


Are we required to complete this?

Even if you do not actively accept card payments, this PCI questionnaire is required.


What is the benefit or cost?

PCI questionnaires that are left uncompleted and fined by the card network and processor. The current processor fee is $39.95/mo. This fee is $0 with a completed PCI questionnaire.


Overview

This guide will assist you with the login and profile questions for your business. This form will not provide answers to the questionnaire and only the merchant can complete the questionnaire. We are not authorized to complete this questionnaire for you and this is not legal or compliance advice. 

Step-by-Step PCI Guide:

Step 1 - Login to MX Merchant

You must use the Google Chrome web browser. Other web browsers are not fully supported for all features and may cause technical issues. 

If you forgot your password, click the "Forgot Password" link to have a reset process emailed to you.

If you forgot your username or are having another issue/error, please contact us for assistance.

If you do not have credentials for mxmerchant.com, please contact us for assistance.

image.png

Step 2 - Select Business Merchant ID

Please note: Many merchants have both an in-person, “Brick & Mortar” account as well as an online, “e-Commerce” account. Ensure you have the proper account selected before you begin.

If you have more than one ID/location, verify you are connected to the right account. You may have to edit your "Location".

  • To do this, select the  image.png  in the top right-hand corner.
  • Select "Edit" next to "Location". A pop-up will appear. Search for the correct location by name.
  • Select the checkbox next to the correct location and hit "Save". 

Step 3 - Enable PCI Application

  • In the lefthand menu, select image.png. A grid layout will appear. 
  • Navigate to the app titled "Sysnet Global Solutions". On the app, in the lower righthand corner, select image.png.

Sysnet is a third-party PCI Compliance vendor that supports the PCI compliance process on behalf of payment processors. 

  • An activation confirmation message will appear. Select "OK".

A green bar will appear at the top of your web browser window confirming the app has successfully been activated. 

On the app, you should now see the image.png button where the image.png button was before. This means the app is now activated. 

Step 4 - Create Your Account

The application has been activated, but you must create an account. For security, you will be required to re-login after creating your account for the first time.

Hover over the Sysnet app with your mouse:

image.png

Click image.png. You will be redirected to a webpage at https://pciprotection.com

image.png

  • Create a username and password by selecting "Register" and following the prompts.
    A pop-up confirming you are integrating your compliance into your online portal will appear. 
  • Select "Allow".
    You will be redirected back to the "Apps" page of your MX Merchant account.

image.png

Like before, hover over the Sysnet app with your mouse. Click image.png.

Alternatively, you can navigate to: pciprotection.com.


Step 5 - Complete Your Compliance

Your dashboard will show “Not compliant” and three boxes for:

  1. Your Business Profile
  2. Be Scan Compliant
  3. Complete Security Assessment

a3f960e5-99d4-44cb-b289-405247af9c1b.png

You'll start with the business profile. Correctly answering the business profile is critical – if the wrong profile is selected, your security assessment or “questionnaire” will not be accurate to your business. 

 

Step 6 - Business Profile: SAQ-C

Under "Your business profile", select "Manage".

Follow the prompts. If you are using the integrated point-of-sale, complete the following:

Q: Payment related services: Does your organization provide payment related services, have access to credit card information for another company's customers, or provide services that could impact the security of credit card information for another organization?
A: No

Q: Select Your Processing Method
A: POS Terminal

Q: Your Point-to-Point Encryption system: Is your Point-of-Sale system a PCI SSC approved Point-to-Point Encryption (P2PE) hardware solution?
A: No

Q: Does your business electronically store credit card numbers?
A: No

Q: Third Party Managed System Service Providers: Do you have relationships with one or more third-party service providers that manage system components included in the scope of this assessment, for example, via network security control services, anti-malware services, security incident and event management (SIEM), contact and call centers, web-hosting services, and IaaS, PaaS, SaaS, and FaaS cloud provider?
A: Yes

Q: Managed system component providers: Your service providers. You can add a new one or remove if the existing one is incorrect.
A: INGAGE LLC

Q: Other Third Party Service Providers that may impact cardholder data security: Do you have relationships with one or more third-party service providers that could impact the security of the merchant’s cardholder data environment (CDE)? For example, vendors providing support via remote access, and/or bespoke software developers.
A: Yes

Q: Does your business use or allow any remote administrative access?
A: Yes

Q: Does your company have a wireless network connected to the cardholder data environment? 
A: Yes

Q: Do you agree with all of the above statements?
A: Yes

Q: Your company policy for information security
A: I already have an Information Security Policy in place that covers ALL of the relevant clauses of the Payment Card Industry Data Security Standard (PCI DSS)

Q: All policies and procedures involving the identification and tracking of devices relating to the cardholder data environment, as listed below, are followed: All policies and procedures involving the identification and tracking of devices relating to the cardholder data environment, as listed below, are followed
A: Yes

Q: Does your business electronically store credit card numbers?
A: No

Q: Does your business electronically store credit card numbers?
A: No

Step 8 - Download Attestation of Compliance

Screenshot 2024-10-08 at 4.29.14 PM.png

A Green checkmark with "You're Compliant" should appear. You may download a copy of your compliance certificate by selecting "DOWNLOAD AOC" (Attestation of Compliance).

If the above Business Profile resulted in your SAQ-A classification then the "Scan" section which first appeared in the middle of the page should no longer be visible as it does not apply to you. If you are still be required to complete the scan after successfully completing the business profile and self-assessment as described above, please contact us for assistance.

There are no further steps: Congratulations on completing your PCI attestation!


INGAGE Mark Gold.png


Need Help?


If you have any questions with this guide or need other payment-related support, please email us at payments@ingageit.com.

Thank you!