Skip to main content

PCI for Online Ordering

Introduction

What is PCI?

Payment cardCard industryIndustry Data Security Standards (PCI)PCI DSS) compliance is mandated by credit card companies and the payment network to help ensure the security of credit card transactions inand thecardholder payments industry.data. It exists to protect cardholders from having their sensitive card data stolen and subsequently used without their consent.

As
Are awe merchant who is qualifiedrequired to complete this?

Even if you do not actively accept card payments, youthis mustPCI attestquestionnaire tois yourrequired.

compliance,


What regardlessis ofthe how muchbenefit or howcost?

often

PCI youquestionnaires acceptthat creditare cards,left evenuncompleted ifand notfined atby all!the card network and processor. The current processor fee is $39.95/mo. This fee is $0 with a completed PCI questionnaire.


Overview

This guide will assist you with the login and profile questions for your business. This form will not provide answers to the questionnaire and only the merchant can complete the questionnaire. We are not authorized to complete this questionnaire for you and this is not legal or compliance advice. 

You should expect this form to take about 45-90 minutes to complete.

This applies if you're using any of the following products:
  • Integrated Point-of Sale
  • E-Commerce Website (fully/partially developed by yourself or third-party developer)

Step-by-Step PCI Guide:

Step 1 - Login to MX Merchant

You must use the Google Chrome web browser. Other web browsers are not fully supported for all features and may cause technical issues. 

Then, login using your existing username and password. If you forgot your password, click the "Forgot Password" link to reset.have a reset process emailed to you.

If you forgot your username or are having another issue/error, callplease orcontact emailus us:for assistance.

If you do not have credentials for mxmerchant.com, please contact us for assistance.

image.png


image.png

Step 2 - Select LocationBusiness Merchant ID

If you only have one location, skip to Step 3.

If you have more than one location, verify you are connected to the right account. You may have to edit your "Location". To do this, select the  image.png  in the top right-hand corner. Select "Edit" next to "Location". A pop-up will appear. Search for the correct location by name. Select the checkbox next to the correct location and hit "Save". 

Please note,note: that manyMany merchants have both an in-person, “Brick & Mortar” account as well as an online, “e-Commerce” account. Ensure you have the proper account selected before you begin.

If you have more than one ID/location, verify you are connected to the right account. You may have to edit your "Location".

  • To do this, select the  image.png  in the top right-hand corner.
  • Select "Edit" next to "Location". A pop-up will appear. Search for the correct location by name.
  • Select the checkbox next to the correct location and hit "Save". 

Step 3 - Enable PCI Application

  • In the lefthand menu, select image.png. A grid layout will appear. 

  • Navigate to the app titled "Sysnet Global Solutions". On the app, in the lower righthand corner, select image.png.

Sysnet is a third-party PCI Compliance vendor that supports the PCI compliance process on behalf of payment processors. 

  • An activation confirmation message will appear. Select "OK".

A green bar will appear at the top of your web browser window confirming the app has successfully been activated. 

On the app, you should now see the image.png button where the image.png button was before. This means the app is now activated. 

Step 4 - Create Your Account

The application has been activated, but you must create an account. For security, you will be required to re-login after creating your account for the first time.

Hover over the Sysnet app with your mouse.mouse:

image.png

Click image.png. You will be redirected to a webpage at https://pciprotection.com

image.png

  • Create a username and password by selecting "Register" and following the prompts. 


    A pop-up confirming you are integrating your compliance into your online portal will appear. 

  • Select "Allow". 
    You will be redirected back to the "Apps" page of your MX Merchant account.



image.png

Like before, hover over the Sysnet app with your mouse. Click image.png.

Alternatively, you can navigate to: pciprotection.com.


Step 5 - Complete Your Compliance

Your dashboard will show “Not compliant” and three boxes for:

  1. Your Business Profilea3f960e5-99d4-44cb-b289-405247af9c1b.png
  2. Be Scan Compliant
  3. Complete Security Assessment

You'lla3f960e5-99d4-44cb-b289-405247af9c1b.png

start



with

the

Step business6 profile.- Business Profile: SAQ-A

Correctly answering the business profile is criticalcritical. – if theThe wrong profile iswill selected,alter your securitySecurity assessmentAssessment and make it inaccurate.

The following outlines the questions for a business profile of SAQ-A. This is PCI DSS' simplest classification and applies to customers that are using EVPay.

If you are using an on-premise payment terminal such as a card reader or “questionnaire”Point-of-Sale that is connected to your EVPay Merchant ID (MID), this SAQ-A will not be accurateapply to youryou. business.Please contact us for assistance.

    Step
  • Complete 6the -SAQ-A Business Profile:Profile SAQ-A
  • Q&A:

    Answer the questions:

Q: Does your organization provide payment related services, have access to credit card information for another company's customers, or provide services that could impact the security of credit card information for another organization?


A: No

Q. Select your processing method:

A. Check "Pay by Link"

If you are on Sail:
A. MX Merchant Gateway

If you are on Focus:
A. Authorize.net Gateway

Q. Does your business electronically store credit card numbers?
A. No

Do not keep credit card information in electronic files unless you have a compelling business reason to store the information. In most cases, you will reduce the level of effort required to comply with the PCI standard if you do not electronically store credit card numbers after authorization.

A. No

Q. Do you agree with the above statements?

A. Yes

Q. Your company policy for information security

A. I already have an Information Security Policy in place that covers ALL of the relevant clauses of the Payment Card Industry Data Security Standard (PCI DSS)

Q. All media (electronic and hard copy) is physically secured (including but not limited to computers, removable electronic media, paper receipts, paper reports, and faxes), as listed below:

A. Yes

Q. All of the proper controls are in place as listed, to ensure that only those who need access are granted such access:

A. Yes

Q. All requirements involving service providers, as listed, are being met

A. Yes

Q. All password standards are followed as listed

A. Yes

Q. All software and related system components are kept patched and updated, as listed, in order to provide protection from attack:

A. Yes

Q. Do you enforce a minimum password length of seven characters, containing both numeric and alphabetic characters, for user accounts on all POS devices, computers and systems in your business?

A. Yes

Screenshot 2024-10-08 at 4.32.26 PM.png

  • TheYou restwill be asked to validate your questions on an "Eligibility" Page. Your Eligibility should be assigned the "SAQ-A" type. If it is tonot, then there is an error with the Business Profile answers submitted.

If the resulting SAQ bullet points do not match your business, please contact us for assistance.


Step 7 - Security Assessment

a3f960e5-99d4-44cb-b289-405247af9c1b.png

Complete the "AnswerSecurity Assessment" by answering all questions accurately and honestly." the

The questionnaire CANNOT be passed without answering "yes" to all questions. There is a dropdown at the top of the page to filter questions which have not been answered "yes". If you require additional information to support these questions, the PCI Protection website includes a support line (which is not INGAGE) that can assist you.


The basic SAQ-A profile means that your business does not direcltydirectly handle cardholder data or Sensitive Authentication Data (SAD) which means the questionnairesSecurity Assessment may alsohave questions that do not apply to you. If you select "N/A" on an answer it will require a short reply,response. A simple response such as "SADThis does not apply to us". Thiswill answer does need to be complex.suffice.

If the resulting SAQ bullet points do not match your business, please email us to review together: support@ingageipayments.com

Move on to the next step. Select the logo or "Home" button if needed. 

Step 7 - PCI Scan

Under the "Be scan compliant" section, select "Manage".

Select "Schedule scan". 

Your IP address will populate in the gray bubble. If you are at the location of the business, this is the business' IP address. 

If you are not at the business, you must get the local IP address from the business. This can be done via Google and searching, "What is my IP address"***

For "Scan Date", enter today's date. You can also set it

 for any time in the near future. 

Scans can take 24-72 hours to run.

Set "Load Balancer?" to "No".

Under "Sysnet access", check the box at the bottom and select "Schedule Scan". 


Step 8 - FinishDownload QuestionnaireAttestation of Compliance

 Under "Complete security assessment", select "Manage".Screenshot 2024-10-08 at 4.29.14 PM.png

FollowA theGreen prompts.checkmark Selectwith "ClickYou're toCompliant" startshould your questionnaire". 

The last question requires our scan to be done and passed. 

All other questions are the responsibility of the merchant and must be answered according to the business’ unique handling of processing and policies.appear. You will receive an opportunity to change your answers at the end. Once passed, you will have a copy of your certificate available for download.

Merchants will be required to answer "yes" to all questions in order to pass! This is to certify that the questions regarding compliance and security are true for your business. Please answer honestly.

There is a toggle at the top of the page that allows you to sort your “yes” and “no” answers. This is to allow you to look through those questions that you answered “no” to, to update your business processes or policies and return to the page to mark them as “yes”.

You will not be allowed to submit your questionnaire if all answers are not marked as “yes”.

Additional help resources are available on the Sysnet website. Additionally, the phone number for Sysnet support is located on the website screen in the upper right hand corner and is available for your use. A PCI compliance expert can assist you with questionnaire answers.

Unfortunately, as your Qualified Integrator Reseller (QIR) we cannot answer these questions for you and we encourage all businesses to answer the questions thoroughly and honestly.

Step 9 - Confirm Scan and Finish Questionnaire

Sysnet will send you an email confirming your scan PASS or FAIL. It will go to the email on file (used earlier). Please check junk/spam as these emails are automated.

If your scan is a FAIL – call our support team at (612)-861-5277 or email us at support@ingageit.com. Our I.T. support group will need to review your network and scan results to assist you. You will need to follow their direction and proceed with another scan.

If your scan is a PASS – log back into Sysnet and complete the final question of the questionnaire. This is the last step for compliance for the year. You canmay download a copy of your compliance forcertificate by selecting "DOWNLOAD AOC" (Attestation of Compliance).

If the above Business Profile resulted in your records.SAQ-A classification then the "Scan" section which first appeared in the middle of the page should no longer be visible as it does not apply to you. If you are still be required to complete the scan after successfully completing the business profile and self-assessment as described above, please contact us for assistance.

There are no further steps: Congratulations on completing your compliancePCI and savings. attestation!


INGAGE Mark Gold.png


Need Help?


If you have any furtherquestions questionswith this guide or need assistance,other payment-related support, please email orus callat your INGAGE account representative for assistance. payments@ingageit.com.

Thank you!