Overview
What is PCI?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.
To get to your PCI compliance Portal, supported by Secure Trust:
Login to your Cardpointe Merchant Portal
Using your navigation bar at the top, select My Account
On the account sub tab, find and select the Not Compliant hyperlink to open the Secure Trust Portal.
Creating Your Business Profile
Before you are able to review your secure trust portal, and complete your Compliance Survey, you'll need to create your business profile.
Please enter your Contact Email, Contact Name, Mobile Number and select your Language Preference. If you wish, you can also add an additional contact email.
Once all items are entered, select Next.
On the following page, select Start Business Profile
On the Before You Begin page, select Next to continue
On the Pick an Assessment Method page, choose Expert
Then select Next to continue
On the following page, please select No for both questions to be sorted into the correct Survey type.
Then select Next to continue
For Password Policy select Yes
Then select Next to continue
It will then ask about Third Party Managed System Service Providers
You will select No for both of these
On the A summary of how and where you handle card payments, please answer these questions per your business type.
The first question should be answered with your type of Retail location. For example, Salon, Spa, Grooming Salon, Recreation Facility, Veterinary Clinic or Tattoo Salon.
For the Second question, enter your type of Card Processing Device. For example, Clover Flex or Clover Mini.
The Last question should be answered with what industry you are in. Common examples are Spa, Vet, Pet, Salon, Recreation, Tattoo etc.
Completing Your PCI Questionnaire
Failure to complete your PCI Compliance within 60 days of your account being approved will result in an additional fee placed on your merchant statement.
After completing these questions, you will be taken to your Secure Trust Portal.
Under ‘Your Business Profile’ make sure that SAQ type P2PE is displayed.
Once you have confirmed the correct SAQ type has been selected, click Begin Step under the Complete your Security Assessment section.
If the SAQ type is not P2PE, select manage, Re-profile, and follow the steps above (under Creating Your Business Profile) to resort your business type to the correct SAQ.
After selecting Begin Step, you will be taken to your Compliance Survey.
Depending on your industry, there will be approximately 15-25 Questions.
As you complete questions, they will clear from the form. Your section progress is located on the right of the screen.
You may see a question that asks you to fill in the “Completion Date”. For your first time completing PCI compliance, please make sure to fill in the current date. Then answer any remaining questions.
Please note, to become compliant you will need to answer Yes to each question.
The Final step is to Confirm Your Compliance.
Under Your Organization Information Details enter your Title. Typical answers are Owner, Manager, or Co-Owner.
Under the section Merchant Executive Officer, again enter your Title and name.
Lastly, under Information for Submission select Confirm your Attestation
Once confirmed you will then be taken back to the main menu where you will see “You’re Compliant”.
You can download the Attestation of Compliance(AOC) document by clicking on DOWNLOAD AOC from the dashboard once PCI compliance has been completed.
Congratulations your survey is complete! Please see below for important FAQs.
FAQS
Q. How Often does the PCI survey need to be completed?
A. Your PCI compliance is applicable for a full calendar year from the date of completion (Ex. if completion date is 1/1/2024, it will expire 1/1/2025 and will need to be resubmitted.
Q. How can I receive a notification when I need to become compliant again?
A. You can select to receive an email when you become Non-Compliant again from your notification configuration under your Dashboard. For additional support, check out this article.
Q. My SAQ type isn’t P2PE, what should I do?
A. To resort your business profile into the right SAQ, select the manage button on your business profile section. Follow the guide above, making sure your correct industry and device type have been entered. If you are still sorted incorrectly, please give our support team a call.
Q. What happens if I do not complete my PCI Compliance?
A. Failure to complete your PCI Compliance within 60 days of your account being approved will result in an additional fee placed on your merchant statement. Please note, refunds for these fees are typically unable to be provided. As always, contact support if you have any issue at all completing your PCI compliance.