The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements for improving payment account data security.
It was developed by the PCI Security Standards Council (PCI SSC) founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc.
It promotes consistent global data security measures. The standard aims to raise awareness and encourage best practices for handling sensitive information to reduce identity theft and fraud. Click here to learn more from Payrix.
Any business that accepts online payments must complete a PCI DSS Compliance assessment each year to verify that they're following secure practices to protect their customers' sensitive card data. By using a PCI DSS Compliant integration in Docket (DocketPay), we are able to verify the majority of security concerns on your behalf.
However, as with any secure system, there are things that our integration and software cannot handle on your behalf, like filling out your self-assessment questionnaire. That assessment needs to be competed every year and should only take you 10 minutes to complete.
We've created this guide to help you work through the PCI Compliance process. If you'd rather look at the full slide deck on its own instead of the slide-by-slide breakdown below, please click here.
Please Note: This guide will show/suggest example answers that are required to be PCI Compliant, but you should only use these example answers if they apply to your business and its practices.
Before You Start
Here are a few things to know before you continue:
- Your business owner should fill out the PCI DSS Compliance assessment.
- You must register for the SaferPayments portal before you can log in to take the assessment. (Instructions are below.)
- Our Support team cannot troubleshoot issues you may experience while registering/using the SaferPayments portal. Please reach out to the SaferPayments team via 1-866-493-8756 or support@yoursecurejourney.com for help.
Why PCI DSS Compliance is Important
Any business that accepts online payments must complete a PCI DSS Compliance assessment each year to verify that they're following secure practices to protect their customers' sensitive card data.
This helps to:
- Protect cardholder data.
- Prevent data breaches.
- Reduce fraud and identity theft.
- Meet legal and regulatory requirements.
If your business is found to be non-compliant, you could be fined significantly for the duration of your non-compliance.
Steps to PCI DSS Compliance
There are 5 steps to ensure your business is compliant and observing the 12 PCI DSS Requirements each year.
Each of the 5 steps is listed below with all of their related links. If you'd rather look at the full slide deck on its own and use the links from there, please click here.
1) Log Into the SaferPayments Portal
You may have received an email from Payrix that asks you to log into the SaferPayments portal to complete the PCI DSS compliance process.
Payrix sends an email to its users as they near their annual compliance renewal, so if you haven't gotten that yet, you will when it's time for you to renew your compliance.
Click here to go to the SaferPayments portal and Register or Log In.
If this is the first time you're logging into the SaferPayments portal, you'll first need to click "Register" and create a profile. Then you'll be able to log in on the home page.
If you've already created a SaferPayments portal profile, you can log in using your previously created Username and Password. Use the "Forgot Password" link to reset your password, if needed.
2) Confirm Your Business Profile
After you're logged into the SaferPayments portal, you'll land on the home page.
Find the card titled 'Your Business Profile' and click the "Manage" button on it.
After you click "Manage" from the Your Business Profile card, you'll need to click "Re-profile" from the prompt that appears next.
The latest information for this year's PCI DSS will appear and you'll need to click "I Understand" to accept the terms.
You'll then be asked a series of questions about your business to confirm what type of Self-Assessment Questionnaire (SAQ) you'll need to fill out.
Please Note: You'll be given a couple of assessment methods at this point and we strongly suggest choosing the "Guide Me" option.
3) Qualify for SAQ A (Self-Assessment Questionnaire - Version "A")
The first question asks you "How do you accept payment cards?"
It's very important to only select Online Payments as your answer. Since Payrix is an online payment processing system, all transactions are considered eCommerce (online) payments even if you take a payment over the phone or in person.
The second question asks you "How do you accept online e-commerce customer card payments?"
You'll want to select the "My customers make online payments to my business via a website accessed using a web browser" answer because the other option doesn't apply to your business.
The third question asks you about other uses of card numbers in your business by you/your team. Because DocketPay securely transmits payment information through our integration, you can select 'No' for both questions that appear.
Please Note: If you/your team are sending, receiving, and/or saving clients' payment details via email, text message, USB flash drive, external hard drives or memory cards, or any other unsecure method, please stop immediately and delete the information. This opens your business up to all kinds of security issues and potential lawsuits if something's breached.
The fourth question asks you about your company policy for information security. If you already have an Information Security Policy in place that covers all the PCI DSS requirements, select that option. If you don't already have a policy like this, select the "I do not have an Information Security Policy in place at the moment" answer and download the free policy.
The fifth question asks you for a brief summary of how and where you handle card payments. Some example answers are in the slide above. (Using your mouse or trackpad, right-click on the image above and click 'open image in new tab' to see a bigger version of the slide.)
After you've submitted your answers, you'll see the home page again and it's time to complete the next step.
4) Pass the Security Assessment
If your business qualifies for the SAQ A (Self-Assessment Questionnaire - Version "A"), you'll see that displayed on the 'Your Business Profile' card and you'll only have to complete 2 self-assessment questions.
TIP: If you don't see "SAQ A" displayed on the 'Your Business Profile' card and/or there are more than 2 Unanswered Questions displayed on the 'Complete Security Assessment' card, please repeat Steps 2 and 3 above. You can also reach out to the SaferPayments team via 1-866-493-8756 or support@yoursecurejourney.com for more help.
To complete the self-assessment, click on "Begin Step" from the 'Your Next Step' banner at the top of your home page.
The first question asks you about Account Data Storage. DocketPay is a PCI secure integration and Payrix completes this maintenance task for you every day as part of their security policy.
Because you're using DocketPay, you can select "Yes" and enter today's date as the Compliance Maintenance Task date.
The second question asks you about Strong Access Control Measures. Because you're using DocketPay to securely store cardholder data, you can select "N/A" and provide a short reason why.
We suggest using "We don't store cardholder data offline" as your reason.
After you've filled out all the necessary fields, click the "Confirm Your Attestation" button to submit the questionnaire.
Back on your home page you should see confirmation that you're compliant with this year's PCI DSS.
5) Save Your Login Information
PCI DSS compliance is only good for one year and you'll need to log back into the SaferPayments portal to do this again each year.
Because of this, we strongly recommend saving your login information somewhere secure if you haven't already. Doing so will make this yearly process much smoother for you in the future!
If you have any questions, please reach out to our Support team through the chat widget on the bottom right of this page or by sending an email to support@yourdocket.com!