What to Expect: Completing Your Compliance
- Your Username will be your Merchant Identification Number@mypci.com Example: email@example.com
- You will receive an email from firstname.lastname@example.org containing your temporary password.
- Once you are logged in for the first time, you will be asked to update your password and confirm some basic information about your account.
- Next, you will be asked a few questions about how you currently accept payment cards.
- Based on your answers, you will be assigned a Self-Assessment Questionnaire (SAQ).
*If a Vulnerability Scan is required you will be prompted to provide an I.P. address and/or domain name.
- The SAQ will contain more detailed questions regarding your policies, procedures, and processing environment.
- The number and complexity of the questions in the SAQ is dependent on your processing environment.
- Once you have completed the questionnaire you will be prompted to attest to your compliance.
- Your compliance information will be updated in all of our systems automatically! If required, your next vulnerability scans will be automatically scheduled to run every 90 days. *You will receive an email notification if the Scan does not automatically pass*
- To download a copy of your compliance information: Click on “Reports” [located in the menu on the left.]
If you need assistance completing your SAQ or vulnerability scan, please contact our experts at the SecurityMetrics PCI helpdesk: 801-705-5606
For all other inquiries, please contact customer service at 1-866-785-5044
What to Expect: Surviving a data security breach
- Notification: Once we are advised of a data security breach or suspected breach we will contact you via email from Violations@mypci.com. IT IS EXTREMELY IMPORTANT THAT ALL DEADLINES COMMUNICATED ARE ADHERED TO.
- The notification email will contain reporting, containment, and remediation deadlines, as well as forms to assist you in documenting containment and remediation efforts.
- Containment: You will be asked to begin the process of containing the compromise
- There are two primary areas of concern in containing a compromise: your computer network/payments acceptance solution, and your staff. You will need to make sure that controls are put in place in both areas to stop further compromise.
- We will work with you to ensure you have a processing solution during this process.
- Investigation: You will need to begin the investigation to determine what was affected, and when the compromise occurred.
- Remediate: Now that the data security breach has been contained and investigated, it is time to begin taking steps to correct any identified issues, and begin repairing damage.
- Assessment: Card Brands, and/or Acquirer may assess fines, fees, penalties, or assessments as a result of the data compromise.
We will be in regular communication to assist you through the process. For more detailed information, please see our "What to do if breached" guide.