Frequently Asked Questions

Have a question? Look for the answer in our FAQ.

What is PCI Compliance?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store, or transmit payment card data do so securely.

What happens if I don’t become PCI compliant?

If your PCI compliance does not remain current, you will be assessed a non-compliance fee for each account.

Additionally, if you do not take steps to process securely, you are putting your business and customers at serious risk.

The average out-of-pocket cost for a data breach for small businesses (in 2014) was $36,000 and can easily reach or exceed $50,000.

Data breach costs include:

  • Forensic investigation of computer or point of sale systems: $10,000-$20,000
  • Reimbursement for fraudulent purchases made using breached information, as well as chargeback fees for those transactions
  • Replacement cards for breach accounts: $3-$10 per card
  • Card Association fines for non-compliance with the PCI Standard: up to $500,000
  • Loss of business reputation and customer loyalty
  • Potential loss of credit card acceptance (temporary or permanent).

How can I become PCI Compliant/What do I need to do to become PCI Compliant?

You can complete your compliance online by clicking the Log In Now button

OR

You can contact SecurityMetrics PCI helpdesk specialists at 801-705-5606 to complete the process over the phone!

How do I login to my www.mypci.com account?

  1. Click on the "Log In Now" button
  2. Click on the "First Time Login" button
  3. Your username will be your Merchant Identification Number@mypci.com
    Example: 8788290123123@mypci.com
  4. You will receive an email from support@securitymetrics.com to set your password.

I already did this...

  • With another vendor:
    • We will apply any valid proof of compliance to your account. Please send your current certificate of compliance, or send your SAQ, and (if applicable) vulnerability scan(s) to SAQ@securitymetrics.com or fax to 801-623-5621.
  • Last year:
    • The PCI-DSS requires you to renew your compliance : Self-Assessment Questionnaires are valid for one (1) year, Vulnerability Scans (if applicable) are valid for 90 days.

I think you should do this for me/my last company did this

Compliance is about more than your equipment! Only you can accurately provide required information about your business policies, procedures, and environment.

Why am I required to do this?/Can I go with a company that won't make me do this?

No matter who you process with, or how you accept payment cards, PCI-DSS compliance is required. The standard was created by the major card brands Visa, MasterCard, Discover, AMEX, and JCB to help keep your business and your customers safe.

What is a Vulnerability scan?

  • 1. A vulnerability scan is non-intrusive scan to remotely review networks and web applications. The scan will look for vulnerabilities in operating systems, services and devices that could be used by hackers to target your card environment.
  • 2. The PCI-DSS stipulates that Scans expire every 90 days: this helps ensure that the identification and resolution of security vulnerabilities is kept current.

If you need assistance completing your SAQ or vulnerability scan, please contact our experts at the SecurityMetrics PCI helpdesk: 801-785-5044

For all other inquiries, please contact customer service at 1-866-785-5044