What to Expect

Completing Your Compliance

  1. Click "Log In Now" to the right and then click "Sign Up" on the next page. You will be asked to register an account by entering an email address and password of your choice.
  2. You will receive an email from support@securitymetrics.com containing your temporary password.
  3. Once you are logged in for the first time, you will be asked to update your password and confirm some basic information about your account.
  4. Next, you will be asked a few questions about how you currently accept payment cards.
  5. Based on your answers, you will be assigned a Self-Assessment Questionnaire (SAQ).
    *If a Vulnerability Scan is required you will be prompted to provide an I.P. address and/or domain name.
  6. The SAQ will contain more detailed questions regarding your policies, procedures, and processing environment.
    • The number and complexity of the questions in the SAQ is dependent on your processing environment.
  7. Once you have completed the questionnaire you will be prompted to attest to your compliance.
  8. Your compliance information will be updated in all of our systems automatically! If required, your next vulnerability scans will be automatically scheduled to run every 90 days. *You will receive an email notification if the Scan does not automatically pass*
  9. To download a copy of your compliance information: Click on “Reports” [located in the menu on the left.]

If you need assistance completing your SAQ or vulnerability scan, please contact our experts at the SecurityMetrics PCI helpdesk: 801-705-5606

For all other inquiries, please contact customer service at 1-866-785-5044

Surviving a data security breach

  1. Notification: Once we are advised of a data security breach or suspected breach we will contact you via email from Violations@mypci.com. IT IS EXTREMELY IMPORTANT THAT ALL DEADLINES COMMUNICATED ARE ADHERED TO.
    • The notification email will contain reporting, containment, and remediation deadlines, as well as forms to assist you in documenting containment and remediation efforts.
  2. Containment: You will be asked to begin the process of containing the compromise
    • There are two primary areas of concern in containing a compromise: your computer network/payments acceptance solution, and your staff. You will need to make sure that controls are put in place in both areas to stop further compromise.
    • We will work with you to ensure you have a processing solution during this process.
  3. Investigation: You will need to begin the investigation to determine what was affected, and when the compromise occurred.
  4. Remediate: Now that the data security breach has been contained and investigated, it is time to begin taking steps to correct any identified issues, and begin repairing damage.
  5. Assessment: Card Brands, and/or Acquirer may assess fines, fees, penalties, or assessments as a result of the data compromise.

We will be in regular communication to assist you through the process. For more detailed information, please see our "What to do if breached" guide.