Below is a list of our most frequently asked questions related to PCI Compliance. If you don’t see an answer below, please email us or call our office: 800-261-3173.
General PCI Questions
What is PCI Compliance?
The Payment Card Industry Data Security Standard (PCI DSS) was established in 2006 by the major card brands (Visa, MasterCard, American Express, Discover Financial Services, JCB International). All businesses that process, store, or transmit payment card data are required to implement the standard to prevent cardholder data theft. Your card-handling practices and processing environment determine which requirements of the PCI DSS apply to your business.
Who needs to become PCI Compliant?
All businesses that process, store or transmit payment card information are required to comply with the PCI DSS.
I do business online - do I still have to become PCI Compliant?
Yes. All business, e-commerce or otherwise, must maintain PCI Compliance.
How much does PCI Compliance Cost?
Absolutely nothing. Included in your partnership with Inspire Commerce are all the tools required to become PCI compliant with SecurityMetrics. All technical and account support is provided to you at zero cost!
Are there any fines or penalties associated with a non-compliant status?
If you fail to maintain a compliant status, a fee of $19.95 is added to your monthly statement. A non-compliant status also puts your business at increased risk for fraudulent activity.
Who is SecurityMetrics and why am I receiving emails from them?
SecurityMetrics is a leading provider and innovator in merchant data security and compliance for businesses worldwide. Inspire Commerce has partnered with their team to help your business meet all of the Payment Card Industry Data Security Standards (PCI-DSS) requirements.
Becoming PCI Compliant
What is required to become PCI Compliant?
We try to make PCI as painless a process as possible! To begin, simply visit our private SecurityMetrics login page and create an account (your business is already registered with Inspire Commerce, so the system will immediately recognize you). Once you are logged in, you will be guided through a short questionnaire. Some merchants only need to complete and pass this annual Self-Assessment Questionnaire (SAQ). If vulnerability scanning is required for your business, you must pass the scan(s) and SAQ before you are PCI compliant.
How can I tell if my business is compliant?
SecurityMetrics provides your business with an online compliance reporting center that helps you track your compliance progress. You receive a simple compliant or not compliant grade, compliance reports, scan reports, video tutorials, glossaries and other compliance assistance to help you achieve accurate compliance validation.
How often do I need to complete the questionnaire and vulnerability scan?
PCI Compliance is not a single event, but an ongoing process. As such, businesses are required to complete the SAQ and site scan every quarter. Inspire Commerce helps keep track of these deadlines for you, and always emails you when your renewal is coming up.
My shopping cart (Shopify, Chargify, etc.) is PCI Compliant. Do I still need to complete a site scan?
It depends. If your checkout page is hosted directly by Spotify or Chargify, (i.e., the URL where your customers enter their card data reads “shopify.mybusiness.com”) then, no. If, however, you personally host your own checkout page (so your URL reads “checkout.mybusines.com”) then yes, you must complete a site scan since confidential data is transmitted on your site.
What is a site vulnerability scan?
A site scan is a required component of many merchants’ PCI compliance process (especially e-commerce merchants). When a site scan is conducted, SecurityMetrics scans your website for external network vulnerabilities and web application development errors such as, security holes that could enable backdoors, buffer overflows, denial of service, and SQL injection issues specific to your website programming.
My site scan is failing, why?
There are many reasons why your scan could be failing. First, be sure that you’ve listed the correct URL to be scanned. This URL should be the one where customers enter in card data, not necessarily just your home page. For example, the difference between “shop.mybusiness.com” instead of “www.mybusiness.com”. If you’re sure you listed the appropriate URL, it is likely that SecurityMetrics has detected some critical holes in your site’s security. When this happen, a report is produced that details the issues and how to correct them.
How do I change the website address SecurityMetrics is scanning?
If you’d like to update the webpage SecurityMetrics scans or are not sure which URL to provide, please contact the SecurityMetrics support team at 801-705-5700.
Support and Contact Information
Who do I call for support?
You’ve got 2 support teams on your side for the entire PCI process. If you have basic questions about PCI DSS requirements or the SecurityMetrics service, shoot us an email at pci@inspirecommerce.com or call our office at 800-261-3173. If you need personal account support, such as help completing your SAQ or understanding your vulnerability scan results, please contact SecurityMetrics at 801-724-9600. They have a great team who can walk you through any questions that might come up.
I’m having difficulty completing the questionnaire- can you help?
Of course! Should you have any questions or difficulty while completing the questionnaire (SAQ), the SecurityMetrics team is there to support you 100% 24/7. Just give them a call at 801-705-5700.
How do I login?
Click on our PCI page to login to your account. Have your email and password ready for your account.
How do I find or reset my password?
On the login page you should see a “forgot password” link. Click here and you will be prompted to enter your email address. An email will be sent containing a link to reset your password. If you are having trouble with this email address, please call SecurityMetrics directly to have your account information updated.
I can’t find my Merchant ID
No problem. Your Merchant ID can be located at the top of your monthly statements. If you still can’t find it, shoot us an email at pci@inspirecommerce.com and we’ll help out!