Below is a list of our most frequently asked questions related to PCI Compliance. If you don’t see an answer below, please email us or call our office: 800-261-3173.
General PCI Questions
The Payment Card Industry Data Security Standard (PCI DSS) was established in 2006 by the major card brands (Visa, MasterCard, American Express, Discover Financial Services, JCB International). All businesses that process, store, or transmit payment card data are required to implement the standard to prevent cardholder data theft. Your card-handling practices and processing environment determine which requirements of the PCI DSS apply to your business.
All businesses that process, store or transmit payment card information are required to comply with the PCI DSS.
Yes. All business, e-commerce or otherwise, must maintain PCI Compliance.
Absolutely nothing. Included in your partnership with Inspire Commerce are all the tools required to become PCI compliant with SecurityMetrics. All technical and account support is provided to you at zero cost!
If you fail to maintain a compliant status, a fee of $19.95 is added to your monthly statement. A non-compliant status also puts your business at increased risk for fraudulent activity.
SecurityMetrics is a leading provider and innovator in merchant data security and compliance for businesses worldwide. Inspire Commerce has partnered with their team to help your business meet all of the Payment Card Industry Data Security Standards (PCI-DSS) requirements.
Becoming PCI Compliant
We try to make PCI as painless a process as possible! To begin, simply visit our private SecurityMetrics login page and create an account (your business is already registered with Inspire Commerce, so the system will immediately recognize you). Once you are logged in, you will be guided through a short questionnaire. Some merchants only need to complete and pass this annual Self-Assessment Questionnaire (SAQ). If vulnerability scanning is required for your business, you must pass the scan(s) and SAQ before you are PCI compliant.
SecurityMetrics provides your business with an online compliance reporting center that helps you track your compliance progress. You receive a simple compliant or not compliant grade, compliance reports, scan reports, video tutorials, glossaries and other compliance assistance to help you achieve accurate compliance validation.
PCI Compliance is not a single event, but an ongoing process. As such, businesses are required to complete the SAQ and site scan every quarter. Inspire Commerce helps keep track of these deadlines for you, and always emails you when your renewal is coming up.
My shopping cart (Shopify, Chargify, etc.) is PCI Compliant. Do I still need to complete a site scan?
It depends. If your checkout page is hosted directly by Spotify or Chargify, (i.e., the URL where your customers enter their card data reads “shopify.mybusiness.com”) then, no. If, however, you personally host your own checkout page (so your URL reads “checkout.mybusines.com”) then yes, you must complete a site scan since confidential data is transmitted on your site.
A site scan is a required component of many merchants’ PCI compliance process (especially e-commerce merchants). When a site scan is conducted, SecurityMetrics scans your website for external network vulnerabilities and web application development errors such as, security holes that could enable backdoors, buffer overflows, denial of service, and SQL injection issues specific to your website programming.
There are many reasons why your scan could be failing. First, be sure that you’ve listed the correct URL to be scanned. This URL should be the one where customers enter in card data, not necessarily just your home page. For example, the difference between “shop.mybusiness.com” instead of “www.mybusiness.com”. If you’re sure you listed the appropriate URL, it is likely that SecurityMetrics has detected some critical holes in your site’s security. When this happen, a report is produced that details the issues and how to correct them.
If you’d like to update the webpage SecurityMetrics scans or are not sure which URL to provide, please contact the SecurityMetrics support team at 801-705-5700.
Support and Contact Information
You’ve got 2 support teams on your side for the entire PCI process. If you have basic questions about PCI DSS requirements or the SecurityMetrics service, shoot us an email at firstname.lastname@example.org or call our office at 800-261-3173. If you need personal account support, such as help completing your SAQ or understanding your vulnerability scan results, please contact SecurityMetrics at 801-724-9600. They have a great team who can walk you through any questions that might come up.
Of course! Should you have any questions or difficulty while completing the questionnaire (SAQ), the SecurityMetrics team is there to support you 100% 24/7. Just give them a call at 801-705-5700.
Click on our PCI page to login to your account. Have your email and password ready for your account.
On the login page you should see a “forgot password” link. Click here and you will be prompted to enter your email address. An email will be sent containing a link to reset your password. If you are having trouble with this email address, please call SecurityMetrics directly to have your account information updated.