What is PCI DSS?
The primary purpose of Payment Card Industry (PCI) Data Security Standards (DSS) is to ensure the secure handling and protection of customer credit card data, reducing the risk of data breaches and fraud.
What is PCI Toolkit?
The new PCI Toolkit portal enables you to create an account and complete the PCI Compliancy Questionnaire within this portal. You will receive an email regarding your login to the PCI Toolkit and the steps to complete your enrollment from: do_not_reply@conformancetech.com.
Important: The compliance questionnaire needs to be renewed annually to avoid the non-compliancy fee.
What does the new PCI Toolkit mean, if you are currently PCI Compliant?
Your Attestation of Compliance (AOC) will carry over into PCI Toolkit. Program status, quarterly scans, and annual renewal of compliance will be completed through PCI Toolkit moving forward. Even if you are compliant please make sure set up your account as soon as possible to ensure you are aware of any upcoming requirements.
PCI Platform Fees of $5.95 will be assessed each month for access to the program and the associated resources, regardless of compliancy status.
How will you use the PCI Toolkit portal, if you are not PCI Compliant?
You will use the PCI Toolkit portal to fill out the questionnaire and become compliant. If you are non-compliant, you will continue to be billed a monthly non-compliance fee until compliance is completed through the PCI Toolkit.
PCI Non-Compliance Fees of $59.95 will be assessed each month if you are non-compliant.
Risks of Non-Compliance include:
- Card fraud liability
- Significant chargeback risk
- Penalties, fines, and losses
- Lawsuits
- Inability to continue to process credit card payments
What does the process look like for setting up the PCI Toolkit?
- You will receive an automated enrollment email from:do_not_reply@conformancetech.com.
- Within this enrollment email, you will be prompted to activate your PCI Account.
- This will require you to create a new password with your email being the username.
Once your account is created successfully, you will need to follow the below steps:
- You will need to complete the Business Profile.
- This step will ensure that you will be provided with the correct Self Assessment Questionnaire (SAQ) type for your business. (This step will only need to be completed during the initial setup only)
- If you are currently non PCI Compliant, you will need to complete the Questionnaire.
- The Questionnaire will ask you a series of questions related to your network, payment processing workflows and security. These questions will confirm that you are processing cardholder data securely.
-
You will then be prompted to perform a network scan, if you utilize a physical processing terminal.
- A quarterly network scan will be required if using a physical processing terminal.
- You will be prompted to attest to the results of the compliance questionnaire.
- Compliance will be valid for one year - needs to be renewed annually.
- You will achieve your Compliance certification.
On September 6, 2024, you will have 90 days, to become compliant. If you do not become compliant within the 90 days, you will be charged a $59.95/month penalty for non-compliance.
Why is PCI Compliance important?
It is required by the card networks (Mastercard, Visa, etc.) to securely accept credit cards and affects anyone who transmits, stores, and makes use of cardholder data including merchants, service providers, financial institutions, and POS vendors.
Want to learn more about PCI compliance?