If you use a payment processor to process payments through our system, you will need to complete an annual PCI compliance self-assessment questionnaire. These questionnaires ensure you understand your liability when processing payments. We've included a quick guide below on how to complete the questionnaire properly.
Note: The questionnaire takes approximately 15 minutes to complete.
Steps to get PCI Complaint
To get started, login to your CardPointe Portal. Click on My Account in the top menu. If you see an alert that your merchant account is not PCI compliant, click on Learn how to get compliant. This will take you to the SecureTrust portal. You can also access it directly by going to https://pci.securetrust.com/cardpointe.
Login to the SecureTrust Portal:
If it's your first time using the SecureTrust Portal, enter your Merchant ID in the first field, then enter the security code shown below in the second field. You will be prompted to create a username and password.
If you are a returning user, enter your SecureTrust Portal credentials to login.
Once you have logged in, you will start by creating a Business profile.
Click Next to proceed.
Select Expert as your assessment method. Then click Next to proceed.
Select Self Assessment Questionnaire (SAQ) A-EP. Then click Next to proceed.
Click No when asked whether your compliance assessment requires scanning. Then click Next to proceed.
Select No for both answers when asked if your company shared cardholder data or has a relationship with more than one acquirer. Then click Next to proceed.
You will need to provide a summary of how and where you handle credit card payments. We have provided some sample text to use as a starter.
List your business premises type(s) and a summary of locations that are relevant to your PCI DSS assessment (eg, retail outlets, corporate offices, data centers, call centers etc.)
We operate a service-based business from a single corporate office location. We do not have any retail outlet locations, call centers, or data centers.
Generally, how does your business store, process and/or transmit cardholder data?
Customer credit card data is captured and used for payment towards rendered services. Credit card data is entered directly into a third-party web/mobile application for transmission and processing. We do not save or store any credit card information within our business premise.
Briefly describe the environment and/or systems covered by this assessment.
We enter all credit card information into GPS Insight's Field Service Management platform (ServiceBridge). This system uses the CardConnect gateway to store and process all credit card transactions.
Once you have entered descriptions for all three questions click Next to proceed.
Once your questionnaire is complete, you will see the following page indicating that you are complaint.
Your new certification status may take up to 24 hours to display within the CardPointe portal.