[intro]In this Guide, you can learn all about PCI compliance and what you need to do for your EKM online shop. [/intro]
What is PCI DSS?
PCI DSS stands for Payment Card Industry Data Security Standard. It was formulated by major payment brands and the PCI SSC (Payment Card Industry Security Standards Council) to reduce payment card fraud by increasing security controls concerning cardholder data. As an EKM online shop owner (merchant), you must ensure that your EKM online shop is PCI compliant.
Do I need to be PCI compliant?
Every business accepting, transmitting, processing and/or storing card information must be PCI compliant. How you become PCI Compliant depends on what systems and procedures your business uses to process payments.
What are PCI levels, and how are they determined?
PCI levels are a set of criteria created by the PCI SSC to determine the level of security measures that organisations must adhere to to protect sensitive payment card information. PCI levels are determined based on the volume of card transactions processed annually. You can read more about PCI levels by clicking here.
Is EKM PCI Compliant?
Yes, the EKM online shop platform is PCI compliant, but how you record this depends on what payment gateways you use on your EKM online shop.
EKMPay/ClearAccept
If you use EKMPay on your EKM online shop, you will have received an email about PCI Compliance and the PCI Portal. Providing that you use EKMPay/ClearAccept for all your payment processing, and depending on your annual processing volume, ClearAccept handles much of the compliance burden, greatly reduces your risk exposure and reduces your effort to validate compliance.
What do I get access to?
You’ll get access to the ClearAccept PCI Portal, which allows you to attest your compliance by completing the correct SAQ (Self Assessment Questionnaire) and uploading your ASV (Approved Scan Vendor) scans of your EKM online shop.
What’s an SAQ?
It’s a self-assessment questionnaire. You must complete one for each of your MIDs (Merchant Identifications). For example, if you have one EKM online shop using EKMPay, you’ll have one MID. If you have two EKM online shops using EKMPay, you’ll have two MIDs. There are different levels of SAQ – which you can read about here and which one you need to complete depends on how your business operates payment systems. If you contact the PCI Compliance Validation Service team, they can advise you.
How do I know which SAQ to complete?
When you log into the ClearAccept PCI portal, you need to answer some initial questions about how you are accepting payments on a single EKM online shop. You will then be presented with only the questions you must answer in a single journey.
What happens if I don’t complete my SAQ?
Failure to comply with PCI DSS standards can result in fines, increased transaction fees, and reputational damage. In some cases, non-compliance can even lead to suspension or termination of your account with your payment processor.
What is an ASV?
ASV stands for Approved Scan Vendor. You must conduct a network scan of your EKM online shop using an Approved Scan Vendor and upload these scans to the ClearAccept PCI Portal every quarter.
How do I do a software/network scan?
A list of approved ASV providers can be found on the official PCI Security Standards Council website.
What do I need to do to prepare?
To prepare for submitting your Self Assessment Questionaire, clearly document and map your cardholder data flows for each payment channel, including any processes that transmit, process or store cardholder information. In addition, ensure that you have completed the following:
- Conducting quarterly network scans by an Approved Scan Vendor (ASV).
- Implementing appropriate security measures to protect cardholder data.
- Ensuring all employees are trained in PCI compliance and understand their responsibilities.
[remember]
You can contact our PCI Compliance Validation Service team at 0333 996 1811. They are available Monday to Friday from 08:00 – 17:00.
[/remember]
How much does the ClearAccept PCI portal cost?
Using EKMPay and the EKMPay Virtual Terminal costs £5.99 per customer. That's less than £72 a year per SAQ to ensure you’re meeting your PCI requirements. If you use ClearAccept EPOS with your EKM online shop, the PCI Compliance Validation Service costs £5.99 per month per physical site/premises. The PCI Compliance Validation Service will guide you on which SAQs to complete.
I have multiple MIDs; how many do I need to complete?
Our PCI Compliance Validation Service will guide you to which SAQs you must complete based on your channels, sites, and processing setup.
Can you support me with my application?
Whilst ClearAccept is a PCI DSS Level 1 Service Provider, we are not Qualified Security Assessors, and as such, we can’t provide advice or attest to your compliance. A list of PCI Qualified Professionals, including QSAs and ASVs (Approved Scanning Vendors), can be found on the official PCI Security Standards Council website.
I’ve already completed an SAQ with another provider. Do I still need to do this?
Yes. If you’ve already completed your SAQ in the last 12 months in another portal, that’s great. Upload this same information to your new PCI Compliance Validation Service portal.
How do I get help with the portal?
You can contact our PCI Compliance Validation Service team at 0333 996 1811. They are available Monday to Friday from 08:00 – 17:00.
PayPal Checkout
If you use PayPal Checkout on your EKM online shop, you must still complete your annual SAQ (Self Assessment Questionaire). You can find out more by clicking here.
Paytriot
If you use Paytriot on your EKM online shop, you must contact them directly to discuss what you need to do to ensure that your EKM online shop is PCI Compliant. You can contact them on this page.
NoChex
If you use NoChex on your EKM online shop, you need to visit this page.
Klarna
If you have Klarna installed on your EKM online shop, you need to click here.
LayBuy
If you use LayBuy as a payment gateway on your EKM online shop, visit this page.
[contact] If you need our help with your EKM online shop, contact your Ecommerce Expert or the Customer Support Team, who will be able to point you in the right direction. We're open from 8am-6pm weekdays and 9am-5.30pm weekends. If you'd like to suggest a feature or an upgrade on any of the EKM platforms, please let us know on the EKM Suggestions Board. If you have a non-account-specific question to ask the EKM Team, join us in the EKM Community. [/contact]