PCI Compliance Instructions

Transcription

1 PCI Compliance Instructions 1. Access our website at and click Bridge Merchant 2. Click the Merchant PCI Compliance Program button, located at the bottom of the page

2 3. Enter Username (Merchant ID #) and Password in the login screen. The temporary password is the last five digits of the merchant number and the uppercase state abbreviation. For example, a merchant with MID# located in New York would have an initial temporary password of 67888NY. Once you are logged in, you will be required to enter your First and Last Name, change your password complete the security challenge information. 4. Click Continue on the following page.

3 5. Verify and complete the Merchant Information section 6. Select the appropriate Type of Business 7. Select NO for all questions in Part 3 and click continue.

4 8. Select NO for assistance in choosing the questionnaire and click Continue 9. Select the 4 th option for Questionnaire C and click continue

5 10. Select the appropriate Vendor, Application and Version that processes the credit cards. 11. Click Save and Continue 12. Review the eligibility items, check I agree that the statemens above are true. and click Continue. 13. Click Start Questionnaire and then Start Section. To be compliant you must take all necessary steps to ensure you meet each requirement and answer Yes to each question. If you have difficulty understanding any of the questions, mouse over the to see a Tip for that particular question. If you answer No, you must correct the deficiency and return to the questionnaire and change the answer to Yes. Any requirements deemed not applicable to your environment must be indicated with N/A. You must then specify why the question is not applicable.

6 14. Once all sections are complete with a PASS (shown below), click Continue to initiate the Network Scan. The PCI DSS requires that you test the security of your connection to the Internet. By selecting the Network Scan button below, another window will open taking you to the scan process using your Approved Scanning Vendor (ASV). Follow the steps to Schedule a Test of your IP address (es). If your scan (test) does not display as Submitted, then click on the Schedule a Test image, make sure your IP address (es) are entered, and click on submit. A window will display telling you the scan has been submitted. Scans are required quarterly (every 3 months). Please schedule a 90 day scan so that these scans will run automatically on the date chosen and will continue to ensure your compliance. A scan may take 24 hours or longer to complete, you will receive an with the results of your scan. If you have more than 1 IP address, click Add additional IP address(es).

7 15. Click Start New Scan in the new window. 16. Enter the scan information as shown below: Quarterly Scan Date will prefill with the current date. Your IP address should be prefilled. 17. Click Submit when compete. A scan may take 24 hours or longer to complete, so once initiated, you can return to this process daily to check the scan status by simply clicking on the Internet Scan button. This will return to the CGN scan process for remediation or full reporting. If you Fail the scan, return to the CGN site to view the technical report. This will inform you of items necessary to remediate prior to submitting your next scan.

8 Once you have met the Scan requirements by passing the scan, you must complete the PCI Compliance process by electronically signing the Attestation provided. 18. Review and Sign- All you are required to do is closely review the information and confirm that it is accurate by signing the form. You have completed your PCI compliance! You will be brought to a page where you can print a copy of the Self Assessment Questionnaire, Attestation and Compliance Certificate for your records. The Compliance Certificate must be renewed every year by completing the same process in answering the questionnaire. If you have any questions, please feel free to contact us: Bridge Merchant Services Office: EXT [email protected]