PCI Compliance Tutorial - Virtual Terminal 1. Go to Pcicompliancemanager.com 2. If this is your first time click on First Sign-in (Note: If this is not your first time, login with your username And password you created). 3. Type in your Merchant ID Number (MID) 4. Type in the Verification letters as shown, then click register. 5. Under Personalize a. Username: i. New username: Your MID will be pre-populated already, do not change ii. Confirm username: Your MID will be pre-populated already, do not change b. Password: i. New password: Make the password Admin and the last 4 of your MID (i.e. Admin1234) ii. Confirm password: retype your password again 1 P a g e
c. Email Address: i. Email Address: Your default Email will be pre-populated ii. Confirm email Address: Retype in your email address d. Email Communication Preferences: i. English will be selected by default. 6. You will receive an email confirming the information you entered. a. Your Merchant ID number will be in the upper right-hand corner. b. You user name will be your Merchant ID number 2 P a g e
7. This we be an overview of your current progress. 8. Click 9. Customer Profile a. PCI Compliance Information i. Select No b. Payment acceptance Channel i. Select Face to Face 3 P a g e
c. Point of Sale Setup i. Select the Option Shown in the Picture Below d. Virtual Terminal i. Select Show Options 4 P a g e
ii. A pop-up will appear, Scroll to the bottom and select Other iii. Type in the box Constellation Payments iv. Click, the Pop-up will go away. v. Click e. Paper Records i. Select the option shown in the picture below f. Emailing Card Numbers i. Select the option shown in the picture below 5 P a g e
g. Other Uses For Card Numbers i. Select the option shown in the picture below h. Account Data Compromise i. Select the option shown in the picture below i. Relationships With Other Acquirers i. Select the option shown in the picture below j. Information Security Policy i. Select the option shown in the picture below k. Wireless Networks i. Select the option shown in the picture below 6 P a g e
10. PCI Correspondence Details a. Make sure all the prepopulated information is correct. b. Fill out all blank fields with an * c. Click 11. You will receive a pop-up stating Congratulations! You have just completed your PCI DSS Profile. Continue to Complete SAQ. 7 P a g e
12. Under 2 as shown below, Click on Complete SAQ 13. Build and Maintain a Secure Network and Systems a. Install And Maintain A Firewall Configuration To Protect Cardholder Data. i. (1.4a) Select ii. (1.4b) Select b. Do Not Use Vendor-Supplied Defaults For System Passwords And Other Security Parameters. i. (2.2.3) Select ii. (2.2.4a) Select 8 P a g e
iii. (2.2.4b) Select iv. (2.2.4c) Select v. (2.2.5A) Select vi. (2.2.5b) Select vii. (2.2.5c) Select 9 P a g e
14. Protect Cardholder Data i. (3.2c) Select (3.2.2) Select ii. (3.2.3) Select iii. (4.1b) Select iv. (4.1c) Select 10 P a g e
v. (4.1d) Select vi. (4.1e) Select 15. It should now say you have reviewed all unanswered questions a. Click 16. Maintain a Vulnerability Management Program a. (6.1) Select 11 P a g e
17. It should now say you have reviewed all unanswered questions a. Click 18. All Sections should be complete and you should see a green Checkmark with it saying Your Progress 74/74 on the upper right hand side of the screen (as shown below). 19. If necessessary keep clicking next until you have the option to select Finish. 12 P a g e
20. Click on Attest under section 2 21. Attestation a. Part 1. Merchant and Qualified Security Assessor Information i. Part 1A. Merchant Organization Information 1. Verify all of the information is correct in this section ii. Part 1B. Qualified Security Assessor Company Information (If Applicable) 1. This does not need to be filled out b. Part 2. Executive Summary i. Type of Merchant Business 1. Match the selections shown below 13 P a g e
ii. Description of Enviroment 1. Match the selections shown below iii. Third-Party Service providers 1. Match the selections shown below. 2. Under Description of Service Provided (Highlighted), type in Gateway & Merchant Processing Services iv. Description of Payment Card Business / Payment Applications 1. Nothing needs to be done here. 14 P a g e
v. Eligibility to Complete SAQ C-VT 1. Select all of the statements as shown below c. Part 3. PCI DSS Validation i. Part 3A. Acknowledgement of Status ii. Part 3B. Merchant Attestation 1. This section will have the current date Pre-Populated in it. Leave as is. 2. Click 15 P a g e
22. Everything is now completed and all three (3) section should have green checkmarks as shown below. 23. Printing your Certificate. a. Hover over PCI DSS b. Then select Profile c. A new screen will appear i. On the left hand side Select Validation Certificiate, this will automatically download your certificate that needs to be emailed to Support@csipay.com Congratulations! You have completed your PCI Compliance for 1 year. 16 P a g e