What is PCI Compliance?
Payment card industry (PCI) compliance is mandated by credit card companies to help ensure the security of credit card transactions in the payments industry.
Who needs it?
Any business that transmits, stores, handles, or accepts credit card data, regardless of size or processing volume, must comply with the PCI DSS Standards.
Who is responsible for it?
PCI Compliance is an ongoing process NOT a one time effort. Merchants (the Business Owner) are responsible for the financial management of their business operations i.e. decision makers responsible for the delegation of roles and responsibilities to facilitate financial and technical compliance as needed.
How do I get it?
Priority Payment Systems offers a free app, PCI Protection, to do the certification.
What happens if I am not compliant?
Non-compliance can lead to many different consequences, such as monthly penalties, data breaches, legal action, damaged reputation, and even revenue loss. Within Priority Payment Systems agreement, you will be charged a fee of $39.95 per month of non-compliance.
How Do I Complete PCI Compliance?
Completing PCI Compliance
In order to remain PCI compliant, you must now complete quarterly scans. This is in addition to the annual questionnaire you have been completing.
These scans are crucial to ensure the ongoing security of your processing environment. Please note that the PCI requirement was mandated by the card brands Visa and Mastercard.
At the start of the compliance questionnaire, you must select your processing environment. If you are only using MyRec.com on the approved merchant account (defined below), your environment will be “Online / E-Commerce.” Please do not select other environments, if you are using the USB swiper that does not qualify as “POS or Credit Card Terminal.” If you are using the software with an EMV Device, please email merchantservices@myrec.com for further instructions.
Scanning Options
- Scan your department IP address (recommended)
- This should be the option you select
- However, if your department has concluded that scanning, and the MyRec.com site is the preferred method, please see the instructions in the following section
- Scan the MyRec.com Site
Scanning the MyRec.com Site
If you choose to scan our site, please complete the following:
- URL for Scan: The URL to input is secure.myrecdept.com
- Scheduling the Scan: You will be presented with an option to schedule a scan
- Please do not schedule the scan, as our secure site will not permit it
- You will need to do a manual scan
- Please do not schedule the scan, as our secure site will not permit it
- Manual/Upload Scan Update: Find the option for a manual/upload scan update
- Once you have selected the manual option, use or download the secure scan report provided below
Important Details for Manual Upload
When performing the manual upload, you may be asked for the following information:
- Scan Type: External Vulnerability Scan
- Document Date/Scan Date: Found on the provided document as the date the scan was completed
- ASV Provider: MegaplanIT Holdings LLC
Completing the Scan
After initiating the manual scan, it will take a few hours for the review and confirmation of the scan results.
Post-Scan Requirements
Once your scan is approved, remember:
- Quarterly Completion: You must complete this process every quarter, starting from the day your scan is approved
- MyRec.com will update this article quarterly with the newest scan results
- Compliance: Completing the scan does not automatically mean you are PCI compliant
- Ensure you follow all steps requested by your processor and obtain your PCI certification as confirmation
Additional Notes
MyRec.com does not require a copy of your PCI certificate
- This is specific to your processor
Certification Importance: The PCI certificate is essential to indicate compliance and avoid penalty fees
Glossary
Merchant Account: Your payment processor establishes a merchant account on your behalf to accept card payments from your customers. If your department uses MyRec.com as the payment processor please follow the instructions above. If you use a 3rd party processor and you take payments using other methods on that approved merchant account (for example: Your rec department uses MyRec.com but on that same account the town uses a different software to collect tax payments). Please speak with your processor and PCI team to confirm you are taking the correct PCI questionnaire.