Security Metrics PCI Questionnaire

In this Article

Filling out the Questionnaire

FAQ

Logging into Security Metrics and Filling out Questionnaire

1. Log into your Security Metrics account.
2. On the Dashboard, click on the Get Started message.
   
3. Click the Next button.
   
4. Enter your business address and phone number.
5. Click the Next button.
   
   

Scoping Process

The following questions will determine the specific PCI compliance questionnaire you need to complete. (This article uses a winery that processes payments solely through Commerce7 as an example).

1. If you do not process payments outside of Commerce7, then choose 'No'. 
2. If you have a website where Customers can purchase your products, choose 'Yes'. 
3. If you have a terminal (say, in your tasting room) that you use for processing, choose 'Yes'. 
   
   
4. Scroll down and choose whether you'd like to learn more about what Security Metrics has to offer and then choose the Next button.
   
5. You will be presented with a message indicating which form you are to fill out. 
   Click the Activate and Continue button.
   

Answering the Questions

1. Click the Begin button.
   
2. Policy Questions: Scroll down until you see the questions. Choose the applicable answers for your business. Note that if you do not choose 'In Place' or 'Not Applicable', you will not pass compliance. 
3. Click the Physical Address button to move to next page.
   
4. Physical Address Questions: Scroll down until you see the questions. Choose the applicable answers for your business. Note that if you do not choose 'In Place' or 'Not Applicable', you will not pass compliance. 
5. Click the Stored Data button to move to next page.
   
6. Stored Data Questions: Scroll down until you see the questions. Choose the applicable answers for your business. Note that if you do not choose 'In Place' or 'Not Applicable', you will not pass compliance. 
7. Click the Authentication button.
   
8. Authentication Questions: Scroll down until you see the questions. Choose the applicable answers for your business. Note that if you do not choose 'In Place' or 'Not Applicable', you will not pass compliance. 
9. Click the Security Configuration button.
   
10. Security Configuration Questions: Scroll down until you see the questions. Choose the applicable answers for your business. Note that if you do not choose 'In Place' or 'Not Applicable', you will not pass compliance.
11. Click the Secure Systems button.
    
12. Secure Systems Questions: Scroll down until you see the questions. Choose the applicable answers for your business. Note that if you do not choose 'In Place' or 'Not Applicable', you will not pass compliance.
13. Click the Testing Button.
    
14. Testing Questions: Scroll down until you see the questions. Choose the applicable answers for your business. Note that if you do not choose 'In Place' or 'Not Applicable', you will not pass compliance.
15. Click the Attest button. 
    
16. If everything is good, check the box and click the Submit button.
    
17. If you are compliant, then you will see the Congratulations screen and you're done!
    
18. If you are not compliant, please contact Security Metrics for further assistance. 
    Phone: 801.705.5700
    Email: support@securitymetrics.com

FAQ

1. Is the email / questionnaire from Security Metrics legitimate? Is it spam or phishing?
   It is legitimate. Please fill it out. After you have successfully completed the questionnaire, you will be charged a PCI Management fee per month. You will have 90 days to come into compliance to avoid the additional non-compliance fee.
2. What happens if I don't complete the questionnaire? 
   If you do not complete the questionnaire (even if your winery is compliant), an additional fee per month will be added on top of the PCI Management fee as a non-compliance fee. These fees vary based on a number of factors including volume, business history, etc.
3. Why do I have to fill out the questionnaire?
   PCI, or Payment Card Industry, includes major card brands like Visa, Mastercard, Discover, American Express, and JCB. They've set up comprehensive security rules, the PCI Data Security Standards (PCI DSS), to protect card info in transactions. Your participation is crucial as your software's payment solution (Commerce7), partnered with Fullsteam, helps gather and report compliance to these brands. As a card data handler, annual validation of adherence is necessary. You need to submit an Attestation of Compliance and complete a Self-Assessment Questionnaire. Quarterly scans are essential too, finding and addressing security gaps. 
4. Having issues with the questionnaire?
   Reach out to Security Metrics Support
   Phone: 801.705.5700
   Email: support@securitymetrics.com
5. How do I find my MID?
   You can find your MID under the Commerce7 Payments section of Settings > Payments.
   
   
   
   
6. When a client is newly onboarding with C7 Payments, when should they expect to get their email for the PCI questionnaire?
   7 days after their first batch has settled, the merchant account is picked up and provided to Security Metrics to be enrolled in PCI compliance. Once a successful transaction is processed through a MID, a daily task is triggered to pick up the transaction and add it to a queue in Security Metrics for boarding.
7. Who is receiving the email from Security Metrics?
   The welcome email from Security Metrics is sent to the primary contact who is listed on the merchant agreement (MA) with Fullsteam. Additional users can be set up and added as administrators by the merchant. The primary contact has the ability to validate their SecurityMetrics user account and then add other employees as administrators. Alternatively, you can inform Commerce7 Support about any additional individuals who need to be set up under the merchant's Security Metrics account.