What is PCI Compliance?
When you sign up for an EnrollsyPay account, in order to comply with PCI, merchants must complete a Self-Assessment Questionnaire (SAQ). After your account is approved, you should receive an email from Security Metrics, who is the service provider TillPayments (the credit card merchant account provider) uses to ensure and assist with PCI compliance.
You will see a "Nonreceipt of PCI Validation" fee on your monthly statement if you never complete the PCI Compliance Verification Questionnaire.
This assessment and the other resources we share here will allow you to become PCI compliant. PCI compliance saves money and helps protect you from risk as a merchant accepting electronic payments.
Steps to Complete Questionnaire
Go to Security Metrics
Click the login button (TillPayments should have already created your account)
Use the email address you used as the primary contact email on the credit card merchant account application
Note: A field also asked if you want to have a separate email address used for PCI compliance correspondence, which would have overridden the primary contact email
If you forgot your password, you could reset your password on Security Metric's login page
Having trouble knowing how to answer some questions? Click here to see a guide on how to complete the questionnaire.
Written Security Policy
The first question on the PCI Compliance Questionnaire pertains to a written security policy for P2PE. The Payment Card Industry (PCI) Security Standards Council created Point-to-Point Encryption (P2PE) as an encryption standard. It requires merchants' point-of-sale terminals to encrypt payment card data immediately after use. Payment processors cannot decrypt it until they transport it securely and process it.
Since 2011, P2PE has been an official program of the PCI Standards Council. Using PCI-validated P2PE solutions is not mandatory, but complying with PCI Council standards reduces the P2PE Self-Assessment Questionnaire to 26 items.
