What is PCI Compliance?
PCI DSS (Payment Card Industry Data Security Standard) is a set of security requirements designed to ensure that all businesses that accept, process, store, or transmit credit card information maintain a secure environment. As a Valpay merchant, maintaining PCI compliance is a requirement of your card processing agreement and helps protect your business and your customers from data breaches and fraud.
How Valpay Handles PCI Compliance
Valpay has partnered with Aperia to manage PCI compliance for all merchants. Aperia is a dedicated PCI compliance service provider that will guide merchants through their annual compliance requirements, including the Self-Assessment Questionnaire (SAQ) and any required vulnerability scans.
Enrollment: How Merchants Are Added to Aperia
Once a merchant is boarded through Valpay, they are automatically enrolled in the Aperia PCI compliance program. Aperia will create an account using the designated point of contact name and email address provided during the boarding process. Merchants can expect to receive their Aperia enrollment invitation within 5–7 business days of being boarded.
That contact will receive all PCI-related communications from Aperia, including:
Enrollment confirmation and portal access instructions
SAQ due date reminders and follow-up notices
Vulnerability scan notifications and results
Any other compliance-related alerts
Partners: If a merchant's point of contact or email address needs to be updated, please reach out to Valpay Support so we can update the record in Aperia. Note that portal access is for merchants only.
Accessing the Aperia Portal
Merchants can log in to the Aperia portal at any time to manage their PCI compliance:
Portal URL: https://www.pciapply.com/valpay
From the portal, merchants can:
Complete their Self-Assessment Questionnaire (SAQ)
View scan schedules and results
Access compliance documents (see Compliance Documents section below)
Track their overall compliance status
First-Time Login
If this is your first time logging in, select "First Time Logging In?" on the login page and enter the following:
Username or Merchant Number
Last four digits of the Tax ID or SSN of the authorized signer
Two-character state code and ZIP code associated with the merchant account
Self-Assessment Questionnaire (SAQ)
The SAQ is an annual compliance requirement for all merchants. It consists of a series of yes/no questions about how your business handles cardholder data. The type of SAQ a merchant completes may vary based on how they process payments.
What to Expect
Aperia will send an email reminder before your SAQ annual due date so you have time to complete it
If the SAQ is not completed on time, Aperia will send follow-up notifications
The SAQ must be completed through the Aperia portal
Need Help with the SAQ?
All SAQ-related questions should be directed to Aperia directly. Their support team is available by phone and will walk you through each question on the questionnaire. You can also reference the attached user guide below for step-by-step instructions.
When calling, please have your Merchant ID and the last four digits of your Tax ID on file ready. Use the following phone menu options:
Option 1 — Complete the SAQ
Option 2 — Complete the vulnerability scan
Option 3 — Billing inquiries (routes back to Valpay Support)
Region | Phone Number |
United States | 1-866-232-0910 |
Europe | 353-1-966-0950 |
United Kingdom | 44-161-509-5883 |
Australia | 61-8-6285-2680 |
Customer Service Hours: Monday – Friday, 7:00 AM – 7:00 PM CT (excluding holidays)
Vulnerability Scans
Depending on your merchant type and how you process payments, you may also be required to complete quarterly vulnerability scans as part of your PCI compliance. Aperia manages the scan process and will notify you by email:
When a scan is scheduled or initiated
When your scan results are available
If a scan fails and action is required
If you receive a failed scan notification, contact Aperia directly using the phone numbers above. Their team will guide you through the remediation steps needed to bring your account back into compliance.
Compliance Documents
Once your SAQ is completed and your compliance requirements are met, your official compliance documents will be available in the Aperia portal under Current Documents. From there you can download:
Certificate of Completion — confirms that your compliance requirements have been fulfilled
Attestation of Compliance (AOC) — the formal document used to demonstrate PCI DSS compliance to banks, partners, or other third parties
Any additional compliance documents applicable to your account
Quick Reference: Who to Contact
Question or Issue | Who to Contact |
Help completing the SAQ | Aperia (phone numbers above or via portal) |
Scan questions or failed scans | Aperia (phone numbers above or via portal) |
Portal login issues | Aperia (phone numbers above) |
Updating merchant point of contact info | Valpay Support |
Boarding or account setup questions | Valpay Support |
Contact Aperia
Portal: https://www.pciapply.com/valpay
Region | Phone Number |
United States | 1-866-232-0910 |
Europe | 353-1-966-0950 |
United Kingdom | 44-161-509-5883 |
Australia | 61-8-6285-2680 |
Customer Service Hours: Monday – Friday, 7:00 AM – 7:00 PM CT (excluding holidays)