PCI Compliance - A Quick Guide
The information in this article is for merchants using Helcim's Legacy System. If you signed up for Helcim on or after June 1, 2020, please click here.
As a Helcim merchant, you're provided access to the Sysnet PCI manager portal in order to complete your PCI compliance. Below is a quick guide on navigating this PCI portal to help smoothen your compliance process.
STEP 1 - Login to Sysnet PCI Portal
To begin you will need to go to the Sysnet PCI Portal Login. In order to log in, you need to create an account on the Sysnet portal using your Elavon merchant ID. The Elavon merchant ID starts with an 801, 802 or 803 and can be found on the My Account portal under Merchant Accounts.
- Click on First Sign-in
- Fill out all the fields shown with a red arrow.
Please note: the username can be anything you want, it does not have to be your merchant ID number
- You will then be taken to the Getting Started page, here you have to click the Start business profile to continue.
STEP 2 - Fill Out Your Profile
You are then taken to the first question of your profile set up. Below are step-by-step guides for the most common PCI profiles. Please select the one that best applies to your business. These profiles may not be exact, however; they should help provide some general guidance. If you chose the wrong profile, don't worry, PCI level 4 is a self-assessment and you can reset your profile anytime:
- PCI SAQ A - Hosted Ecommerce (You use one of the following: hosted payment page, hosted shopping cart, Helcim.js)
- PCI SAQ B - Dial Terminal (You use a retail terminal connected through the dial line)
- PCI SAQ B-IP - Internet-Connected Terminal (You use a retail terminal connected through the ethernet line)
- PCI SAQ B-IP - 3G-Connected Terminal (You use a retail terminal connected through 3G cellular)
- PCI SAQ D - Mobile App (You use a mobile application) PCI SAQ C-VT - Virtual Terminal (You use a virtual terminal) PCI SAQ A-EP - Direct Gateway API (You use an HTTPS connection to the gateway via your code) PCI - Uploading Your Current Certificate (You have completed a PCI compliance questionnaire with another vendor and would like to upload your valid certificate)
STEP 3 - Complete the Self-Assessment Questionnaire
Once you have filled out your profile you may begin the Self-Assessment Questionnaire by clicking Begin Step as shown below
Please note: some businesses will require to do a scan. If the system prompts you to Go to scan management - Click HERE
Self-Assessment Questionnaires (SAQ)
For small merchants (level 4), the PCI questionnaires are self-assessment. The questionnaires ask you YES or NO questions. Each merchant will see a different amount of questions depending on their account type. Please remember that this is not a test. The purpose of the questionnaire is to self-evaluate each question and to make sure your business complies with the question. You should make the necessary changes to your business so that you can answer yes to every question. Keep in mind that if any of the questions are answered “NO” then the end result of your status will be non-compliant.
There are multiple pages with questions, please make sure to go through all of them by clicking Next
Please note: some businesses will require to do a scan. If the system prompts you to Go to scan management - Click HERE
STEP 4 - Attestation
Once all the questions are answered you are taken to the attestation page. Please click on Confirm your Attestation
You should now see You're compliant on the top right-hand corner
External Network Scans
Based on your business type, you may be required to scan your network on a quarterly basis. For e-commerce merchants with a direct API integration, you will need to scan your website URL using the portal's built-in scanner. For retail merchants using an IP network, you will need to scan your business IP address. To view how to schedule a scan Go to scan management by clicking HERE. Scans typically take 3-4 hours to complete.
Requirements Needed for PCI Compliance
| Merchant Type | SAQ | # of Questions | Quarterly Scans | Pen Testing | Difficulty |
|---|---|---|---|---|---|
| Hosted Payment Page, Hosted Shopping Cart, Helcim.js | SAQ A | 7 | no | no | easy |
| Terminal - Dial | SAQ B | 1 | no | no | easy |
| Terminal - IP Internet | SAQ B-IP | 3 | yes | no | moderate |
| Terminal - 3G Cellular | SAQ B-IP (3G) | 4 | no | no | easy |
| Mobile App | SAQ D (mobile) | 66 | no | no | hard |
| Virtual Terminal | SAQ C-VT | 27 | no | no | easy |
| Direct API Gateway | SAQ A-EP | 183 | yes | yes | hard |
PCI need to be completed yearly. Notices are sent out when your compliance is about to expire.