CardPointe PCI Compliance

A guide that details how to fill out the PCI Compliance form in the CardPointe Portal.

Check Your Compliance Status

Your PCI compliance can be checked at any time in your CardPointe account.

Log into your account (link here) and click on My Account. There will be a column on the left labeled PCI Status. You will either see Compliant, or Not Compliant.

If you see Not Compliant, click on it, and accept the terms and conditions. You will then be prompted to start the process of becoming PCI compliant.

Fill in any missing account information, and then you will be able to start the PCI verification process.

Business Information

Read through the PCI DISS 4.0 update, check I Understand, and then click on Next. Answer the questions in the following way:

Choose an Assessment Method

Select 1st Option :  Guide Me and click Next.

Note : You will see questions as per your selected choices of answers. So, there may be  some additional questions mentioned below which you might not see while doing the process. Please discard the questions that are not needed for your PCI compliance. 

Q: How do you accept payment cards?

A: Select Option 1. Face to Face option 2. Online Payments 3. Mail and/ or Telephone Orders (whichever is applicable)

Q: Can your customers make card payments via Pay by Link solution?

A: No

Q:How do you accept online e-commerce customer card payments?

A: 2nd option : My customers make online payments to my business via a mobile app downloaded to their own device from an App Store.

Q: Your mobile app payment processing?

A: 1st option : Mobile app supports native in-app payments and integrates my payment service provider’s Mobile SDK for Android and Apple devices.

Q: How you accept Card Payments?

A: I use an integrated/ electronic POS system.

Q: Your mobile payment application?

A: Lavu

Q: Your Point-to-point Encryption system?

A: No

Q: Type of Payment Application

A: Third option : My company’s payment application has been written specifically for my company by a third party software development company.

Q: Payment Software Standard Validation

A: Yes

Q: Remote Access

A: No

Q: Printed papers receipts and reports

A: No

Q: Other uses of Card Numbers

A: Select both options as No

Q: Your company policy for information security.

A: 1st option : I do not have an Information Security Policy in place at the moment. (Download the Info Security Document from the extreme right of the selected option)

Q: Password Policy 

A: Yes

Q: Your business environment?

A: Select in sequence : Yes, No, Yes, No, No, No, No

Q: Do you use an Internal Security Assessor for your PCI DSS?

A: No

Q: Support from a PCI Qualified Security Assessor?

A: No

Q: Third party managed system service providers?

A: No

Q: Other Third party Service providers that may impact cardholder data security?

A: Yes

Q: Other third party service providers?

A: Write Lavu and add

Q: A summary of how and where you handle card payments?

A: Please find the answers below :

Q: List your Business Premises (eg retail outlets, corporate offices, data centers, call centers, etc…) 

A: List as per your Business

Q: How and in what capacity does your business store, process and/or transmit cardholder data

A: We do not save any cardholder’s information.

You will then need to provide a high level description of your business, as well as information on the number of card readers and iPads you will be using in your restaurant.

When you are finished, click Next.

Be Scan Compliant

Note: Be sure to complete this step from a computer at your restaurant.

1. Click Begin Setup, and then Schedule Scan.
2. Enter the Domain Address (or IP Address) that is auto-detected and displayed on the screen. Click Add to move to the next step.
3. Select today's date and time to schedule the scan.
4. Next to Load Balancer select No.
5. Check the box at the bottom of the page, to confirm the IP address and scheduled date and time. Click Schedule Scan to complete this step.
6. Click on the X in the top right corner to return to the PCI home page.
   

Complete Security Assessment

Click on Manage under Complete Security Assessment, and select Now.

You will then see the following page:

The sections (on the right side of the screen) consist of all the modules and the number of questions that need to be answered. Once all the questions from a particular module are answered the number of questions changes to a Check Mark as demonstrated in the above image.

Carefully read through all questions and answer Yes to each of them.

Note : Some questions will also ask you to Select date. Please select the present date and click on finish.

The very last step is to confirm your compliance by filling in the following information:

• Organization Information Details
• Merchant Executive Officer

Click on Confirm Your Attestation to complete this process. 

When you are finished your home page will look like this:

Note: The section labeled Document Repository is completley optional, and does not need to be completed.

About 72 hours after your scheduled scan, your compliance status will be updated. If you notice that it is still listed as Not Compliant, contact Card Connect's PCI Verification team.

Phone #: 877-257-0239

Provide your merchant ID and select Option #1 twice.

 

For any further support, please reach out to our 24/7 customer support team at 505-535-5288 or email support@lavu.com.