Getting Started: Log in using the username and password emailed to you. If it's been over 90 days since your last visit, you'll need to reset your password on the login page.
The Compliance Process: The portal guides you through a 3-4 step compliance reporting process:
- Step 1: Business Profile: Complete questions about how your business accepts card payments. Your answers determine which PCI DSS requirements apply to you.
- Step 2: Security Assessment: Based on your profile, you'll receive a Self Assessment Questionnaire (SAQ) tailored to your business. Complete all questions presented.
- Step 3: Vulnerability Scanning: Depending on your setup, you may need to scan:
- Your internet connection (for internet-connected terminals or POS systems)
- Your website (if accepting online payments)
- Note: Passing scans are required at least every 90 days.
- Step 4: Attestation of Compliance: Review and confirm all information is correct, then attest to your compliance. This generates your official Attestation of Compliance (AOC).
Ongoing Maintenance: Maintain compliance year-round. You'll receive email reminders when tasks like vulnerability scanning are due.