Complete Merchant Systems (CMS) began a new security compliance program in November 2017. Anyone who uses credit card processing to accept, transmit, or store payment card information, regardless of size, must complete a PCI Self-Assessment Questionnaire. This applies to everyone regardless of when they signed up with CMS.
This assessment has been put in place to prevent cardholder data breach. According to CMS, should a financial breach occur without an assessment being completed, a practice may be subject to non-compliance fees, card replacement costs, and forensic audits.
If you do not complete the questionnaire, CMS will charge you $20 a month until the questionnaire is completed (beginning in April 2018).
Free assistance with the questionnaire is available through the company, Security Metrics. CMS has contracted with Security Metrics to provide their customers with questionnaire compliance assistance. Each CMS account is automatically enrolled with Security Metrics.
The Customer Support team at CMS is available to assist with login and password issues when accessing the Security Metrics system, and with getting the merchant account on the correct SAQ questionnaire in the Security Metrics system. CMS Support can be reached at 877-267-4324 or Contact Security Metrics at 801-705-5700 or login to your Security Metrics account athttps://www.securitymetrics.com/pcidss.cms for assistance with the questionnaire.
ICANotes cannot provide you with assistance in completion since the questionnaire applies to issues within your local system, not ICANotes.
See also FAQ’s from CMS below.
The Payment Card Industry Data Security Standard (PCI DSS) was established by the major card brands. This standard is to help any business who accepts Visa, MasterCard and Discover credit cards to organize their company in a way to keep all customer private information secure. This information can include but is not limited to credit card numbers, expiration dates, billing address and security CVC codes. It is a requirement from the card brands for any company who processes, stores, or transmits payment card data to implement the applicable strategies and suggestions outlined in the PCI DSS standards to prevent cardholder data from theft or fraudulent activity. PCI compliance is not a single event, but an ongoing process. This is true regardless of the merchant services provider that is being used by the business. CMS has created an FAQ to learn more, which can be viewed at: https://www.cmsonline.com/PCI_FAQs.html
Under PCI rules, the merchant service provider cannot directly assist the merchant through the compliance process. The concern of the Card Association is that it creates a potential conflict of interest and any support should come from a neutral third party. In an effort to minimize the complications that can arise when becoming PCI compliant, CMS has contracted with Security Metrics to answer any questions or to provide support.
If you find that there is a need for help in becoming PCI Compliant please contact Security Metrics directly. They are there to assist in any way and can be reached at 801-705-5700 .If you have integrated payments using our Slyce Plug-in (which is PCI compliant), this should make the process very seamless for the customer. Due to the integration the merchant should be taking the required SAQ A if the business is not accepting payments through any other means or recording credit card information outside of the Slyce Payment Plug-in. This questionnaire is approximately 20 questions and we have found it can be completed within 10 minutes.