Helcim Logo Support & Tutorials

© Copyright 2006-2018 Helcim Inc.

All Rights Reserved.

PCI Compliance »

PCI Compliance - A Quick Guide

As a Helcim merchant, you're provided access to the Sysnet PCI manager portal in order to complete your PCI compliance. Below is a quick guide on navigating this PCI portal to help smoothen your compliance process.

STEP 1 - Login to Sysnet PCI Portal

To begin you will need to go to the Sysnet PCI Portal Login. In order to log in, you need to create an account on the Sysnet portal using your Elavon merchant ID. The Elavon merchant ID starts with an 801, 802 or 803 and can be found on the My Account portal under Merchant Accounts.

1) Click on First Sign-in

First PCI sign in

2) Fill out all the fields shown with a red arrow. 

Please note: the username can be anything you want, it does not have to be your merchant ID number

Password setup for PCI

3) You will then be taken to the Getting Started page, here you have to click the Start business profile to continue.

PCI getting started

 

STEP 2 - Fill Out Your Profile

You are then taken to the first question of your profile set up. Below are step-by-step guides for the most common PCI profiles. Please select the one that best applies to your business. These profiles may not be exact, however; they should help provide some general guidance. If you chose the wrong profile, don't worry, PCI level 4 is a self-assessment and you can reset your profile anytime:

 

STEP 3 - Complete the Self-Assessment Questionnaire

Once you have filled out your profile you may begin the Self-Assessment Questionnaire by clicking Begin Step as shown below

 PCI dashboard

Please note: some businesses will require to do a scan. If the system prompts you to Go to scan management - Click HERE

Self-Assessment Questionnaires (SAQ)

For small merchants (level 4), the PCI questionnaires are self-assessment. The questionnaires ask you YES or NO questions. Each merchant will see a different amount of questions depending on their account type. Please remember that this is not a test. The purpose of the questionnaire is to self-evaluate each question and to make sure your business complies with the question. You should make the necessary changes to your business so that you can answer yes to every question. Keep in mind that if any of the questions are answered “NO” then the end result of your status will be non-compliant.

SAQ

There are multiple pages with questions, please make sure to go through all of them by clicking Next

SAQ3

 

Please note: some businesses will require to do a scan. If the system prompts you to Go to scan management - Click HERE

STEP 4 - Attestation

Once all the questions are answered you are taken to the attestation page. Please click on Confirm your Attestation

Final SAQ

You should now see You're compliant on the top right-hand corner

Final PCI

 

External Network Scans

Based on your business type, you may be required to scan your network on a quarterly basis. For e-commerce merchants with a direct API integration, you will need to scan your website URL using the portal's built-in scanner. For retail merchants using an IP network, you will need to scan your business IP address. To view how to schedule a scan Go to scan management by clicking HERE. Scans typically take 3-4 hours to complete. 

Requirements Needed for PCI Compliance

Merchant Type SAQ # of Questions Quarterly Scans Pen Testing Difficulty
Hosted Payment Page, Hosted Shopping Cart, Helcim.js SAQ A 7 no no easy
Terminal - Dial SAQ B 1 no no easy
Terminal - IP Internet SAQ B-IP 3 yes no moderate
Mobile App SAQ D (mobile) 66 no no hard
Virtual Terminal SAQ C-VT 23 no no easy
Direct API Gateway SAQ A-EP 178 yes yes hard

 

PCI need to be completed yearly. Notices are sent out when your compliance is about to expire.