Getting started with PCI compliance starts with understanding your organization’s PCI Scope. It’s about pinpointing the areas in your business—like people, systems, or processes—that deal with credit card information. Think of it as mapping out where credit card data flows in your organization. Once you’ve got that clear picture, understanding what you need to do for PCI compliance becomes so much easier.
This preparation guide will help you gather the necessary information to ensure a smooth and efficient session.
Before your PCI Scope Wizard or PCI Health-Check Session, take time to review how your organization handles credit card transactions across all payment channels.
To prepare, please familiarize yourself with your organization’s credit card processes:
- Annual Number of Card Transactions (including all payment processors used)
- How do you accept cards In-Person (including what software/hardware is used)
- How do you accept cards by Telephone & Mail (including what process/solution are used)
- How do you accept cards Online (including what solution is used)
- If you Store Cards Electronically (including what software/hardware is used)
Tips on in-person (Card present) equipment questions:
In-person (Card present) equipment
Before we begin, it’s important to understand the different types of card readers you may be using. The most common confusion arises between Point-of-Sale (POS) terminals and stand-alone terminals.
- Stand-alone terminals require staff to manually enter the sale amount before the customer inserts or swipes their card.
- POS terminals automatically receive the sale amount electronically from the register or business system before the card is inserted or swiped.
Keep in mind that other types of card terminals exist. To prepare for your session, write down the model and brand of each terminal you use, and what they are connected to, if anything.
Online (E-commerce) Payment Applications
The key distinction in e-commerce payment systems is whether the payment application is merchant-hosted or third-party hosted.
- Merchant-hosted payment applications handle credit card data within systems that your business directly operates.
- Third-party hosted payment applications rely on an external provider to manage some or all of the payment pages, meaning your business does not process or store any credit card data.
Since both types can look similar to the end-user—such as appearing as a payment form on your website—this can sometimes be confusing. A good source of his information is your IT team, to ask if the applications you use was built by your company or if you are using software provided by a vendor.
Electronic Storage of Card Data
This section refers only to electronic storage of credit card data in systems operated by your business. It does NOT include cards stored in an outsourced PCI-compliant card vault, such as are provided by your payment gateway or processor.
- If you can see the whole card numbers after storage, your system is considered merchant-operated for PCI purposes.
- If credit card data is stored in an office document, cloud storage that you or your organization manages, database, or other software managed by you or your IT team, this is also considered a merchant-operated system under PCI guidelines.
Payment Processes
If your staff is handling credit card information other than using the methods above, be prepared to discuss how your staff handles it and interacts with your customers while receiving the information from your customers.
We’re Here to Help
Call 1 800 831 6660 or
What our clients are saying about us
“Never any issues with you guys! Things just work.”
“Customer service is a really big deal to us, and I am glad to do business with a company that obviously takes it as seriously as we do.”
“We’re happy with the IVR Payment system and it has been working well for us. Recently we also setup your newest SMS (text) receipts and found it to work great.”
“I want to command you and your team at Datatel on the job just completed for Tele-Response Center. The attention to detail and professionalism with which you approached the project was exemplary and greatly appreciated especially considering the several applications that needed to be implemented on short notice. Thanks again for your assistance getting this project off the ground so smoothly.”
“My team and I would like to commend Datatel on creating an IVR application that adds great value to our new Travel product. Your knowledge, input and expertise in IVR scripting, call flow management and overall IVR logistics made the development and implementation stages extremely easy to manage. Thank you for a well executed campaign that was launched on time and on budget.”
“Great team to work with. I look forward to utilizing some additional capabilities in the future.”
“We are very grateful for many years of mutually beneficial business relationship with Datatel and for impeccable customer service we have received during these years.”
“We, Standard Life, very much appreciated Datatel’s expertise, knowledge and support as we worked through the development and implementation stages. Our Clients appreciate the simplicity of the capability, while gathering very valuable feedback. Thanks for making this a very positive experience.”
“This was one of the best implementations I have been a part of. The communication was excellent and everything was responded to and dealt with swiftly. A real pleasure. We are looking forward to the impact this will have on our patient payments! Thank you!”
