💡 Quick Answer: If you accept credit card payments through EnrollsyPay, you must complete a PCI Self-Assessment Questionnaire (SAQ) once a year. Security Metrics will email you to get started. Skipping it triggers a $25/month non-compliance fee on your statement. Jump to Steps to Complete Questionnaire if you're ready to start.
What is PCI Compliance?
PCI compliance is a set of 12 security standards that businesses must adhere to when accepting credit card payments and transmitting, processing, and storing credit card information. Non-compliance triggers monthly fees and increases your liability in the event of a data breach.
Among the requirements are encryption of cardholder data, firewall management, antivirus updates, and assigning unique IDs to individuals with access to computers.
What Do You Need to Do?
When you sign up for an EnrollsyPay account, to comply with PCI, merchants must complete a Self-Assessment Questionnaire (SAQ). After your account is approved, you should receive an email from Security Metrics, who is the service provider Nuvei (the credit card merchant account provider) uses to ensure and assist with PCI compliance.
Who is Involved
EnrollsyPay is the payment product
Nuvei is the merchant account provider
Security Metrics is the PCI assessor
Several parts of SAQs apply to different kinds of businesses, and many small business owners and merchants aren't sure which ones apply to them. You are guided through the questionnaire by Security Metrics, ensuring all the appropriate sections are completed.
What's New in PCI DSS 4.0
Regarding PCI DSS version 4.0, it introduces a new way of handling PCI with additional questions compared to the previous version. You can find more information in the FAQ provided by Security Metrics or by attending their webinar.
Steps to Complete Questionnaire
See the steps below to complete the questionnaire.
Click the login button (Nuvei should have already created your account). Please let us know if you have trouble logging in.
Use the same email address as the primary contact email on the original credit card merchant account application.
NOTE: A field also asked if you want a separate email address used for PCI compliance correspondence, which would have overridden the primary contact email.
If you forgot your password, you can reset it on Security Metrics' login page.
Written Security Policy
The first question on the PCI Compliance Questionnaire pertains to a written security policy for P2PE. The Payment Card Industry (PCI) Security Standards Council created Point-to-Point Encryption (P2PE) as an encryption standard. It requires merchants' point-of-sale terminals to encrypt payment card data immediately after use. Payment processors cannot decrypt it until they transport it securely and process it.
Since 2011, P2PE has been an official program of the PCI Standards Council. Using PCI-validated P2PE solutions is not mandatory, but complying with PCI Council standards reduces the P2PE Self-Assessment Questionnaire to 26 items.
Can't Log In to Security Metrics?
Can't Log In to Security Metrics?
Upon Approval of your Merchant Accounts, the person who filled out that application should have received emails providing access to your Merchant Gateways. If they did not receive this email or if you need to add someone else to your account, please send the following information to us-support@tillpayments.com for each person to whom you would like to grant access:
Full name
Email address
Time zone
MID (Merchant ID, which you can find on your statements or in your welcome email)
Nuvei will send out invitations to log in to the portal.
EnrollsyPay PCI Fees
The following are the fees EnrollsyPay charges for both PCI compliance and PCI non-compliance.
Fee | Amount | When Charged |
PCI/Breach Assist Fee | $5.00/month | Every month if you offer credit card payments |
PCI Non-Compliance Fee | $25.00/month | Each month non-compliant after 60-day grace period |
To view these and other fees EnrollsyPay charges, see this fee sheet.
Why These Fees Exist
Why These Fees Exist
Some payment processors or merchant service providers charge their customers a PCI compliance fee for using their services. The fee covers the cost of providing merchants with PCI DSS tools, resources, and support.
PCI compliance fees vary by provider, but typically range from $79 to $120 per year. Providers may charge this fee monthly, quarterly, or annually. It may be included in the overall processing fee, while others may list it separately. Enrollsy charges $5.00 per month or $60 per year.
You will see a Nonreceipt of PCI Validation fee on your monthly statement if you never complete the PCI Compliance Verification Questionnaire.
The PCI non-compliance fee is a penalty that some payment processors impose on their customers who fail to comply with the PCI DSS. The intention of this fee is to get merchants to take PCI compliance more seriously and to cover the potential risks of not complying with these standards.
The PCI non-compliance fee is ONLY assessed if the merchant fails to complete the self-assessment questionnaire. There is also a 60-day grace period before this fee is charged.
To learn more about PCI Compliance, see these resources:
Support & Resources
If you have questions when filling out the PCI Compliance questionnaire, please contact Security Metrics by using one of the following contact methods:
Call 801-705-5700
Create a ticket here.