When you sign up for Storable Payments, you are required to comply with the Payment Card Industry Data Security Standard (PCI DSS), which helps protect your business and your customers’ payment data. PCI compliance is critical to help your business avoid fines and penalties, minimize fraud and liability, and improve trust with your clients. To support you in this process, Storable partners with ControlScan by VikingCloud, a PCI compliance partner that offers tools and resources to help you meet these requirements.
Storable ID with Multi-Factor Authentication may be required for enhanced security and compliance. For instructions on enabling Storable ID, visit our Help Article for step-by-step guidance.
Storable can also assist with specific portions of the process, such as completing your business profile and initiating your vulnerability scan. For step-by-step instructions, visit our PCI Compliance Help Page.
As a reminder, you are solely responsible for your compliance with all applicable laws and regulations. If you have any questions about applicable laws and regulations, consult with your legal counsel.
Do I have to complete the PCI compliance process?
Any merchant accepting credit cards is required to be PCI compliant by following the Payment Card Industry Data Security Standards. For more information on these standards, please see the following link: www.pcisecuritystandards.org. If you are not PCI compliant and there is a data breach, you could be held responsible for losses, fines, and forensics costs.
What is the process to become PCI compliant?
You will be required to complete the PCI Self-Assessment Questionnaire and perform a vulnerability scan on all internet-facing systems that are involved in processing payment card data. Your specific requirements may vary based on how you process payments.
How do I know if my facilities are PCI compliant?
Log in to your VikingCloud portal to check your facilities' compliance status. The dashboard will display whether each location is currently compliant or if further action is needed.
How do I log in to VikingCloud?
Log-in instructions are available on our PCI Compliance Help Page.
I need help becoming compliant or completing the Self-Assessment Questionnaire.
We've partnered with VikingCloud to support you in the compliance process. They can help clarify the questions in the Self-Assessment Questionnaire and guide you through the steps. You can reach their support team at 1-888-543-4743 or via email at support@complywithpci.com. Provide them with your email address to help them locate your account.
Storable can also assist with specific portions of the process, such as completing your business profile and initiating your vulnerability scan. For step-by-step instructions, visit our PCI Compliance Help Page.
If you need further assistance beyond what VikingCloud can provide, consult a qualified IT professional. Because each business’s network setup is unique, Storable cannot offer guidance on other portions of the questionnaire.
How can Storable help me become compliant?
Storable can assist you with certain portions of the PCI compliance process, such as completing your business profile and helping you initiate the required vulnerability scan. However, due to the unique nature of each business’s network environment, we are not able to provide guidance on the remainder of the PCI Self-Assessment Questionnaire. For those areas, we recommend consulting with your IT team or a qualified security professional to ensure accurate and complete responses.
To see precisely how Storable can support you, visit our PCI Compliance Help Page for a step-by-step guide.
Does Storable support multi-factor authentication, and how do I set it up?
Yes, Storable supports multi-factor authentication (MFA) through Storable ID. MFA adds an extra layer of protection when accessing your account and may be required for enhanced security and compliance. For instructions on how to enable Storable ID, visit our Help Article for step-by-step guidance.
I have multiple locations under one merchant ID. How does that affect my vulnerability scan and Self-Assessment Questionnaire?
If your accounts are consolidated under a single merchant ID, you only need to complete one Self-Assessment Questionnaire for all locations. However, you are still required to perform a separate vulnerability scan for each location with an internet connection used for payment processing.
If remote employees process credit card payments, do we need to perform a vulnerability scan on their home IP addresses?
Vulnerability scans are required for any external IP address where cardholder data is processed, including remote environments. If your remote employees connect through a secure VPN that routes traffic through your organization’s centralized network, you may only need to scan the external IP address of that central network. Consult with your IT team or a qualified security professional to confirm the appropriate setup and scanning requirements for your specific environment.
How often do I have to fill out the Self-Assessment Questionnaire and perform a vulnerability scan?
Most merchants are required to complete the PCI Self-Assessment Questionnaire (SAQ) annually and perform a vulnerability scan quarterly (every 90 days). Your specific requirements may vary based on how you process payments, so we recommend working with VikingCloud for personalized guidance.
I certify my compliance with a vendor outside of VikingCloud/Storable. Do I have to use VikingCloud?
You can upload your PCI Compliance Certificate from any legitimate PCI compliance vendor to VikingCloud. Uploading your certificate there helps you avoid the non-compliance fee.
What does the PCI Fee cover? Will it be reduced if we become compliant?
The annual PCI fee covers access to the PCI compliance portal, which provides the tools and resources to help you achieve and maintain compliance. This fee stays the same regardless of your compliance status. However, if you become compliant, any non-compliance fees imposed by Storable will be removed.
Why is there a PCI non-compliance fee?
PCI DSS (Payment Card Industry Data Security Standards) compliance is a requirement from the card brands to help protect cardholder data and reduce the risk of fraud. The non-compliance fee is designed to encourage timely compliance with these important security standards.
What is the deadline for becoming PCI compliant to avoid the non-compliance fee?
To avoid being charged the non-compliance fee, you must achieve compliance by the 27th of the prior month.
How soon after I start processing payments could I be charged a PCI non-compliance fee?
The PCI non-compliance fee is assessed based on your compliance status at the end of your first full month of payment processing. For example, if your account goes live on May 10th, your compliance status will be evaluated at the end of June. If you do not achieve compliance by June 27th, the fee will be charged in July.
Does the non-compliance fee apply to the entire account or only to the individual facility that is non-compliant?
The non-compliance fee is charged for each individual facility that is not compliant each month.
How do I add another user to the VikingCloud portal?
To add a new user, log in to the VikingCloud, navigate to the user management section, and follow the prompts to create a new user account. If you encounter any issues or require assistance, contact VikingCloud support at 1-888-543-4743 or via email at support@complywithpci.com.
What should I expect after logging into the VikingCloud portal for the first time?
Once you log in to VikingCloud for the first time, the portal will guide you through the steps needed to begin your PCI compliance process. This typically includes reviewing relevant information about PCI DSS, completing the Self-Assessment Questionnaire, and initiating a vulnerability scan. VikingCloud’s interface is designed to walk you through each step based on how your business accepts payments.
If you need assistance, you can contact VikingCloud support at 1-888-543-4743 or support@complywithpci.com. Storable can also assist with specific portions of the process, such as completing your business profile and initiating your vulnerability scan. For step-by-step instructions, visit our PCI Compliance Help Page.