Print Reach Pay and PCI Compliance and AOC Follow

Merchant Processors often require periodic PCI scanning and compliance with PCI standards. In some cases, Merchants will charge you extra fees if your scan isn't complete or report you're non-compliant. 

At Print Reach, we reduce your risk factors by having your systems store Credit Card Tokens and not Credit Card numbers. These tokens are like a password that only allows you to process transactions and they must be verified by our secure servers. This removes a portion of the risk associated with your data and systems.

Print Reach offers automatic enrollment in a Security Metrics PCI program to help you stay PCI compliant.

This process involves working directly with Security Metrics to answer a questionnaire and implement security scanning. Merchants will need to fill out a new questionnaire, they can't be transferred. During the setup of Security Metrics, the Merchant will need to provide their Public IP address(s).

Attached below is a document that explains the entire process step by step.

During the PCI signup process, Security Metrics will ask you to select your processing method. Please select "FullsteamPay Hosted Controls"

According to the PCI DSS, “Tokenization solutions do not eliminate the need to maintain and validate PCI DSS compliance, but they may simplify validation efforts by reducing the number of systems for which PCI requirements apply."

PCI DSS also has a document called an Attestation of Compliance (AoC) which is a declaration of an organization's compliance levels. While Print Reach does not have an AOC our parent company Fullsteam who is the payment facilitator does have an up-to-date AOC. Below are the websites for Visa and Mastercards list of payment facilitators which also states the validation they received.

• https://www.mastercard.us/en-us/business/overview/start-accepting/payment-facilitators.html
• https://www.visa.com/splisting/searchGrsp.do 

On these lists, you will notice Fullsteam Operations LLC which is our parent company that handles all the processing of the payments.

Print Reach itself does not store or process any Credit Card details and only has information on tokens for transactions.

Example PCI Questionnaire Questions:

---Example 1: Is firmware on wireless devices updated to support strong encryption for authentication and transmission over wireless networks?

---Example 2: Are other security-related wireless vendor defaults changed, if applicable?

---Example 3: Is the personal firewall software configured to specific configuration settings, actively running, and not alterable by users of mobile and/or employee-owned devices?

FAQs:

For any questions on the questionnaire, please reach out to SecurityMetrics directly: (800) 557-4797

• What if we have PCI Compliance with another company?
  • You can submit a copy of your PCI Compliance Certification and/or AOC (Attestation of Compliance) form quarterly to SecurityMetrics. Then once confirmed, the relevant fees will be waived.
• What other ramifications will happen if someone is non-compliant, besides the $59.95?
  • Your shop will not be eligible for the $100,000 insurance policy in case of a data breach.