Use this link to share with your colleagues:
How to Get (and Stay!) PCI Compliant: https://help.pm.leapevent.tech/a/829772
As someone who processes credit card transactions, it's incredibly important for you to maintain your PCI compliance for the safety and security of your patrons. Additionally, Bluefin will charge you a PCI non-compliance fee for each month of non-compliance, and who wants more fees?
Here's the good news: since you use Bluefin, getting - and staying - PCI compliant is just a couple steps away. This article will guide you through:
- Designating your PCI compliance contacts, and what to do when one of them leaves your organization
- How to use your SecureTrust account
- Two tasks that will need to be completed annually
Designating PCI compliance contacts
The most important key to making sure you stay PCI compliant is to have up-to-date contact information. That way, you'll know you're getting all notices regarding your PCI status.
When your Bluefin account was first set up, we asked your organization to designate some contacts:
- Merchant application signatory: the person who signed your Bluefin merchant application
- P2PE Manager: the person who set up your credit card swiping devices
-
SecureTrust contact: the person who set up your initial SecureTrust account and filled out your first PCI self-assessment questionnaire
- Note: you may originally have set up a Trustwave account - Trustwave accounts have been upgraded to SecureTrust
Depending on your staff structure, these roles could be filled by one person or several. Whoever they are, they'll receive notice when it's time to complete annual PCI compliance tasks and get an email if there are any problems with your PCI status, so it's crucial to keep their information current. If you don't know what email addresses you have on file, submit a case in the Community to let us know!
One of my PCI compliance contacts left - now what?
Submit a case in the Community - let us know who left and who will now take on that responsibility. Specifically, we'll need the new PCI compliance contact's name and email address.
ProTip!
If you have a general administrative email, you can also set your PCI compliance emails to be sent there. That way, they'll be seen by someone - even if you have staff changes.
Using SecureTrust
When your Bluefin account was created, your SecureTrust contact received an email from Trustwave. It might look like a spam email, but it's not! SecureTrust is a packaged service with Bluefin you'll use to verify your PCI compliance on an annual basis.
If this is your first time logging into SecureTrust, check out this article for instructions on logging in and filling out your first self-assessment questionnaire (SAQ). You'll also have to set up your Profile and follow the prompts in the SecureTrust portal.
Two tasks to do annually:
Once a year, your PCI compliance contacts will be notified about two tasks that need to be completed - your PCI self-assessment questionnaire and your P2PE card reader audit. In total, these two tasks should only take you about an hour.
ProTip!
Since you need to deal with PCI tasks annually, set a calendar reminder each year for the day your Bluefin account went live to help you remember to keep an eye out for these notices. Not sure when that was? We'll be happy to tell you, just submit a Case in the Client Community!
PCI compliance requires you to answer questions about your workplace policies and procedures annually, so you'll need to fill out that SAQ once per year. Visit our SecureTrust: PCI Compliance Questionnaire article for instructions on how to complete your annual SAQ.
Your P2PE card readers are designed to securely transmit credit card data from your box office to the bank, and that's a big part of staying PCI compliant. Once a year, you'll need to take a look at your card readers to make sure they're up to snuff and haven't been tampered with.
That's where Bluefin's P2PE Manager comes in. P2PE Manager will provide you with a schedule for your audits, as well as inspection instructions for your specific devices. Visit our Bluefin P2PE Manager: Auditing Your Card Readers article for step-by-step instructions on how to audit your card readers.
