Paysafe PCI Compliance FAQ

This help article walks you through FAQ regarding PCI Compliance.

Who needs to be compliant: The PCI DSS applies to any organization, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. And it pertains to any business type, regardless of whether merchants are accepting payments online, in person, over the phone or in combination.

What is PCI DSS: The Payment Card Industry (PCI) Data Security Standard (DSS) is a set of requirements for enhancing payment account data security.  These standards were developed by the PCI Security Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. to facilitate industry-wide adoption of consistent data security measures on a global basis.  The standard aims to increase awareness and promote best practices in the handling of sensitive information as a means to minimize identity theft and fraudulent transactions.

What is PaysafePCI Portal: As part of Paysafe’s commitment to ensure maximum data security, along with adopting proactive measures to avoid data breaches, they have created PaysafePCI portal to assist merchants to validate their PCI compliance status.

PaysafePCI portal includes:

  • A toll-free phone number and online live chat which enables merchants to contact an experienced PCI support professional with any queries or service requests.
  • Help desk hours will be Monday to Friday from 8:00AM to 8:00PM EST.
  • ASV (Approved Scanning Vendor) Network Vulnerability Scanning.
  • A fully secure online service, in which merchants will complete their PCI DSS assessment.
  • An anti-virus product available for download from the PCI portal (included in fee).
  • Seamless migration for those already PCI DSS Compliant.

How do I become compliant?  

Merchants will go to the following link Coming Soon to take the assessment.

  • Click, First time users, and create your account, and proceed to log in.
  • Answer questions on how they store, process, and transmit credit card data.

To assist with the PCI questions, A toll-free phone number and online live chat which will enable you to contact an experienced PCI support professional with any queries or service requests.

What if I am already compliant:

Any merchant that is already compliant with an Approved Scanning Vendor (ASV) will have the ability to submit an Attestation of Compliance along with successful scan certifications to the PaysafePCI portal to ensure that we are fully aware of their security status, and to avoid PCI non-compliance assessments. Please allow 2-3 business days for Paysafe to validate compliance.

Cost:  Merchants that utilize the PaysafePCI portal will be billed $8.95 a month when they are compliant. 

If a merchant is NON PCI Compliant at the End of October, they will be billed the Paysafe PCI Portal Fee $8.95 and the PCI Non-Compliant Fee of $34.95 until the merchant is PCI Compliant.

When was I notified of the PCI fee:

  • Paysafe sent out notification to all merchants advising them they had to become PCI compliant on August 26th by email
  • Paysafe sent a message within Netbanx.
  • Paysafe placed a message on statements.

We have multiple accounts with Paysafe, do I have to be PCI compliant on all?

The PCI Portal and Non-compliance fees will be done per Merchant Legal Entity

Why am I being asked to complete a PCI questionnaire?

All merchants accepting payment by credit or debit cards are required to comply with Payment Card Industry Data Security Standards (PCI DSS) that are mandated by Visa, MasterCard, American Express, Discover Card and JCB.  This website provides you the tools you need to achieve compliance with the least amount of time, effort, and expense.

How do I request a refund, I was compliant:

We will ask Paysafe to validate that you were or were not compliant and have them advise us.  Please note, if you are not PCI compliant there is no refund that will be given.  All processors must have merchants be compliant.  Please allow 48-72 business hours.

I was PCI compliant and still got debited for the Non PCI Fee.

We will ask Paysafe to validate that you were or were not compliant and have them advise us. Once we get a response if it can be refunded, we will let you know.  Please allow 48-72 business hours.

Why do I have to become PCI compliant if Upper Hand handles the credit cards?

Everyone who plays a part in the ECOsystem of taking a credit card payment must be PCI compliant per the Payment Card Industry Data Security Standards (PCI DSS.)  Businesses must be compliant as they are accepting the credit card payment from their customer.  Upper Hand has to be compliant as well since they are the software provider and Paysafe also has to be PCI compliant.

I process a low volume each month. Does my account still need to be PCI compliant?

Yes, all merchants, whether small or large, are required to be compliant. The payment brands have collectively mandated PCI DSS compliance for all organizations that process, store or transmit payment cardholder data. Inherent in having a merchant account is the ability to handle cardholder data.

How do I see if I am compliant with Paysafe?

Merchants can verify their compliance status by logging into the portal and navigating to the "Compliance Status" or "Assessment Reports" section. There, you will find information about your current compliance status, any outstanding requirements, and access to their compliance reports. 

 How long is the PCI compliance certification valid?

The PCI compliance certificate is valid for one year from the date the certificate is issued. To maintain your compliance, you are required to complete the PCI DSS self-assessment questionnaire annually and conduct any applicable network scan on a quarterly basis.

Why and how often do I need to do a scan?

Through PCI guidelines you are required to run a network scan every 90 days of either your internet network or your website. Notification reminders will be sent out in advance advising you that it is time to renew your compliance certification or upload the most up to date certificate and scan. 

I have multiple accounts, do they all need to be compliant?

Yes, every account must be compliant with PCI DSS. If the multiple businesses share the same legal name and EIN or SSN they would just need to complete it once.  You will need to make sure that Paysafe has the same data on the account so they can link them in their system.  If the legal name and EIN or SSN is not the same on ALL accounts, each account will have to do the steps to become compliant.

Want to learn more about PCI DSS? The below links give you access to all things PCI.