Frequently Asked Questions

1. What is PCI Compliance?

If this is your first time encountering PCI Compliance, you may be a little confused or even a bit uneasy about these regulations.  Don’t worry, we are here to help!  The Payment Card Industry Data Security Standard was created in 2006 by the major credit card brands to help establish best practices for merchants just like you.   These regulations not only help protect you from fraud, but also help protect your clients too.  Each year, the banks and card brands require you to fill out what is called a Self Assessment Questionnaire (SAQ) to re-evaluate your security.
Back to top  

2. What is an SAQ?

SAQ stands for Self Assessment Questionnaire.  This is the security evaluation that the banks and card brands require you to complete each year.  It not only helps to verify that you are handling credit card data safely and correctly, but it also gives you the opportunity to fix any potential issues.  The SAQ you are required to complete is based on how you process credit cards. 
Back to top

3. Which SAQ Should I Complete?

Our online PCI Central program will guide you into the correct questionnaire based on a few questions related to how you process credit cards.
  • If your clients enter their own credit card information into a secure payment page, you will complete SAQ A
  • If you have a physical terminal that is plugged into a phone line, you will complete SAQ B
  • If you log into a secure website  to process credit cards, you will complete SAQ C-VT (most common)
  • If you use an encrypted swipe device to “swipe” credit card information into your secure online terminal, you will complete SAQ C-VT (Most common)

Back to top

4. I’m an attorney. Why do I have to do this?

As an attorney, you are already familiar with the concept of confidentiality and security surrounding your client information.  When you accept credit cards, you must also follow a set of guidelines for protecting credit card data – the Payment Card Industry Data Security Standard.  These regulations were developed and are enforced by the major card brands.  Each year, the card brands require you to complete a Self Assessment Questionnaire (SAQ) as a way to evaluate the security in your office. 
Back to top

5. What happens if I start my PCI Program and can’t finish?

No problem! Simply click “Save & Close” and return to it later. It will save your progress.
Back to top

6. How long will the program take to finish?

We value your time and want to make this as easy and painless for you as possible! The questionnaires take between 5 – 25 minutes to complete, depending on how you process. Of course you can always call our PCI Compliance department if you need any help.
Back to top

7. I’m an association.  Why do I have to do this?

PCI Compliance applies to any business that handles credit card data. The good news is that completing your questionnaire can help your Association spot potential security risks.
Back to top

8. I only process a few transactions per year.  Does PCI apply to me?

Yes! PCI Compliance applies to any business that handles credit card data. This means whether you process 1 or 1 million transactions, you need to complete a brief PCI Compliance Questionnaire.
Back to top

9. I am the only person in the office.  Does PCI apply to me?

Yes!  Even though you are the only one holding down the fort, PCI Compliance applies to you.  It applies to any business that handles credit card data.  So whether you have 1 or 100 employees, you need to make sure that you are handling credit card data correctly.  The card brands require it! You need to comply with the requirements.
Back to top

10. Is PCI Compliance a Law?

It is in some states.  There are currently several pieces of legislation that would enforce PCI Compliance on a federal level.  Regardless of state or federal law, PCI Compliance is still enforced by the banks and card brands. 
Back to top

11. Why can’t you do this for me?

We get it! You don’t want to do this. The reality, though, is that only YOU know how you are running your business. The good news is that you’re not alone! Call us and set up a time to walk through your compliance questionnaire with our PCI Compliance department. We can help you complete your questionnaire quickly so you can go back to doing what you do best – running your business!
Back to top

12. What happens if I don’t get compliant by my due date?

Despite our efforts, procrastination gets the best of us sometime. If you don’t login and complete your PCI program by your due date, you will be assessed a $19.95 per month until you complete it. Once you are finished, the non-compliance fee will be removed.
Back to top

13. Other processors charge for their PCI Program.  Why is yours free?

We value our customers!  We wanted to offer you a comprehensive program as just another benefit to your LawPay / AffiniPay account.
Back to top

14. I still feel confused.  What should I do?

Pick up the closest phone, and give us a call!  We are here to help you!
Back to top