Our Compliance Solutions
Fraud is costly for business. It’s why PCI-DSS was introduced in 2005 – a major undertaking for most merchants.
At MerchantPlus, we make sure you meet all the legal requirements.
This step-by-step guide will help you complete your McAfee scan and SAQ required to establish PCI compliance. Please read carefully and follow exactly.
A. The SAQ
The first thing you should do is make sure you’ve completed an SAQ. You can find this at the bottom of the page here.
Please read the description of each SAQ carefully and select the one that best describes your business. For most internet merchants, this will be SAQ Version A. Download and complete only the sections in RED ink.
B. The McAfee Scanning Procedure
- You will first need to sign up for a FREE McAfee account here.
- McAfee will then contact you via email with login information for your account. The login URL will be: https://www.mcafeesecure.com/customer/
- Determine if you will be running a scan on your website (for merchants who have an automated checkout system) or on your IP address (for merchants who manually enter transactions through a virtual terminal). If you need to use your IP address, you can find out what it is here: http://whatismyip.com/
- After you’ve logged in to the McAfee interface, under the ‘Security’ tab, navigate to the ‘Audits’ section on the left and select ‘Devices.’
- Click the ‘Add Device’ link at the top middle, and then enter your web or IP address in the appropriate box in the middle of the page. Leave all other settings as is.
- Click ‘Continue’ at the bottom right. Check the two agreement boxes and click ‘Add Device’
- Check all the boxes on this page, enter the code at the bottom, and click ‘Activate’
- You should see a box on the next page that says, ‘Saved.’ Click the ‘Audit Now’ button on this page.
- On the next page, you will see ‘Type’ of scan. This should be set to ‘Hack Simulation’ and the time should say ‘Begin Now’
- Check the box ‘Email When Complete’ and hit the ‘Confirm’ button at the bottom right.
- The scan will start and it should take about 30 minutes to an hour to complete. You can exit and come back to it later.
- Once its complete, log back in, and click on the ‘PCI’ tab in the middle of the page.
- Click option 3 to ‘Download Reports’
- Check all the boxes on this page and click ‘Download’
- You should start downloading a ZIP file. Please open this file after download and make sure the ‘PCI Compliance Scan’ says ‘Passed’
- If it does, forward the entire ZIP file along with the previously completed SAQ to: firstname.lastname@example.org . Please title the email – PCI Compliance and SAQ for “Business Name”
C. Scan Submittal Intervals
Scans are submitted to our processor on the 23rd of every month, therefore we need to have your scan by this date. Your next scan will be due 90 days from the date on the scan. For example, if your scan was done on May 1st and sent to us, it will not be sent to our processor until May 23rd. Your next scan will be due on July 23rd, because if you send it on August 1st, it will not be submitted until August 23rd and will now have surpassed your 90 day coverage. The SAQ is only due once per year.
***It is up to you, the merchant, to keep track of when your next scans are due to avoid any non-compliance fees.