Skip to main content

CardPointe - Accessing and Attesting Compliance Forms LB 2.0

M
Written by Marija Golubovic
Updated this week

Overview

As with any other payment processor, completing PCI compliance is a required step to keep everything secure and aligned with industry regulations. This is handled through CardPointe’s dedicated PCI portal, where the merchant fills out a Self-Assessment Questionnaire (SAQ). The process is straightforward, but there are a few things to keep in mind to avoid errors or delays. Continue reading to learn more.

How to Get Started

When a merchant account is approved and PCI hasn’t been completed yet, the CardPointe team will send the client a link to the compliance portal https://cardpointe.managepci.com. That’s where the SAQ is completed.

IMPORTANT NOTE:

To avoid errors during registration, advise clients to:

  • Use the same IP address that was used when first logging into the merchant application

  • Make sure any browser pop-up blockers are turned off

Skipping either of these can result in access or registration issues.

Accessing the PCI Compliance Portal

To access the PCI Compliance portal, the client must be logged into their CardPointe account https://cardpointe.cardconnect.com/ and then

  1. Select the My Account tab

  2. Select the Accounts tab if not preselected

  3. Locate the PCI Status column; if it displays Not Compliant, click on it

  4. Clients will be redirected to the PCI Compliance Portal https://cardpointe.managepci.com/safemaker/login/portal. Ensure that:

    • Client is accessing the portal from the same IP address used during the merchant application

    • Pop-up blockers are disabled in the browser to prevent access issues

  5. First, the client needs to register, so they should select the Register button

  6. Then, they will be asked to enter their MID/ Username received in the welcome email titled "Activate payments in Prompt Complete Guide to getting started," and the Security code listed on the page

  7. Clients will be navigated to accept the terms and conditions stated in the PCI DSS v4.0 Resource Hub and additional resources. To continue, the client must check the box labeled "I understand" and then click the Next button

  8. Clients will then be asked to choose their assessment method out of three options: Guide Me, Expert, or Upload an existing PCI compliance form or other valid forms. It's recommended to choose the "Guide Me" option. After selection, to proceed, they need to select the Next button


  9. Then the Self-Assessment Questionnaire follows. The client is asked to fill in any missing account details & respond to the following questions.

    1. How do you accept payment cards?

      1. Answer this based on how payments are received/processed through the Lunchbox account/software. Since payments are submitted through an online site, enter Online Payments only.

    2. Pay By Link:

      1. This is only if a link is sent to the cardholder to enter a payment – these are typically not used when submitting payments through a software/website. Is used if the customer is using Command Center.

    3. How do you accept online e-commerce customer payments?

      1. Web Only Partners - Customers make online payments and not through a mobile app

      2. Web and App Partners - Check both answers.

    4. Your e-commerce URL:

      1. This is the URL that a client/cardholder would use to submit a payment. Add your ordering site here. If your location is not live, then add your Netlify site.

    5. Lunchbox manages the website, so a Third Party manages all aspects of the website.

    6. Since the website is most likely not in the list provided, type "Other" in the Filter Bar and select Add your own. Enter Lunchbox, since we provide the website where payments are entered:

    7. All payments software companies should be PCI compliant, so confirm and then answer Yes. Part of our compliance is to perform scans, which can be confirmed before answering

    8. Your payment gateway/processor – In the Filter Bar, type Other and then enter CardConnect

    9. Again, all processors are required to be PCI compliant, and if needed, the processor can provide their AOC.

    10. No one should write down, send, or share full card numbers in any way, as these should all be entered through the website by the cardholder for security purposes. If they are taken another way, remember to destroy the number completely after entering the information.

    11. The processor, gateway or software stores and manages all cardholder data. There is no data retention or disposal on the side of the merchant. For these questions, the answer can be NA, as the processor or software retains, stores or disposes of cardholder data.

  10. The last step is to review responses and submit the SAQ.

Timing and Deadlines

There’s a 60-day window to complete PCI compliance after the merchant application is approved. During this time, the client should log in to the portal and complete the SAQ. CardPointe will send reminders to help them stay on track.

💡PCI compliance isn’t a one-and-done process—it must be renewed annually. CardPointe sends out email reminders when it’s time to complete the renewal. The primary contact (usually the contract signer) on the merchant account receives email reminders as deadlines approach or when annual renewal is due. It’s important that this person keeps an eye out for those emails and follows through.

What Happens If It’s Not Done?

If the client doesn’t finish the process within 60 days, a monthly non-compliance fee of $29.95 is applied. If it’s still incomplete a year later, that fee increases and will continue to go up every six months until the account is brought into compliance.

Related Articles
Accessing and Attesting Compliance Forms (Lunchmoney Powered by Finix)
CardPointe Onboarding LB 2.0
CardPointe Dashboard Overview LB 2.0
CardPointe FAQ LB 2.0
CardPointe - FAQ LB 2.0
Did this answer your question?