aire
LOGGING INTO SYSNET
1. Login - Login to the portal and change password
a. The merchant will receive two emails, one with their username and the other with
their password, that they can use to login to the PCI Portal
-
Upon first logging in, the merchant will be prompted to change their password
-
Once completed, they will be navigated to an overview page with information on
what they will need to do along with an informational video
-
Click “Start Business Profile” to begin
2. Profile - The merchant will need to complete their business profile by answering questions on how they accept payments.
-
The merchant will then be guided through questions asking how their business accepts payments, the technology they use and methods in which they may be transferring or storing data. In some cases, the merchant may need to select more than one option. If there are any questions regarding an option, the merchant can learn more from the tool-tip, indicated by a green question mark OR click the phone icon on the top right to get in contact with Sysnet Support.
-
Once the business profile section is completed, the merchant will be taken to their dashboard where they can complete their security assessment questionnaire (SAQ) as well as any other tasks assigned to them (ex. scan) based on their answers from the profile. Dashboard Navigation:
-
Your Business Profile: The merchant will have been assigned a business profile type, based on the answers provided. Clicking on ‘More Info’ will provide more information on what this means.
-
Be Scan Compliant: If applicable, the merchant can conduct scanning from here. Click ‘Manage’ on the scan widget to begin.
-
A merchant’s compliance status is listed in the top right.
-
Complete Security Assessment: When the merchant has completed their scanning (if applicable) they can proceed to their security assessment by
clicking ‘Manage’
-
3. Scanning - The merchant will need to complete scanning on their network if applicable to their business profile type. If scanning is not required, skip ahead to step 4.
a. If the scanning widget appears in the merchant’s dashboard, they must complete a scan by selecting “Manage” from the “Be scan complaint” widget.
-
On the next page, select “Schedule Scan”
-
To complete the external vulnerability scan, the merchant will be asked for details regarding their IP Address and Scan Date as follows:
-
IP Address: This must be the same IP address as used by the card payment machine. Providing the IP address ensures that the scan is completed on the correct network. Need help finding the IP address? Here’s how:
-
Have the merchant connect the device to the same Wi-Fi network that their card payment machine is connected to
-
They should open their browser and search “What is my IP address”
-
The merchant’s IP address will be listed in the search results. Please note, they should be looking for the IPV4 address not the IPV6 address
-
-
Scan Date: It will default to the current date and time. This can be changed if necessary.
-
Confirmation on if you use a load balancer - if the merchant doesn’t know what this is, chances are they don’t use one.
-
NOTE: There are tool-tips outlined throughout this process to provide more information to the merchant if needed.
-
-
Once all of the requested information is entered, select “Schedule Scan”
-
The scan will then run and can take up to 48 hours. The merchant will
receive an email once the scan is complete.
-
The merchant will be notified via the dashboard if remediation action is
needed
-
If the scan fails, the merchant will need to complete the recommended
remediation and then rerun the scan until they pass.
-
4. Security Assessment Questionnaire (SAQ) - Complete the SAQ which serves as an assessment of how the merchant deals with information in their business
-
From the dashboard, the merchant should select “Manage” on their “Complete Security Assessment” widget. The amount of questions is based on the questions answered during the Business Profiling section.
-
From here, the merchant will be guided through the questions in order to complete their SAQ. There is additional information available below each question to provide assistance to the merchant and the merchant’s progress is tracked in the section on the top right.
c. If the merchant provides an answer that is against the best practice or what is correct, they may need to provide additional information or assign a remediation task. They will be able to continue with their questionnaire, but they might not be able to complete their questionnaire until the remediation tasks are completed.
i. NOTE: The merchant should be looking at the questionnaire as best practices they should adopt to keep their information secure
-
Once all of the questions have been answered correctly, the merchant will need to attest to their compliance (i.e. confirm the information they’ve provided). They’ll be able to review the answers provided at this step and then click on “Confirm your Attestation” to finish.
-
The merchant must complete this validation annually. Their renewal date will be displayed on the dashboard and they will receive an email to remind them when it’s time to renew.
5. Maintenance - The merchant will need to maintain their compliance throughout the year and will be reminded when action is needed on their end via email.
a. Depending on the business profile, the merchant may need to run additional scans throughout the year. If this is the case, the merchant should use the email sent to them to log-in to the portal and complete what is outlined on their dashboard under the “Task Centre”
-
The SAQ will need to be renewed annually and the external vulnerability scan will need to be completed quarterly.
-
At any point in the process if you or the merchant need assistance, click the telephone icon on the dashboard to access the help desk phone number.
Helpful Definitions
PCI - Payment Card Industry
SAQ - Self-Assessment Questionnaire