- Overview
- How PCI Compliance Works
- Enabling a PCI Vendor in Merchant Central
- Best Practices
- PCI Compliance Reporting
-
FAQ
Overview
Merchant Central supports integrations with multiple PCI compliance vendors, including VikingCloud (Sysnet/ControlScan), Encytro, and PCI Apply.
These integrations allow newly created merchants in Merchant Central to be automatically boarded to the applicable PCI vendor. This helps reduce manual setup work and keeps merchant PCI records aligned between Merchant Central and the vendor system.
Once merchants are boarded, Merchant Central uses scheduled jobs to sync PCI compliance statuses, remove or deactivate closed merchant accounts, and provide PCI compliance reporting directly in the CRM.
The integrations also help steer merchants to complete the PCI compliance process by displaying their current PCI compliance status on the merchant home page, including instructions for completing the PCI questionnaire when applicable.
Merchant PCI compliance statuses are updated every morning so that the latest available information is shown in Merchant Central.
How PCI Compliance Works
Once a PCI compliance integration is configured:
- ISOs can view the current PCI compliance status for individual merchants and generate PCI compliance reports across their portfolio.
- Merchants can view their PCI status when they log into Merchant Central. If they are not compliant, they can begin the PCI compliance process directly from the Profile tab.
- New merchant accounts created in Merchant Central can be automatically boarded to a PCI vendor through the auto-board scheduled job.
- Closed or deactivated merchants can be automatically removed from the PCI vendor through the purge scheduled job.
Viewing PCI Compliance Status as an ISO
ISOs can view a merchant's PCI compliance status on the Merchant Details page. The PCI icon appears next to the merchant MID number. If the PCI icon is shown with a red X mark, the merchant is currently not PCI compliant.
ISOs can also view PCI compliance across their portfolio from The Scoop page. In the main navigation panel, go to My Merchants → The Scoop, and then click the applicable PCI vendor tab, such as Encytro. The PCI compliance report table can be searched and exported to an Excel file.
☝️ The vendor tab on The Scoop page will not appear until merchants have PCI compliance status information.
For more detailed PCI compliance reporting, see the PCI Compliance Reporting section below.
Viewing PCI Compliance Status as a Merchant
When a merchant logs into Merchant Central, they will also see the PCI compliance icon next to their MID number. Clicking the PCI icon opens the Profile tab, where the merchant can view their current PCI compliance information.
The merchant can begin the PCI compliance process from there by clicking the PCI provider link.
Scheduled PCI Compliance Jobs
When a PCI vendor integration is set up, several scheduled jobs are added in Merchant Central to perform the following tasks:
- Auto-board new Merchant Central accounts to the PCI vendor.
- Sync PCI compliance data between the PCI vendor and Merchant Central.
- Automatically remove PCI vendor accounts if the related merchants have been deleted or deactivated in Merchant Central.
Enabling a PCI Vendor in Merchant Central
Enabling a PCI vendor in Merchant Central consists of three steps:
- Add the PCI vendor API login.
- Add the PCI vendor to the processor.
- Enable the PCI scheduled jobs.
Start by requesting the API login information from your PCI vendor.
Once you have the API login information, reach out to Merchant Central support to complete the remaining setup steps. Some required settings are available only to the support team.
Adding the PCI Vendor API Login in Merchant Central
To add a new API login in Merchant Central, open the main navigation panel and go to Manage → Merchants → PCI Compliance Setup.
On the page, expand the applicable vendor accordion, enter the required information, and save the login. Merchant Central will then validate the credentials.
If validation is completed successfully, the new login is saved. If validation fails, a validation error message is shown.
ℹ️ API login setup is different for each PCI vendor. Vendor-specific instructions are provided below.
Adding the PCI Vendor to the Processor
Once the login is saved, select the PCI vendor in the processor settings.
Go to Manage → Processors → Processor Settings, open the settings for the appropriate processor, select your PCI vendor, and save your changes.
Enabling the PCI Scheduled Jobs
Go to Manage → Site Options → Scheduled Tasks, locate the scheduled jobs for the required PCI vendor, and then add and configure the job settings.
VikingCloud (Sysnet/ControlScan)
The VikingCloud integration, formerly known as Sysnet or ControlScan, allows you to automatically board Merchant Central accounts to VikingCloud, remove closed merchant accounts, and view PCI compliance reports for your merchants.
☝️ The VikingCloud PCI integration only works for TSYS Wholesale, First Data Omaha, and First Data North merchants with Account Status information.
To enable the VikingCloud integration, reach out to VikingCloud to request your API login. You will also need VikingCloud to whitelist the IP of your CRM site using the ISOdomain.iriscrm.com format.
Once you have the API login and your CRM site is whitelisted, reach out to Merchant Central support and ask them to complete the setup process.
Instructions for Merchant Central Support
- Enable the PCI meta values on the client's site.
- Make sure that at least the Admin and System Admin user classes have the PCI Management permission.
- Add the API logins, per sysprin, if applicable.
- Enable the PCI vendor on the Manage Processors page (Manage → Processors → Processor Settings).
- Make sure the PCI Compliance section shows for the necessary user classes in Merchant Profile.
- Check that the email template meta values are set and that merchants have email addresses in their Account Status tab.
- Schedule the Sync and Purge tasks for VikingCloud (Manage → Site Options → Scheduled Tasks). These may still be labeled as ControlScan or SysNet in Merchant Central.
- If the client wants auto-boarding to occur, schedule the Auto Board task as well.
Encytro
The Encytro integration, formerly PCI Compliance LLC, allows you to automatically board Merchant Central accounts to Encytro, sync PCI compliance statuses, remove closed merchant accounts, and view PCI compliance reports for your merchants.
To enable the Encytro integration on your site, reach out to Encytro to request your API login. Once you have the login, reach out to Merchant Central support and ask them to complete the setup process.
Instructions for Merchant Central Support
- Enable the PCI meta values on the client's site.
- Make sure that at least the Admin and System Admin user classes have the PCI Management permission.
- Add the API logins, per sysprin (Manage → PCI Compliance Setup → Encytro), and set a Processor name for each login.
- Set the same Processor name in the Encytro portal.
- Enable the PCI vendor on the appropriate processor on the Manage Processors page (Manage → Processors → Processor Settings).
- Make sure the PCI Compliance section shows for the necessary user classes in Merchant Profile.
- Check that the email template meta values are set and that merchants have email addresses in their Account Status tab.
- Schedule the Sync and Purge tasks for Encytro (Manage → Site Options → Scheduled Tasks).
- If the client wants auto-boarding to occur, schedule the Auto Board task as well.
PCI Apply
The PCI Apply integration can be used to automatically board eligible merchants to PCI Apply, sync PCI compliance statuses, deactivate closed merchant accounts, and manage PCI compliance reporting.
To enable the PCI Apply integration on your site, request your PCI Apply API credentials, including the username, password, and Hierarchy ID. Once you have the credentials, reach out to Merchant Central support and ask them to complete the setup process.
Instructions for Merchant Central Support
- Enable the PCI meta values on the client's site.
- Make sure that at least the Admin and System Admin user classes have the PCI Management permission.
- Add the PCI Apply API credentials (Manage → PCI Compliance Setup → PCI Apply) and confirm that the credential check is completed successfully.
- Enable PCI Apply as the PCI vendor on the applicable processors on the Manage Processors page (Manage → Processors → Processor Settings).
- Make sure the PCI Compliance section shows for the necessary user classes in Merchant Profile.
- Schedule the PCI Apply Sync, Deactivate Closed Merchants, and Auto Board jobs as needed (Manage → Site Options → Scheduled Tasks).
- For initial testing, run only the Sync Job, or limit Auto Board testing to a single MID by using the Merchant Link option.
- For Auto Board, confirm that merchants are active, that MIDs are at least 14 days old, and that the Max Records value is set. The recommended value is 50.
Multi-Level Hierarchy Boarding and Reporting (in beta)
The PCI Apply integration supports multi-level hierarchy boarding for clients who manage merchants under layered organizational structures in PCI Apply. This allows Merchant Central to board and update merchants in PCI Apply using hierarchy-specific settings instead of relying on a single flat hierarchy level.
Multi-level hierarchy support is useful for organizations that need to route merchants to different PCI Apply hierarchy levels based on Merchant Central data, such as the merchant's processor, group, assigned user, or group custom property values.
Hierarchy Setup
PCI Apply hierarchy items are configured from the PCI Apply API login in Merchant Central using the Hierarchy button. Each hierarchy level can contain one or more hierarchy items, and each hierarchy item includes the following components:
- ID: The hierarchy ID that Merchant Central sends to PCI Apply.
- Name: The display name used to identify the hierarchy item in Merchant Central.
- Values: The Merchant Central values that determine when the hierarchy item should be used. These can include Processor, Group, User, and Custom Property Value selections.
The Processor, Group, User, and Custom Property Value fields support multiple selections, allowing a single hierarchy item to apply to more than one matching Merchant Central value.
For example, a PCI Apply setup may include a Level 1 hierarchy, multiple Level 2 hierarchy items, multiple Level 3 hierarchy items, and additional lower-level hierarchy items as needed. Each item can have its own hierarchy ID, name, and matching values.
When a merchant matches the configured hierarchy criteria, Merchant Central sends the appropriate hierarchy ID to PCI Apply as part of the merchant boarding or update process.
Multi-Level Boarding
When PCI Apply Auto Board is enabled, Merchant Central can automatically board eligible active merchants to PCI Apply using the configured hierarchy mapping. This helps ensure that merchants are created under the correct PCI Apply hierarchy without requiring manual setup in the PCI Apply portal.
PCI Apply Auto Board still follows the standard boarding rules, including:
- Only active MIDs are eligible for auto-boarding.
- MIDs must meet the required age before they are eligible for boarding.
- The applicable processor must be configured to use PCI Apply as the PCI vendor.
- The scheduled PCI Apply Auto Board Job must be enabled and configured.
If multiple hierarchy levels are configured, Merchant Central uses the matching hierarchy items to build the hierarchy data sent to PCI Apply. This allows larger organizations to support different partner, portfolio, group, or user-based PCI Apply structures without requiring custom logic for each client.
Best Practices
- Enable PCI vendors only where needed: Only select a PCI vendor on processors that should use that vendor integration.
- Confirm user permissions: Make sure the appropriate user classes have the PCI Management permission.
- Confirm Merchant Profile visibility: Make sure the PCI Compliance section is visible for the necessary user classes in Merchant Profile.
- Check merchant email data: Confirm that merchants have email addresses in the Account Status tab where required.
- Monitor both systems: Regularly verify merchant statuses in both Merchant Central and the PCI vendor portal.
- Review logs: Check logs after each scheduled task run for mismatches, timeouts, credential issues, or API errors.
- Test auto-boarding with a small merchant set: Test the auto-boarding setup with a smaller number of merchants before enabling broader auto-boarding.
- Confirm the PCI Apply hierarchy: Confirm the client's PCI Apply hierarchy structure before configuring the integration in Merchant Central. Make sure each hierarchy item has the correct PCI Apply hierarchy ID, name, and matching Processor, Group, User, or Custom Property Value selections.
- Start with sync testing: For PCI Apply, begin with the Sync Job only and limit the scope by using the Merchant Link option where applicable. Review PCI Apply and Merchant Central reporting after sync jobs run to confirm that compliance statuses are appearing as expected.
- Use a safe Auto Board batch size: For PCI Apply Auto Board, keep the Max Records value at 50 to reduce the risk of timeouts.
PCI Compliance Reporting
The PCI Compliance Reports page allows you to generate PCI compliance and non-compliance reports for your merchants. To access the page, open the main navigation panel and go to Manage → Merchants → PCI Compliance Reports.
The PCI Compliance/Non-Compliance Reports page opens as shown below:
Generate a Non-Compliance Report
Use the Non-Compliance report to generate an Excel report for merchants that are not PCI compliant as of a selected cut-off date.
- Click Non-Compliance.
- Select the cut-off date.
- Complete any optional fields as needed.
- Click Generate.
ℹ️ The Fee and Message fields each represent one column in the report. The values entered in these fields are added to each row in the generated report as a custom note or reference.
Below is an example of a generated non-compliance report:
Generate an Annual Report
Use the Annual report to generate an Excel report for PCI compliance activity within a selected date range.
- Click Annual.
- Select the start date.
- Select the cut-off date.
- Complete any optional fields as needed.
- Click Generate.
Below is an example of a generated annual report:
Download Recent Reports
All generated reports are saved in the Recent Reports section. You can download reports from this section again at any time.
FAQ
- Why am I getting an invalid credentials or connection error? If Merchant Central displays an error when saving PCI vendor credentials, the username, password, Hierarchy ID, or other credential information may be invalid, or Merchant Central may be unable to connect to the vendor service. If a credential error occurs, contact the applicable PCI vendor to request new credentials or troubleshoot the connection.
- Why is the merchant compliance status not displaying? Confirm that the merchant exists with the PCI vendor and that the applicable Sync Job has run successfully. If the merchant matches a Merchant Central record, the compliance status should appear in Merchant Central. Also confirm that the PCI Compliance section is visible for the necessary user classes in Merchant Profile.
- Why is the vendor tab not showing in The Scoop? The vendor tab in The Scoop will not appear until merchants have PCI compliance status information.
- Why are merchants not auto-boarding? Confirm that Auto Board is enabled and scheduled for the applicable vendor. For PCI Apply, also confirm that the merchant is active, the MID is at least 14 days old, the applicable processor is selected in the job configuration, the processor has PCI Apply selected as the PCI vendor, the MID matches any configured MID Prefix filters if filters are being used, and the Max Records field has a value.
- Why are closed merchants not being removed or deactivated? Confirm that the merchant is marked as closed in Merchant Central and that the applicable Purge or Deactivate Closed Merchants Job is scheduled. For PCI Apply, also confirm that the processor has PCI Apply selected as the PCI vendor.
- How do I resolve PCI Apply job timeout issues? If a PCI Apply Auto Board Job times out, reduce the batch size. The recommended Max Records value is 50.