The most commonly asked questions about our PCI compliance product.

As you may expect, we get a lot of the same questions from customers about their PCI DSS compliance product. We thought we’d post the most common as an easy go-to source for those with questions.
PCI DSS FAQ, SecurityMetrics PCI Compliance

Why am I receiving emails that say I'm not currently PCI compliant?

We send out reminder emails informing you of your non-compliant status. By logging into your SecurityMetrics account using your email and password, you'll have access to an intuitive web interface where you can review your requirements for PCI compliance. You can then complete the PCI DSS requirements that apply to you.


My account screen says I'm PCI compliant, how do I notify my merchant processor of my compliant status?

If your merchant processor is partnered with us, they have immediate access to your PCI compliant status, and no action is required on your part. If not, we have reporting tools available to send your compliance status to an email address of your choice.

What if I want a certificate to show that I'm a PCI compliant merchant?

Once you're compliant, you can print a certificate of compliance by clicking on the Reports tab on the dashboard. Click on ‘show additional reports’ and then download your Merchant PCI Certificate.

To login to my account, it asks for my email address, what's my email address and how do I change it?

Your email is the email address used to create your account. If you would like to update your email address, please contact our Support Department at 801.705.5700.

I tried using the "Forgot Password" option, but I still can't login. How do I reset my password?

Contact our Support Department at 801.705.5700 for help with resetting your password.

When I login to my account it says I'm not PCI compliant, what should I do?

On the PCI dashboard you will find a To Do list of actions you must take to become PCI compliant. Click on any step to begin working towards a compliant status.

When I try to login, it just takes me right back to the login page, what should I do?

Clear your browser's cache and cookies. If that doesn't work, try logging into your account using another browser, such as Google Chrome or Mozilla Firefox.

Does the service SecurityMetrics provides cost anything?

All questions regarding charges or payments can be answered through our Compliance Department. Contact them by phone at 801.705.5665 or via email at


What does support cost?

SecurityMetrics provides 24x7 support for its customers by phone or email at no additional cost. Call the Support Department for assistance at any time at 801.705.5700 or email support@securitymetrics.

I have multiple methods of processing credit cards. Do I have to complete a separate Self-Assessment Questionnaire (SAQ) for each of them?

SecurityMetrics offers a combination SAQ for merchants with multiple processing methods. This will automatically be identified through your scoping process. If you have questions about what applies to your business, contact our Compliance Department at 801.705.5665 or

I answered a lot of questions when I signed up for your services, but my account says I haven't completed the Self-Assessment Questionnaire. Why?

You may be thinking about the questions we ask determine your SAQ type, but those questions don’t necessarily complete the Self-Assessment Questionnaire.

The Self-Assessment Questionnaire mentions "Point of Sale Terminal/Software". What does this mean?

Point of Sale Terminal refers to a physical machine used to process credit cards. The make and model of your device can typically be found somewhere on the device itself. Point of Sale Software refers to a program on your computer used to process card transactions.

My Self-Assessment Questionnaire is failing. What should I do now?

To reach a passing SAQ, you must be in compliance with all the requirements. If there’s something you don’t understand or you are unable to mark ‘yes’ to, contact the Support Department by phone at 801.705.5700 or To revisit the sections you put no to simply click on the section name.

Some of the questions on the Self-Assessment Questionnaire do not apply to me. What should I do?

If a standard isn't currently applicable, the PCI Council wants to make sure you understand it, and would meet that standard if it ever applies. If you agree you would meet the standard if it should apply to your business in the future, you should mark "yes".

My account says my Self-Assessment Questionnaire is "expiring soon" or "expired". What should I do?

Completing the PCI Self-Assessment Questionnaire is an annual requirement. Re-take the Self-Assessment Questionnaire until you pass.

If you have any additional questions about vulnerability scanning that weren’t answered in this blog post, feel free to contact our 24/7 support team at: 801.705.5700 or  (UK: +44 33 0808 0832)

Subscribe to more data security articles