PCI Compliance

The Payment Card Industry (PCI) Security Standards Council is comprised of the major credit card associations (Visa, MasterCard, American Express, Discover and Japan Card).

They have established a set of security standards to ensure that merchants and service providers follow best practices in order to reduce credit card fraud and security breaches. By accepting VISA and MasterCard payments, merchants and service providers are required to become Payment Card Industry compliant.

To provide you with the tools needed to fulfill Payment Card Industry compliance mandates, Central Payment has partnered with ControlScan, an Approved Scanning Vendor by the Payment Card Industry.

Ready to get started?

All CPAY merchants are automatically enrolled in ControlScan’s program and will receive an email from Control Scan with your username and password.

Click the Login button below to fill out your Self-Assessment Questionnaire (SAQ) and get access to system scanning services (if applicable) and full support.

Lost your username and password or signed up with no email address?


Watch a video about how PCI Compliance affects credit card security and why it’s important.

What is PCI compliance?

PCI usually refers to the PCI DSS, the Payment Card Industry Data Security Standard. It’s a set of requirements designed to ensure that any organization that processes, stores or transmits credit card information maintains a secure environment to prevent this information from being stolen. Being “PCI Compliant” means that a business has completed a PCI self-assessment questionnaire (SAQ) showing that appropriate measures have taken to protect sensitive credit card information.

Is it really necessary to be PCI compliant?

Yes, PCI Compliance is critically important for any business that accepts credit cards, regardless of size or processing volume. Being PCI Compliant means that you are taking all necessary security measures to protect yourself and your customers in regards to credit card processing. Without PCI Compliance, a business may be vulnerable to attack through data breaches or fraud, resulting in thousands of dollars in fines and customer reimbursements.

Am I PCI Complaint?

Even if you are doing everything according to PCI regulations, you are not considered “PCI compliant” until you’ve completed an SAQ for the year, as well as any required quarterly scans.

How long does PCI compliance last?

Once PCI compliance is established, a merchant will be considered compliant for 1 year. Since criminals evolve their methods as fast as new technology develops, merchants must review their equipment and procedures at least annually to ensure they continue to protect their business and their customers against fraud.

Can I use my PCI certificate I have from my last processor?

Yes, as long as it indicates when and which SAQ was completed, as well as information regarding any required scans.

What is the SAQ?

SAQ stands for “self-assessment questionnaire.” It is a series of questions that assesses a business’ compliance status based on the equipment used and procedures in place.