Setting Up Your Account

Protect your business

As a business taking card payments, you have a responsibility to keep your customers’ card information safe. This is closely regulated by the Payment Card Industry Data Security Standards (PCI DSS) and affects any businesses accepting card payments. To find out more about why and how this impacts you, take a look at our Merchants’ Guide to PCI DSS.

For specific security-related problems, you can call 0203 684 7634 between 9:00am and 4:30pm, or email fraud.management@elavon.com and we will respond within one business day.

PCI DSS Compliance

At Elavon, we hold payment security as our first priority. That's why we created Secured by Elavon, a simple security programme that provides everything you need to keep your business protected - from achieving Payment Card Industry Data Security Standards (PCI DSS) compliance to securing your customers' data throughout transactions.

The PCI DSS is a set of requirements for enhancing payment account data security. These standards were developed by the PCI Security Standards Council, which was founded by Visa®, MasterCard®, JCB®, Discover® and American Express® to facilitate industry-wide adoption of consistent data security measures on a global basis.

It applies to all businesses that take credit and debit cards, regardless of size or transaction volume. Any business involved in the storage, processing and/or transmission of payment card numbers must comply.

The fallout of non-compliance has a domino effect on your business, as the financial implications of a breach can destroy customers of any size. You can mitigate risk by maintaining compliance and providing verification and certification as required by the industry. By following the standardised PCI DSS procedures, you can:

1. Protect your customers’ personal data

2. Boost customer confidence through a higher level of data security

3. Insulate your organisation from financial losses and remediation costs

4. Maintain customer trust and safeguard the reputation of your brand

Learn more about our products to help you achieve PCI Compliance  

Welcome to Secured by Elavon

As a new customer, your business is automatically enrolled to Secured by Elavon. This enables you to get your PCI DSS compliance certification, as well as manage your ongoing compliance programme. 

Your business keeps you busy enough, so you might prefer to save time and let Elavon manage your PCI Compliance for you. If you do, then Secured Pro is the right option for you.

Secured Pro, managed by Elavon, offers you enhanced protection against fraud and payment security breaches, making sure your business looks after its customers and its reputation. Whether you’re signing up for the first time or renewing, Secured Pro means we manage your compliance process for you, contacting you when an action is due and working together to complete it successfully. No more worrying about your certification expiring or your fraud processes not being up to scratch.

What’s more, with Secured Pro you also benefit from our PCI Waiver Programme. Depending on your level of PCI compliance, liability for fines may be waived. 

Secured Pro in detail

A non-compliant payment processing environment is susceptible to a security breach, such as a hacker stealing your customers’ payment card information. Secured Pro includes a range of scan checks that ensure your payments processing environment keeps the bad guys out and protects your business against the potential risk of fraud:

Network Perimeter Scan

This scan assesses the security position of your internet-facing systems for any vulnerabilities, providing you with a report that identifies possible entry points so that you can close them up.

Device Security Scan

Protect your computers and mobiles with this scan - it detects any stored customer card information and analyses the system for any current cyber-threats, viruses and malware for peace of mind that your devices are vulnerability free. It's possible to scan one or thousands of devices in seconds.

Cardholder Data Scan

Protect your computers and mobiles by running this scan. It helps you find and remove any unencrypted credit card numbers on your network. By identifying where you store payment card data you can securely remove it, dramatically reducing the scope of your PCI DSS assessment.

Antivirus Protection

Fight the hackers and ensure your devices are not infected with viruses and other malware, which can disrupt and potentially damage your business.

PCI DSS External Vulnerability Scan

A quarterly scan of all IP ranges and domains to identify any areas of weakness.

POS Application Discovery Scan

It's important to regularly check and verify your point-of-sale (POS) application against the PCI Security Council list of approved POS Applications to ensure your compliance.

      Guide to PCI DSS by Elavon             

Frequently asked questions

  • To make the process of becoming PCI DSS compliant as easy as possible, we have developed a simple three-step process to get you certified.

    Step 1 – Register at elavonsecuritymanager.com

    You’ll receive two login emails from Secured by Elavon with your username and password for registration.

    Elavon Security Manager   

    Step 2 – Complete PCI DSS questionnaire

    Once registered, you will be guided through the compliance validation process to achieve certification straight away, certainly no later than 90 days from the date your account is opened to avoid the PCI non-compliance fee.

    Step 3 – Receive PCI DSS certification

    After successfully confirming your business is processing card payments in a secure manner, we will send you your PCI DSS certification.

    Benefits of becoming PCI compliant:

    • Keeps your customer card data secure to industry regulations
    • Reduces the risk of card fraud
    • Avoid non-compliance fees, as you no longer pose a risk
    • Avoid reputational damage in the event of a breach
  • The Payment Card Industry Data Security Standards (PCI DSS) is a set of requirements for enhancing payment account data security.

    These standards were developed by the PCI Security Standards Council, which was founded by Visa®, MasterCard®, JCB®, Discover® and American Express® to facilitate industry-wide adoption of consistent data security measures on a global basis.

  • Yes. Regardless of size, all businesses that store, process or transmit cardholder data must comply with the PCI DSS. The requirements apply to all acceptance channels including retail (bricks and mortar), mail/telephone order (MOTO) and eCommerce.

    Data security is vital for any business that accepts credit and debit card payments, especially for small business merchants, which make up 91% of those affected by a data breach. This is an industry-wide problem, which the PCI DSS was designed to combat. No business is without risk.

  • The PCI DSS requirements for security management, policies, procedures, network architecture, software design and other critical protective measures is intended to proactively protect customer account data.

  • No. Merchants have been advised to take the PCI Self-Assessment Questionnaire (SAQ) to identify potential security risks in order to achieve PCI compliance since 2010. The framework of the PCI Data Security standards is not new and has been required in different forms for some time now and continues to evolve.

  • All entities, merchants and service providers that store, process or transmit cardholder data must meet PCI DSS requirements. Requirements for certification vary, depending on the number of transactions an entity processes and the manner in which they are processed.

  • Elavon has partnered with leading PCI DSS compliance service providers to help you evaluate the status of your account, to assist with any necessary remediation efforts and to certify your account's PCI compliance.

    If you have any queries regarding your merchant account or general PCI questions, please contact Elavon Customer Service: +44 (0) 345 850 0195 (select 'Option 2').

  • No. There are many qualified security assessors (QSAs) and approved scanning vendors (ASVs). You are free to choose to certify with any vendor you like. If you choose to use a third-party QSA/ASV, you must upload your compliance certificate via our PCI portal.

  • If you do not comply with the security requirements of the card associations, you put your organisation at risk of payment card compromise. You will also be liable for the cost of the required forensic investigations, fraudulent purchases and the cost of re-issuing cards. You may also lose your credit card acceptance privileges.

    Elavon might impose additional fees for each month that your account has not been validated as PCI compliant or in any given month your account is deemed non-compliant. You must maintain your compliant status once it is obtained in order to prevent this fee in the future.

  • The minimum requirement for a level 4 merchant is to complete a PCI DSS Self-Assessment Questionnaire (SAQ) on an annual basis and achieve a passing score. If you electronically store cardholder information or if your processing systems have any internet connectivity, a quarterly network vulnerability scan by an approved scanning vendor is also required.

  • It depends how complex your card handling environment is, but on average completion takes 20 minutes. 

  • A vulnerability scan is an automated, non-intrusive scan that assesses your network and web applications from the internet (on the external-facing IPs).

    The scan will identify any vulnerabilities or gaps that may allow an unauthorised or malicious user to gain access to your network and potentially compromise cardholder data. The scans will not require you to install any software on their systems, and no denial-of-service attacks will be performed.

  • For merchants who require quarterly scans, any associated cost will be built into the price quoted upon in our PCI Programme. If additional IP addresses are added to your business between scans, there may be additional costs.

  • If you fail the network vulnerability scan, this means that the scan discovered areas of vulnerability in your network of high severity. These vulnerabilities should be remediated and another scan should be performed to ensure there are no further vulnerabilities. We will help guide you to remediate a failed scan and work toward achieving compliance.

    First, you will want to login to our PCI Portal to review the scan results. The report will provide a description of the identified issues and resources to begin fixing the problems. You will need to address each of the problems and then schedule a directed scan to ensure your remediation of the problem meets the PCI DSS.

  • As part of becoming PCI compliant, you may be required to upgrade your equipment and/or software to a PCI DSS certified version. You must contact your equipment and/or software vendor to discuss what options may be available and the costs associated with those options, if any. The cost associated with any equipment and/or software upgrade will not be covered by Elavon.

  • If your business locations process under the same tax ID, location address and IP addresses, you are only required to certify once for all locations. Please contact our customer assisstance team via 'Contact Details' on the PCI Portal. If your business locations have different tax IDs, you will need to certify once per tax ID, location address and IP address.

  • The length a PCI compliance certificate is valid depends on whether your business requires a questionnaire or scan.

    If your business only requires the annual questionnaire, PCI certification is valid for one year. If your business requires quarterly scans, PCI certification is valid for three months, at which time your next quarterly scan will be due.

    If you change the manner in which you store, process or transmit cardholder data, you may increase the vulnerability of your business and you must contact your PCI portal customer assistance team for re-certification.

  • If you have been PCI DSS certified within the past several months, through another approved scan vendor, please submit all of your certification documentation to us so that we know that your account is currently PCI compliant. Access our PCI Portal and upload your PCI certificate.

  • If time isn’t on your side, for an extra £5 per month you can opt to hand the PCI compliance process over to us to manage for you.

    Secured Pro offers a dedicated account management and enhanced protection against fraud and payment security breaches including:

    • A committed team to help you through the certification process
    • Notifications to when you’re due for renewal or need to action anything – no need to remember dates and details
    • Extensive system security scan checks to find any vulnerabilities
    • If you are breached and compliant, you will have access to our PCI waiver programme to cover any costs (depending on your level of PCI compliance)

    For more information, visit: www.elavon.co.uk/securedpro  

Let's talk - we're here to help

Customer Services

UK: 0345 850 0195

You can call us 24/7, 365 days a year. Please have your Merchant ID (MID) number ready whenever you call us.

Get in touch