Getting started with SiteLock PCI compliance service


The Payment Card Industry (PCI) Data Security Standards are a set of requirements designed to help guarantee that companies that process, store, or transmit credit card information maintain a secure environment. SiteLock’s PCI Compliance service is fully certified.
 
To use SiteLock’s PCI service, you must have SiteLock service for your Winhost account. To order SiteLock, see: Getting Started with SiteLock.

Once the order has been processed, go to your SiteLock dashboard and click the "PCI Compliance" link in the Scan Type column.
 
 
Winhost SiteLock PCI Dashboard
 

You will be taken to the Merchant Contact Information window.  Enter your Merchant contact information.
 
 
Winhost SiteLock Merchant Page
 
 
 
Click "Submit," then click the "Save and Confirm" button (if you do not have all the Merchant contact information on hand, you can click "Save as Draft")
 
PCI configuration consists of three different steps. However, depending on how your profile is setup, you may be presented with an additional step.  The steps are "Profile phase," "The Scanning," "The SAQ (Self-Assessment Questionnaire)" and "the Attest phase."
 
This is a view of the PCI Compliance phase without the Scanning.
 
 
 
Winhost SiteLock PCI Compliance
 
 
 
A view of the PCI Compliance phase with Scanning.
 
 
SiteLock PCI Scanning
 
 
 
How to setup the Scanning
 
Click the "Scanning" flag to configure your Scan options.
 
 
SiteLock PCI scan
 
 
You can schedule when the scan will run. For the Domain/IP field, you will need to log in to your Winhost Control Panel and go to Domains Manager to verify the IP address associated with your site.  For more information on your Winhost DNS record, see: How to update DNS zone records.
 
 
SiteLock PCI schedule scan
 
 
If your scan fails you can click the "Review Scan" button to obtain documentation on the latest scan.
 
 
SiteLock PCI scan
 
A failed scan can be marked as False Positive and submitted to the Scanning company for rescanning.
 
SiteLock PCI review scan
 
 
SiteLock PCI marked False Positive
 
 
 
Once any False Positives have been approved you can Attest the Scan and SAQ for the final step.
 
 
 
SiteLock PCI attest step
 
Once 'Attested' you will get an email notification and you can log into your SiteLock PCI dashboard to download the required documents to be submitted to your processor.
 
 
SiteLock PCI download documents for processor
 
 
Note: the Self-Assestment Questionnaire (SAQ) can vary based on your Profile. All questionnaires must be answered completely for PCI verification.