For merchants not processing credit cards using ShopKeep Payments, contact your merchant services provider for assistance.

PCI Security Self-Assessment

The Payment Card Industry (PCI) requires all merchants to meet certain data security standards when running credit card sales to avoid penalty. ShopKeep Payments merchants can follow the steps below to learn how to complete a PCI self-assessment to ensure that each location is compliant.

For help with the Self-Assessment Questionnaire or other PCI related questions, contact Clover Security Support via email at support@compliance.clover.com, or call at 866-957-1807.

Table of Contents

Registration

All ShopKeep Payments account holders will receive an email notification regarding the PCI compliance updates which will be used to complete registration.

  1. Open the pre-registration email from ShopKeep Payments.

    The pre-registration email is sent from notifications@compliance.clover.com with the subject line “Welcome to your PCI DSS Program”.

  2. Click the provided link in the email, or visit www.cloversecurity.com.
  3. Click ‘First sign-in’.

    Having trouble logging in? Click on ’Forgot username’ or ‘Forgot password’, or contact Clover Security support at 866-359-0978.

    Click to Enlarge
  4. Enter your 15 digit Merchant Identification Number (MID) and the verification text, then click ‘Register’.

    Your Merchant Identification Number can be found in your ShopKeep Payments welcome email.

    Click to Enlarge
  5. Click ‘Start business profile’.

    Watch the video to learn more about PCI Data Security Standard.

    Click to Enlarge
  6. Confirm that the information for your business is correct, then click ‘Next’ to complete registration.

    If any information needs to be updated, email ShopKeep Payments Support at paymentssupport@shopkeep.com.

    Click to Enlarge
  7. You will automatically be directed to the PCI Self-Assessment Questionnaire. Follow the steps below to learn how to complete it.

PCI Self-Assessment Questionnaire

The PCI Data Security Standard Self-Assessment Questionnaire is a validation tool to confirm that your business locations are compliant with data security standards.

For help with the Self-Assessment Questionnaire or PCI related questions, contact Clover Security Support via email at support@compliance.clover.com, or call at 866-957-1807.

You must complete a questionnaire for each location.

  1. Select 'Face to Face' for how credit cards are accepted at your business, then click ‘Next’.

    ShopKeep merchants must select ‘Face to Face’ even if you also accept online payments.

    Click to Enlarge
  2. Select the device(s) used at your business to accept card payments then click ‘Next’.
    • For an iPP320, iPP350, iCMP, Link/2500, or QuickBooks Bluetooth card reader, go to step 2a below.
    • For a Clover device such as the Clover Go or the Mini, built by Clover, go to step 2b below.
    • For an iDynamo credit card swiper, go to step 2c below.
    a Select ‘I use an integrated/electronic Point of Sale (iPOS/ePOS) system (a POS computer system running a payment application that includes an attached or integrated card reader device)’ then click ‘Next’ and continue to step 3.
    Select this option if you use an iPP320, iPP350, iCMP, Link/2500, or QuickBooks Bluetooth card reader.
    Click to Enlarge
    b Select ‘I have a Clover device’ then click ‘Next’.
    Select this option if you use a Clover Go, The Mini, built by Clover, Clover Flex or Clover Station.
    Click to Enlarge
    Select the Clover device(s) used at your business, click ‘Next’, then skip to step 7 below.
    For this example, we will select ‘Clover Go’.
    Click to Enlarge
    c Select ‘I use a mobile (smartphone, tablet etc) device to accept face to face payments’ then click ‘Next’.
    Select this option if you use an iDynamo credit card swiper.
    Click to Enlarge
    Select ‘Yes’ for the first and second questions, ‘No’ for the third question, then click ‘Next’.
    The iDynamo is a plug-in credit card swiper that is used with the ShopKeep app on an iPad. With ShopKeep, the iPad is not used to access a virtual terminal.
    Click to Enlarge
    Select ‘I confirm’, click ‘Next’, then skip to step 7.
    Click to Enlarge
  3. Select ‘Yes’ and click ‘Next’.

    Point-of-sale hardware from ShopKeep is loaded with approved point-to-point encryption.

    Click to Enlarge
  4. Select ‘Yes’, then use the search bar to find and select ‘FreedomPay’, then click ‘Next’.

    Using a Clover device? Skip this step.

    Click to Enlarge
  5. Use the search bar to search for and select the device(s) you use to run credit cards, then click ‘Next’.

    For this example, we will select ‘Ingenico Link/2500’.

    Click to Enlarge
  6. Select ‘No’ and click ‘Next’.

    ShopKeep does not store, print, or report the full card number, only the last 4 digits.

    Click to Enlarge
  7. Select ‘Yes’ or ‘No’ for each question, and click ‘Next’.

    ShopKeep does not support or facilitate sending or receiving card numbers.

    Click to Enlarge
  8. Select the option that best describes the Information Security Policy you have in place for your business and click ‘Next’. If you do not currently have a policy in place, click ‘Download’ to download a policy template to use.

    For this example, we will select ‘I already have an Information Security Policy in place…’.

    Click to Enlarge
  9. Click ‘Download your free security guide here’ to download a security guide, check both boxes, then click ‘Next’ to complete your business profile.

    Please read the security guide, which covers key security points you need to be aware of as part of your commitment to data security.

    Click to Enlarge
  10. Click ‘Manage’ under ‘Complete security assessment’.

    The number of questions required to complete the security assessment may vary based on the card reader being used at your location. If you use an iDynamo credit card swiper, answer ‘Yes’ for all questions.

    Click to Enlarge
  11. Click ‘Yes’ for question 3.1(a).

    After a credit card transaction has been completed in the ShopKeep Register app, only the card type and last 4 digits of the customer card number is retained. No other data is stored in ShopKeep or on card reader devices.

    Click to Enlarge
  12. Click ‘Yes’ for question 3.1(b).

    The ShopKeep Register app does not store any cardholder data that would later need to be deleted.

    Click to Enlarge
  13. Click ‘Yes’ for question 3.1(c).

    The ShopKeep Register app does not store any unnecessary cardholder information and does not retain cardholder data any longer than required.

    Click to Enlarge
  14. Click ‘Yes’ for question 3.1(d).
    Click to Enlarge
  15. Click ‘Yes’ for question 3.1(e).
    Click to Enlarge
  16. Click ‘Yes’ for question 3.2.2.

    Credit card verification codes are not stored in the ShopKeep Register app or shown on receipts.

    Click to Enlarge
  17. If prompted with additional questions, continue to answer each question according to common practice within your business.
  18. After answering all questions, click ‘Next’.
    Click to Enlarge
  19. Review submitted information by clicking the drop-down arrow for each section, confirm all provided information is accurate, then click ‘Confirm your Attestation’.
    Click to Enlarge
  20. PCI self-assessment is now complete. If any information in ‘Your business profile’ or ‘Complete security assessment’ needs updating, click ‘Manage’ for the relevant section to re-answer questions.
    Click to Enlarge
  21. (For multi-location merchants only) Repeat steps 1 - 19 to complete a questionnaire for each additional location.

Need Help?

If you have any issues during the security assessment or questionnaire, or if you would like to learn more about additional Clover Security solutions, contact Clover Security Support at 866-957-1807 or support@compliance.clover.com.


  • Help us improve ShopKeep Support. Was this article helpful?
  • YES   NO