POS SOLUTIONS

PCI-DSS compliance is mandatory for all merchants processing credit card transactions. This guide will navigate you through the first step of your compliance journey - determining your SAQ type through the merchant profile questionnaire. The question path changes depending on various factors, such as how you accept payment cards, what gateway and/or encryption technology, and what payment devices are used.

Because of this, the guide is separated into questions that may or may not be presented depending on the previously stated factors. Remember that the questionnaire can be paused with answers saved or re-submitted anytime. For your convenience you will find a list of questions below - click on any one of the questions to jump to the corresponding explanation and guidance on the correct answer for your business.

Some questions are fixed with predefined answers to Revel Systems users, and some will vary depending on the nature of your business. If you have any additional questions or concerns, please do not hesitate to contact risk-payments@revelsystems.com.

Contents

• Starting the questionnaire
• Questions for all Revel Advantage XT merchants

Starting the questionnaire

To begin your merchant profile questionnaire, click the Start business profile button.

Check the I understand box and click Next on this screen to continue.

• If your payment processing account has been boarded recently, or you have previously completed PCI compliance via Saferpayments, choose the first option.
• If you already have a valid AOC, please choose the second option.

Questions for all Revel Advantage XT merchants

How do you accept payment cards?

• Face-to-face should be selected by all merchants taking in-store payments, except in cases where the merchant processing account is e-commerce only.
• Online payments should only be selected if:
  • The profiled merchant processing account is using Revel Online Ordering.
  • The profiled merchant processing account is e-commerce only.
• Mail or telephone orders should only be selected if you are taking credit card payments over the phone.

How do you accept online e-commerce customer card payments?

• Choose the first option if you are using Revel Online Ordering XT, Revel Smart Pay, or another e-commerce payment tool that works via a web browser.
• Choose the second option if you have a phone application for taking online payments.

Your payment software provider

Click add your own.

Type Revel Systems in the additional text box and click Next.

How you accept card payments

• Choose I use a countertop Point of Sale if you are using a wired card swipe. Models include:
  • Lane 3000
  • Lane 3600
  • iPP350
• Choose I use an integrated device if you are using a wireless card swipe. Models include:
  • ISMP4
  • Lane 2500
  • Moby 5500
• Choose I use the browser-based Merchant Dashboard or Portal if you use the Revel Merchant Portal to process telephone orders
• Choose I use a browser-based payment page accessed via my Partner’s software platform if you process manual transactions on the POS (entering full card information on the POS screen)

Payment terminals in use

Select the payment terminal models that you are using in your establishment.

The only payment terminals Revel merchants can use are:

• Ingenico iPP350
• Ingenico ISMP4
• Ingenico Lane 3000
• Ingenico Link 2500
• Ingenico Moby 5500
• Ingenico Lane 3600

Use of wireless networks

Choose No because Revel Systems does not sell card swipes that could be used with a SIM card.

Remote access

The answer is No as Revel cannot access any Cardholder Data Environment (CDE) nor does the platform allow you to access this data.

Printed paper receipts and reports

Choose No as merchants processing with Revel Advantage cannot view full card numbers.

Other use of card numbers

For both questions - Merchants should operate in such a way that the answer is always No by default.

Third-party managed system service providers

Choose Yes as Revel Systems is a SAAS provider.

Managed system component providers

Other third-party service providers that may impact cardholder data security

Revel Advantage does not allow merchants to view or otherwise interact with sensitive parts of the CDE, so the answer should be No unless you are using a 3rd party e-commerce platform that does have access to sensitive information, in that case, please consult with your 3rd party vendor on their level of access to the CDE.

Password policy

Merchants should operate in such a way that the answer is always Yes by default.

Do you use an internal security assessor for your PCI DSS?

Choose the answer that applies to your business. Revel Systems is not an ISA. The most common answer is No unless you are using a third party.

Support from a PCI-qualified security assessor

Choose the answer that applies to your business. Revel Systems is not a QSA. The most common answer is No unless you are using a third party.

List your business premises type(s) and a summary of locations that are relevant to your PCI DSS assessment

Describe your business vertical type and location where card payments are taken.

• Examples:
  • I own a pizza shop that has a retail storefront on public street.
  • I own a bakery kiosk inside a mall.

How and in what capacity does your business store, process, and/or transmit cardholder data?

Merchants should operate in such a way that the following statement could be used.

• Examples:
  • My business takes payment only in-store through the Revel POS and does not store any cardholder data in any shape or form.
  • My business accepts payments both online and in-store. Our platform providers do not store data and neither do we.

Provide a high-level description of your overall business environment, applicable to your PCI DSS assessment

An example: My business uses ingenico encrypted swipes to collect payment and sends it to the POS for fulfillment of the order.