VikingCloud is a cybersecurity and compliance company that specializes in helping businesses achieve and maintain Payment Card Industry Data Security Standards (PCI DSS) compliance. Their services are particularly aimed at small and medium-sized businesses, which often face significant challenges in navigating the complexities of PCI compliance.

Please log into the VikingCloud portal at https://pci.securetrust.com/cardpointe to become PCI compliant. 

PCI Compliance is not required for processing transactions with Fiserv (CardPointe.com) but it is important for security and to avoid the monthly non-compliance fee.

When enrolling please make sure to use the company name and merchant number. For liability reasons Sweep&Go or Fiserv reps are not allowed to assist with the PCI Compliance process. If you have any questions regarding PCI Compliance please reach out to VikingCloud directly at (877) 257-0239 and they will walk you through the scan/questionnaire.

You may also reference to their merchant guide VikingCloud Merchant Guide 4.0 

The following background information may be helpful when completing the self-assessment questionnaire or speaking with the VikingCloud rep: 

  1. Can your customers make card payments via a Pay By Link solution (a secure payment link is sent to the customer to allow them to make a payment)
    • No, unless you’re planning to install 1x payment WordPress plugin on your website
    • If you choose yes, next question is Your Pay by Link solution provider where you may enter Sweep&Go
  2. Is your Pay By Link solution provider PCI DSS compliant for the services they provide to you?
    • Enter “Yes”, since Sweep&Go is PCI compliant
  3. Pay by Link Only
    Is pay by link the only method that your customers can use to pay by card

    • No
  4. Your ecommerce URL(s)
    • Enter your website url and sweepandgo.com
  5. Where is your e-Commerce website hosted?
    Do you use a third party hosting company, e-Commerce platform provider, software as a service (SaaS) platform provider to host your e-Commerce website?  

    • Yes
  6. Your e-commerce website payment page
    Does your website (online store, shopping card, ordering page etc) rely on a third payment service provider (or payment gateway or processor) to host the payment page/form/fields requesting input of the customer’s payment card data?

    • Yes, my website embeds a third party service provider’s hosted payment form or fields(e.g. An iniline Frame or iFrame ) that my online customers enter their payment card details into
  7. Your website package or shopping cart provider
    • Enter Sweep&Go and click on Add New
  8. Your payment gateway/processor

    • CardConnect
  9. Does anyone in your organization send or receive full card numbers via emails or instant messaging?  
    • Choose Yes, if your clients provide you their CC information in any way (call included)
  10. Managed system component providers
    •   Cardpointe, Sweep&Go

12. Other Third Party Service Providers that may impact cardholder data security
Do you have a relationship with one or more third party service providers that could impact the security of your company’s cardholder data environment?

    • No

13. A summary of how and where you handle card payments

    • Online through Sweep&Go

14. How and in what capacity does your business store, process and/or transmit cardholder data?

    • Managed by Sweep&Go (If not processing payments outside Sweep&Go)

15. Provide a high level description of your overall business environment, applicable to your PCI DSS assessment. For example, describe the type of equipment you use for card processing, storage and transmission, such as POS devices, any databases and web servers, and include a description as to how they connect both externally and internal connections.

    • Managed by Sweep&Go

16. How do you accept online e-commerce customer card payments?

    • My customers make online payments to my business via a website accessed using a web browser

17. Is your entire online payments e-Commerce website fully managed, operated and maintained by a third party? This means you have completely outsourced all operations in relation to your online payments e-commerce website.

    • Yes

18. Is ASV scanning performed by your ecommerce website provider? .
Can you verify or provide proof that your ecommerce package provider is performing vulnerability scanning on your website on at least a quarterly basis, in accordance with the ASV program guidelines, for the purpose of maintaining PCI DSS compliance?

    • Yes