PCI validation guide (TransFirst)

Was this article helpful?
16 out of 17 found this helpful


If you want to know more about PCI before you begin, read our PCI FAQ or go directly to the Compliance 101 site.

  • This process will need to be completed for each merchant account or location that you have.

Before starting your Payment Card Industry (PCI) Compliance through ControlScan, you will need your merchant ID—it is a 16-digit number that you can locate on each statement you receive from MINDBODY Processing, beginning with the numbers 54368455.

Please also note that it may be helpful to review the information below before starting your assessment to familiarize yourself with what may be asked. 

PCI validation process: 

The questionnaire involves six sections: 

  1. Enrollment
  2. Self-Assessment Questionnaire
  3. Eligibility
  4. PCI Self-Assessment Questionnaire (SAQ)
  5. Acknowledgement
  6. Compliance

Each section is specific to your business based upon your merchant type and processing environment.

Getting Started

Once you have your Merchant ID, follow the below link to the PCI Wizard and click Get Started.

Click Here to Start 

Login information:

  • Username: Your 16-digit Merchant ID
  • Password: compliance101

You will be walked through a validation process, including a verification email and setting up security questions. Once you finish answering these questions you will be able to move forward to Step 1.

Note: As of Jan 2016, Microsoft Internet Explorer 8, 9, and 10 are no longer supported for completing PCI. Using these browsers may cause you to fail your compliance. Please use a different browser or upgrade your browser to IE 11 or Microsoft Edge.

1. Enrollment

  • Verify your business information in the Company Profile section.
  • Select merchant type that best applies to your business. If you don't find a category you feel fits your business, you can also select: 


 If you swipe credit cards through your MINDBODY software


 If your clients purchase items or make payments through your online store

 Mail/Telephone Order 

 If you primarily key in credit cards rather than swipe


2. Self-assessment questionnaire (SAQ) profile

If you process ALL payment card sales through MINDBODY:

  • You are a Virtual Terminal/Transaction Central/Transaction Express (TXP).
  • The sections "Payment Terminal," "POS Software," "Shopping Cart," and "Phone/Paper" will not apply to you.

Under "Virtual Terminal," you will be prompted to select "Manual," "Card Reader," or "Encrypted Card Reader" based on how you run transactions through your software. Just select the method you use most often.


 If you are running autopays and/or keyed transactions 

 Card Reader 

 If you are swiping credit cards through MINDBODY

 Encrypted Card  Reader  

 Do not select this option; it does not apply to transactions completed in the  MINDBODY software.


For typical MINDBODY customers that only process payments through MINDBODY, you will reply "no" to the following:

Questions Answer Explanation

Electronically store credit card numbers


All electronic payment card data is stored at MINDBODY, not on your computer.


3. Eligibility

You will read, verify, and agree to the eligibility statements presented in order to take the correct Self-Assessment Questionnaire. 

Answer as best as you can and if you are unsure how to answer, call ControlScan at 800.571.3928 for more details or to explain your situation and get advice on how to answer.

4. PCI self-assessment questionnaire

This section is specific to your operating system. MINDBODY does not control the merchant environment and cannot speak for what the merchant may do on their own system, so each merchant must respond to "Requirements" based on how they use their system.

  • You will need to click on each Requirement and respond to each question.
    • Click the help icon (blue question mark) if you do not understand the question.

MINDBODY is a PCI Compliant Level 1 Service Provider. If you only use MINDBODY to process and store credit cards, and not another service provider, the network and software requirements listed in the Payment Card Industry Data Security Standard are taken care of. 

Most MINDBODY customers limit cardholder data to their virtual terminal, enabling them to respond favorably to items under Requirement 3, relating to protecting stored cardholder data.

  • Once you’ve completed all requirements, click on Next on the bottom-right section of the screen

If you need assistance during the process, or have specific questions, please contact ControlScan at: 800.571.3928, or use the chat or email function found on the top right of the ControlScan portal. Hours of Operation: Monday-Thursday: 08:30 A.M. to 08:00 P.M., Friday: 08:30 A.M. to 06:00 P.M.


5. Acknowledgement

  • Your last step is to confirm 6 final statements, and complete the “Attestation” section. 
  • Once complete, click on Next in the bottom-right corner. 


6. Compliance!

“Green light” status illustrates you are now PCI compliant.

"Red Light" means that you are not yet compliant; there should be “Next Actions” for you to take if you see a red light.


Note: If you have a questionnaire Type C, you will be prompted to setup a required scan of your network. If you need assistance, please contact ControlScan at 800.571.3928.


Powered by Zendesk