Help Centre

Support > Website Security > PCI-DSS Compliance

PCI DSS Compliance With Create Payments

If you're an existing Create Payments customer, there are several ways to achieve PCI DSS Compliance. As the gateway is powered by Worldpay, you are eligible for their SaferPayments Service or you can provide ceritification if you're already compliant. 

What is SaferPayments?

The SaferPayments service offered by Worldpay is designed to help “simplify the compliance process and protects your business with our PCI DSS compliance management programme". 

The service itself offers: 

  • Access to web-based SaferPayments portal
  • Pre-population of up to 90% of your PCI DSS self-assessment questionnaire (SAQ) if using certain Worldpay products
  • Ability to schedule quarterly PCI DSS external vulnerability scanning (if applicable)
  • Telephone, email and chat support 6 days a week
  • Periodic email reminders about maintaining compliance
  • PCI DSS certificate of compliance (if compliant) 

How much does SaferPayments Cost? 

The SaferPayments service costs £4 per month and is debited once a month from your settlements, displaying as an 'Admin Fee'. Worlpday also offer a SaferPayments Plus Service which has addiotnal features to the standard service for a cost of £10 per month. However, in most cases, we recommend opting for the standard SaferPayments service as it as most of the additional features of SaferPayments Plus are already covered by Create. 

How do I apply for SaferPayments? 

After you sign up to Create Payments, as the gateway is powered by Worldpay, they will contact you within a month to giving you the chance to assert your PCI DSS compliance or certification, or to sign up to their SaferPayments service.

There are two ways to apply for the SaferPayments service. The first way is to contact Worldpay's SaferPayments team on 0330 808 0663 (charge may apply) and they will guide you through the process. You will need to quote your Create Payments Admin Code when you contact them and state that you would apply for the standard SaferPayments option (£4 a month) and not the SaferPayments Plus option (unless you specifically want to apply for this). If you do not know your Admin Code, please get in touch with your Account Manager and they will be able to provide it for you. 

Once verification is complete, Worldpay will ask you if you know what  PCI-DSS Self-Assessment you need to complete. If you just use the Create Payments gateway, this will most likely be the SAQ type A questionairre. Depending on what other payment gateways and/or payments you take, this may change - see here for more info. You will then be asked the relevant questions from questionairre in order to ascertain compliance. 

The second option is that you can log into their SaferPayments portal, by visiting the login page here. On the initial email you receive from Worldpay about SaferPayments (as mentioned above), it should display your Merchant ID in the top right hand corner of the email - this forms part of your login details for the SaferPayments portal. It's unlikely that you will know your password but you can select the Live Chat support option on the login page and and they will help you retrieve your login details. Alternatively, you can contact their SaferPayments support team on 0330 808 0663 (charge may apply). 

Once logged into the portal, you will then complete the relevant questions based on what compliance you require and compliance will be ceritifed, pending the requirements are met. If you do require any help with the question on the assessment, you can get in touch with the Worldpay SaferPayments team or alternatively, get in touch with your Account Manager and they will assist where they can. 

I’m already compliant, what do I do?

If you already have a ceritification of compliance from a third-party, you can provide this to Worldpay to certify your compliance without going through the SaferPayments service. You can do this by logging into the portal and uploading your certificate or contact the SaferPayments support team on 0330 808 0663 (charge may apply) for further assistance.

Please note that you will be required to assert your compliance on an annual basis as per legislation.

What will happen if I am not PCI compliant?

With Create Payments, Worldpay will give you 60 days to confirm your compliance. In this time you can either become certified through SaferPayments or by uploading your own certificate. 

If after the 60 days you haven’t been able to assert this, a monthly fee of £15.00 will be charged to you for each month that you are not PCI compliant. This fee is in place as your business is considered to be higher risk.

As soon as you can demonstrate that you are compliant with PCI DSS the monthly charge will be stopped and no longer apply to you. This is where SaferPayments can help you become certified quickly and easily with their programme.

Please note: We would always recommend seeking professional advice when it comes to legislation and legal requirements for your business.

More Questions?

If you have any further questions, please get in touch and we will be happy to help.

Get in Touch