Skip to main content
Skip table of contents

How to Verify Your PCI Compliance


If you are required to verify your PCI compliance you will receive an email from SecurityMetrics to complete your PCI certification. This email will be sent:

  • After the first credit card transaction is processed through your merchant account
  • Annually after completing your PCI certification

You will be unable to complete your PCI Compliance through SecurityMetrics until you receive this email.

We legally cannot provide you with any answers to the questions on your scoping assessment or SAQ. You must answer the questions to the best of your knowledge.

We recommend you consult your organization’s legal counsel if you need assistance answering these questions.

Step 1: Receive the Email

Watch for an email from enroll@securitymetrics.com with the subject Action Required: Please Start Your Annual PCI Validation.

Note the email address to which this emaile was sent.

If you believe you should have received a notification and have not yet received one, please contact CDM+ support.

Step 2: Sign Up

To sign up, go to https://www.securitymetrics.com/pcidss/paragon.

Click on the “Sign Up” button.

Create an account using the email address from step 1.

Verify the account by clicking on the confirmation email link (in your email inbox).

Read and accept the Terms of Use.

Step 3: Get Started

Click on the Get started with PCI link under the To Do list.

Identify Your Account

This should read Paragon Payment Solutions.

If you have another merchant account that is not through Suran Systems, Inc., this process does not apply to that merchant. Contact that processor to complete their PCI compliance separately.

Click Next.

Customer Information

Make sure your contact information is correct. Click Next.

Step 4: Scoping Process

The follow questions cover the SecurityMetrics Scoping Process which will determine your Self Assessment Questionnaire (SAQ). Please choose the answer that best describes how you handle credit card information.

Please note that Suran Systems, Inc. does not store any credit card information. We simply pass it along to Paragon Payment Solutions.

If CDM+ is the only way you accept credit card gifts and payments, none of it goes through your website, it only goes through us.

Select your credit card processing method and then click Next.

At this time the only mechanisms to provide credit card information to your merchant account through CDM+ is considered e-Commerce.

Select Yes or No.

Select Yes or No.

Please note that information that passes through CDM+ Engage is not entered directly on your website.

Select Yes or No. Contact your web developer if you are unsure.

Select Yes or No.

Please note that information that passes through CDM+ Engage is not entered directly on your website.

This area is asking if you would like to be contacted by SecurityMetrics for further assistance. This step is optional. Make a selection and then click Next.

Answer the remaining questions to the best of your knowledge to complete the Scoping Process.

Based on your responses, Security Metrics will direct you the appropriate self-assessment questionnaire (SAQ) for your organization. The most common version is the SAQ-A, which is covered in the next section.

If you need to complete a different SAQ we recommend you research and review the scope of PCI compliance and consult your organization’s legal counsel for additional guidance.

Step 5: Completing the SAQ-A

Click on Activate and Continue to begin.

Please remember that this is a self-assessment questionnaire.

  • Suran Systems, Inc. cannot answer these questions for you.
  • There is no audit of the answers.
  • This is a testament that you are following best practices.
  • Simply answer these questions to the best of your knowledge.

If you have more questions, we recommend you research and review the scope of PCI compliance and consult your organization’s legal counsel.

Policy Section

You will see green dots at the top of the page. As you complete each section its dot will turn green. To your right you will see short videos explaining how to complete this section.

Answer these questions to the best of your knowledge.

Physical Access Section

Answer these questions to the best of your knowledge.

These answers may be pre-populated based on your responses during the scoping process.

Unique ID Section

Answer these questions to the best of your knowledge.

Vendor Defaults Section

Answer these questions to the best of your knowledge.

Development Section

Answer these questions to the best of your knowledge.

Accept Cards Section

We recommend putting Suran Systems, Inc. under both Web Host and Co-Host.

Suran Systems, Inc is not technically a web host nor a co-location provider, we are processing application. However, the SecurityMetrics form only offers choices for web hot and co-location provider, so we recommend you enter both.

Step 6: Assessment Completion

Click I Agree to complete your assessment.

Step 7: You’re Done!

Once you’ve completed your assessment, you are PCI certified. You can download a copy of your responses for your records.

If you are unable to achieve certification, a non-compliance fee will be assessed until you can obtain certification. Contact support for information about this fee.

The PCI certification process will renewed annually. If you need to change the contact information for this process, please contact support.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.