Overview

IDEXX Petly Plans cannot provide PCI Letters of Compliance directly, but we can guide you through the process.
Your practice is responsible for completing its own PCI compliance assessment for each credit card Merchant ID (MID).

Important: IDEXX Petly Plans is not your Merchant Service Provider (MSP). Your MSP handles PCI notifications and provides access to the PCI attestation portal.

Who Does What?

• Your Practice: Completes PCI Business Profile & annual security assessment.
• Merchant Service Provider (MSP): Provides PCI portal and compliance tools.
• IDEXX Petly Plans: Offers guidance and best practices.

Steps to Get Started

Once your PCI portal account is created, you’ll complete a Business Profile.
Below are common questions and suggested answers to help you prepare.
(Note: These are examples only. Answer based on your actual setup.)

Assessment Setup

• Pick an assessment method: Guide Me

Card Acceptance Methods

• Accept credit cards? → Mail/Telephone order card payments
• Pay by Link? → No
• Customer provides card number by: Phone
• Outsource mail/telephone ordering? → No
• Accept payments over phone? → Customer gives card number to staff

Telephone System & CRM

• Record calls? → No
• Store cardholder data in CRM? → No
• Employees access stored cardholder data? → No

Virtual Terminal Usage

• Accept card payments via: Browser-based Virtual Terminal or PCI DSS compliant hosted page
• Provider name: Authorize.Net

Card Authentication Data

• Receive CVV/security code? → Yes
• Store CVV electronically? → No
• Destroy CVV after authorization? → Yes

Receipts & Data Transmission

• Print receipts with full card numbers? → No
• Send/receive card numbers via email/messaging? → No
• Store/transmit cardholder data electronically? → No

Security Policy & Third Parties

• Information Security Policy? → No, but will implement using template
• Use third-party providers managing system components? → No
• Use third-party providers impacting cardholder data security? → No

Business Environment Summary

• Premises type: Retail Outlet
• Store/process/transmit cardholder data? → Does not store, process, or transmit cardholder data. Uses IDEXX Petly Plans, a fully hosted PCI-compliant solution via Authorize.Net. 
• Description:
  IDEXX Petly Plans submits the customer's name to Authorize.Net to acquire a token. An HTML iFrame from Authorize.Net captures cardholder data. Tokens are returned to Petly Plans for initiating charges, either automated or manual. 

✅ Next Steps

• Complete your Business Profile.
• Click Begin Step in the PCI portal to validate compliance.
• Repeat annually to avoid non-compliance fees.

Reminder: The assessment reflects your internal protocols and network setup.

Need Help?

• Merchant Service Provider: For PCI portal access and compliance questions.
• Petly Plans Support: support@petlyplans.com