How can we help?
search-icon
Popular Topics:     Import Options  •   Refund Status  •   Amend Return  •   File Extension
Help Center>
Integrated Payments Powered by Drake Pay - PCI Compliance
1

Annual PCI compliance validation is required for all merchants who process credit card payments through Drake Pay. This validation ensures alignment with current PCI Data Security Standard (PCI DSS) requirements and industry best practices for secure payment processing.

Drake Pay has partnered with MAXpci to facilitate PCI compliance. After enrolling in Drake Pay, you will receive an email from MAXpci with instructions to begin your validation. Detailed steps are provided below.

Benefits of PCI Compliance

For Tax Preparers

  • Reduces data breach risk by strengthening payment security controls
  • Avoids potential card brand penalties related to non-compliance
  • Builds client trust by demonstrating a commitment to protecting sensitive information

For Taxpayers

  • Protects payment card data from unauthorized access
  • Reduces fraud and identity theft risk
  • Ensures information is handled according to industry security standards

Important  PCI compliance significantly reduces the risk and impact of a payment data breach.

First Year

To complete PCI compliance for the first time:

  1. Go to https://drakesoftware.maxpci.com/login.
  2. Enter your Merchant ID Number as your Username.
  3. Use the temporary password provided in your MAXpci email.
  4. Select the option that best describes how you process payments.
  5. Answer all questions that do not have a red or green check mark.
  6. Answer all fully highlighted questions and complete the scan form, if applicable.

Note  Questionnaire C requires quarterly vulnerability scans of your external server, which are completed by VikingCloud (formerly Sysnet). The scans are of your external server and do NOT access your private network nor computers.

Tip  If you need assistance accessing your account, contact MAXpci support.

Re-Validate Annually

To re-validate your compliance:

  1. Go to https://drakesoftware.maxpci.com/login.
  2. Log in using your Merchant ID Number as your Username. Your password will be what you selected last year.
  3. On your merchant dashboard, select Rapid Renew.
  4. Follow the prompts to go to the Questions screen.
  5. Once you’re on the Questions screen, select the blue Rapid Renew button again.
  6. Complete the attestation to renew your annual questionnaire.

Tip  If you need assistance accessing your account, contact MAXpci support.

Non-Compliance Fee

Your merchant account will be assessed a PCI non-compliance fee of $25.00 per month until you successfully complete the process when all of the following are true: 

  • it has been more than 30 days since you were approved for Drake Pay, and
  • you have processed at least one transaction using Drake Pay, and
  • you have not completed the questionnaire, or have failed to achieve PCI compliance.

This compliance portal and validation tools are free for all compliant merchants.

Support

For questions, contact MAXpci Support:

Frequently Asked Questions

Why do I need to complete PCI compliance?

PCI compliance is required for all businesses that accept credit card payments. It reduces the risk of data breaches and helps protect merchants, customers, and the broader payment ecosystem.

This approach is standard across the payment processing industry

I already pay processing fees. Why is this separate?

Processing fees do not include PCI validation. The validation tools are provided free of charge, and the non-compliance fee can be avoided by completing the annual process.

I'm a small office. Does this apply to me?

Yes. PCI compliance applies to all merchants, regardless of size or transaction volume. Small businesses are often targeted by cyber-criminals, and compliance helps reduce your risk and protect your reputation.

How long does it take?

Most merchants complete the process in a short amount of time. Some answers may be pre-filled based on your Drake Pay relationship. You can save your progress and return later. This validation is required only once per year.

If you need assistance, the MAXpci support team can walk you through the process.

I have a question about something in the portal.

MAXpci provides direct support and can assist you throughout the process.

What if I don’t understand the technical requirements?

The portal includes explanations for each requirement. Most items involve basic security best practices, such as secure passwords and updated software.

MAXpci support is available – from log in to log out, via email, chat, or phone.

I’ve never processed a transaction. Do I still need to complete this?

If you plan on processing payments in the future, you may complete Self-Assessment Questionnaire A (SAQ A) if you only use the Payment Request option.

SAQ A is the simplest questionnaire and typically takes about five minutes to complete. Once submitted, you remain compliant until the next annual renewal period.

If you no longer plan to process payments, contact Drake Pay Support at (319) 731-2682 to discuss closing your merchant account.

I already completed PCI before. Why do I have to do this again?

PCI compliance requires annual validation. Like renewing a license, it must be completed each year to remain in good standing.