Difference between revisions of "ProDon:FAQ - PCI Standards"
m (moved ProDon:FAQ - PCI Requirements to ProDon:FAQ - PCI Standards) |
Vcastagner (talk | contribs) (Tag: Visual edit) |
||
(13 intermediate revisions by 7 users not shown) | |||
Line 1: | Line 1: | ||
− | {{ | + | {{Header_TOC}}<br> |
== Introduction == | == Introduction == | ||
− | Here are | + | Here are some frequently asked questions about the PCI standard, which we invite you to read. |
− | + | For any questions regarding the PCI DSS standard, please contact VikingCloud by email at [mailto:support@pcidssportalna.com. support@pcidssportalna.com.] | |
+ | |||
+ | If you have any further questions, please contact us at 1-855-564-4597 or file a support request. | ||
<br> | <br> | ||
Line 11: | Line 13: | ||
== Questions / Answers == | == Questions / Answers == | ||
− | Q. What | + | Q. What is the PCI standard?<br>A. PCI stands for ''Payment Card Industry.'' These are security regulations for handling credit card transaction data, established to prevent fraud.<br> <br>Q. Do we have to comply with the PCI standard if we have a merchant account with ''Netbanx (PaySafe)''? |
− | A. Yes | + | A. Yes. Any merchant accepting credit card transactions (donations or payments) must comply with the PCI standard. |
<br> | <br> | ||
− | Q. We only have the | + | Q. We only have the online donation module (''IMakeAnOnlineDonation''), so we do not handle any credit card numbers (web account). Do we still have to comply with the PCI standard? |
− | A. Yes | + | A. Yes. You still must comply with the PCI standard, but the form to be completed in this case is very simple: the "SAQ A" form. |
<br> | <br> | ||
− | Q. Is it normal to be asked to | + | Q. Is it normal to be asked to fill out the "SAQ C" form? |
− | A. Yes, | + | A. Yes, if you accept donations by telephone or mail (reply coupons), because you see and handle credit card numbers. The "SAQ C" form is a little more complete than the "SAQ A" form. It is designed to assure ''PaySafe'' that your methods are secure when you handle credit card data and enter it into the virtual terminal. |
<br> | <br> | ||
− | Q. Is it normal to be asked to | + | Q. Is it normal to be asked to fill out the "SAQ D" form? |
− | A. Only if you | + | A. Only if you store credit card numbers electronically (e.g. by email or in an ''Excel'' spreadsheet). This method should be avoided, as it exposes you to great risks of fraud and involves major security constraints. The "SAQ D" form is the most complex to fill. |
<br> | <br> | ||
− | Q. We have | + | Q. We have a ''PaySafe'' account and the online donation module (''IMakeAnOnlineDonation''); are credit card numbers stored on your site? |
− | A. No | + | A. No. Payment data is stored in a secure vault at ''Netbanx'' and cannot be retrieved by you or ''IMakeAnOnlineDonation..'' |
<br> | <br> | ||
− | Q. We have | + | Q. We have a ''PaySafe'' account and the electronic transaction module (virtual terminal); are credit card numbers stored in ''ProDon''? |
− | A. No | + | A. No. Payment data is stored in a secure vault at ''Netbanx'' and cannot be retrieved by you or ''ProDon.'' |
<br> | <br> | ||
− | Q. Can Logilys | + | Q. Can Logilys help me fill out the PCI "SAQ A" or "SAQ C" form? |
− | A. Only for the | + | A. Only for the section "LIST ALL THIRD PARTY SERVICE PROVIDERS (Leave blank if not applicable)". Here is what you need to enter: |
− | *Payment Gateway: "''Netbanx- | + | *Payment Gateway: "''Netbanx-PaySafe''" |
*Point-of-Sale Terminal: N/A | *Point-of-Sale Terminal: N/A | ||
*Web Host: You must enter the name of your organization's website host | *Web Host: You must enter the name of your organization's website host | ||
Line 58: | Line 60: | ||
*Co-Location: N/A | *Co-Location: N/A | ||
− | All the other questions on | + | All the other questions on these questionnaires concern the IT security systems installed in your establishment and on the workstations hosting ''ProDon''. Since we don't know this environment, nor do we have the expertise in the PCI standard, we are not able to assist you |
+ | |||
+ | However, please do not hesitate to contact us if you have any questions about ''IMakeAnOnlineDonation'' or ''ProDon.'' <br> | ||
<br> | <br> | ||
Line 64: | Line 68: | ||
Q. Who is ''Security Metrics''? | Q. Who is ''Security Metrics''? | ||
− | A. ''Security Metrics'' is a certified firm, specializing in the management of all aspects related to the PCI standards compliance, recommended by '' | + | A. ''Security Metrics'' is a certified firm, specializing in the management of all aspects related to the PCI standards compliance, recommended by ''PaySafe''. This firm has the expertise required to assist you with the completion of the "SAQ A" or "SAQ C" form. For any questions about these forms, you can contact a support technician at 1-801-995-6403.<br> |
<br> | <br> | ||
− | Q. Do we need an IT technician to | + | Q. Do we need an IT technician to fill in the forms? |
− | A. | + | A. Some questions are highly technical and require an excellent understanding of your IT and networking environment. It is very likely that you will need the help of your technician. |
<br> | <br> | ||
− | Q. We have failed | + | Q. We have failed PCI certification, what should we do? |
− | A. | + | A. Failed safety rules are clearly identified in the compliance report. You must check each of these points with your technician to rectify the situation. |
<br> | <br> | ||
− | {{ | + | {{Footer_Common_Functions}}<br> |
Revision as of 10:04, 29 January 2024
FAQ - PCI Standards |
Contents
Introduction
Here are some frequently asked questions about the PCI standard, which we invite you to read.
For any questions regarding the PCI DSS standard, please contact VikingCloud by email at support@pcidssportalna.com.
If you have any further questions, please contact us at 1-855-564-4597 or file a support request.
Questions / Answers
Q. What is the PCI standard?
A. PCI stands for Payment Card Industry. These are security regulations for handling credit card transaction data, established to prevent fraud.
Q. Do we have to comply with the PCI standard if we have a merchant account with Netbanx (PaySafe)?
A. Yes. Any merchant accepting credit card transactions (donations or payments) must comply with the PCI standard.
Q. We only have the online donation module (IMakeAnOnlineDonation), so we do not handle any credit card numbers (web account). Do we still have to comply with the PCI standard?
A. Yes. You still must comply with the PCI standard, but the form to be completed in this case is very simple: the "SAQ A" form.
Q. Is it normal to be asked to fill out the "SAQ C" form?
A. Yes, if you accept donations by telephone or mail (reply coupons), because you see and handle credit card numbers. The "SAQ C" form is a little more complete than the "SAQ A" form. It is designed to assure PaySafe that your methods are secure when you handle credit card data and enter it into the virtual terminal.
Q. Is it normal to be asked to fill out the "SAQ D" form?
A. Only if you store credit card numbers electronically (e.g. by email or in an Excel spreadsheet). This method should be avoided, as it exposes you to great risks of fraud and involves major security constraints. The "SAQ D" form is the most complex to fill.
Q. We have a PaySafe account and the online donation module (IMakeAnOnlineDonation); are credit card numbers stored on your site?
A. No. Payment data is stored in a secure vault at Netbanx and cannot be retrieved by you or IMakeAnOnlineDonation..
Q. We have a PaySafe account and the electronic transaction module (virtual terminal); are credit card numbers stored in ProDon?
A. No. Payment data is stored in a secure vault at Netbanx and cannot be retrieved by you or ProDon.
Q. Can Logilys help me fill out the PCI "SAQ A" or "SAQ C" form?
A. Only for the section "LIST ALL THIRD PARTY SERVICE PROVIDERS (Leave blank if not applicable)". Here is what you need to enter:
- Payment Gateway: "Netbanx-PaySafe"
- Point-of-Sale Terminal: N/A
- Web Host: You must enter the name of your organization's website host
- Payment Application: N/A
- Shopping Cart: "IMakeAnOnlineDonation - Logilys"
- Co-Location: N/A
All the other questions on these questionnaires concern the IT security systems installed in your establishment and on the workstations hosting ProDon. Since we don't know this environment, nor do we have the expertise in the PCI standard, we are not able to assist you
However, please do not hesitate to contact us if you have any questions about IMakeAnOnlineDonation or ProDon.
Q. Who is Security Metrics?
A. Security Metrics is a certified firm, specializing in the management of all aspects related to the PCI standards compliance, recommended by PaySafe. This firm has the expertise required to assist you with the completion of the "SAQ A" or "SAQ C" form. For any questions about these forms, you can contact a support technician at 1-801-995-6403.
Q. Do we need an IT technician to fill in the forms?
A. Some questions are highly technical and require an excellent understanding of your IT and networking environment. It is very likely that you will need the help of your technician.
Q. We have failed PCI certification, what should we do?
A. Failed safety rules are clearly identified in the compliance report. You must check each of these points with your technician to rectify the situation.
Document name: ProDon:FAQ - PCI Standards