Difference between revisions of "ProDon:FAQ - PCI Standards"

From Logilys
Jump to: navigation, search
(Created page with '{{Header_ProDon|1|s.o.|Nadia Carrier||2014/04/14}} == Introduction == Here are a few frequently asked questions concerning the PCI requirements. We invite you to read them,…')
 
m (Questions / Answers)
 
(35 intermediate revisions by 10 users not shown)
Line 1: Line 1:
{{Header_ProDon|1|s.o.|Nadia Carrier||2014/04/14}}
+
{{Header_TOC}}<br>
 +
<span style="color: rgb(255, 0, 0);">'''*** THIS DOCUMENTATION APPLIES TO THE SOFTWARE PRODON AND PROLOC ***'''</span>
 +
== Introduction  ==
 +
 
 +
Here are some frequently asked questions about the PCI standard, which we invite you to read.
 +
 
 +
For any questions regarding the PCI DSS standard, please contact VikingCloud by email at [mailto:support@pcidssportalna.com. support@pcidssportalna.com.]
 +
 
 +
If you have any further questions, please contact us at 1-855-564-4597 or file a support request.
  
== Introduction  ==
+
<br>
 +
 
 +
'''Temporary Notice:'''
  
Here are a few frequently asked questions concerning the PCI requirements.  
+
A new version of the PCI-DSS standard (4.0) has just been adopted. This new version requires a vulnerability scan of your websites. You must submit the site where the transaction takes place, either: [http://www.JeDonneEnligne.com www.JeDonneEnligne.com] and/or [http://www.JeMinscrisMaintenant.com www.JeMinscrisMaintenant.com]. The new standard includes a significant number of vulnerabilities to be addressed, which we are currently working to comply with. If you receive a failed compliance report, please send a copy to: [mailto:Securite@logilys.com securite@logilys.com]. No individual follow-up will be conducted upon receipt of the report, but we will verify that the failures correspond to those already known and will be corrected shortly.
  
We invite you to read them, for further questions, please contact us at <span class="skype_c2c_print_container">819-758-0560</span><span skype_menu_props="{&quot;numberToCall":"+18197580560","isFreecall":false,"isMobile":false,"isRtl":false}" onmouseout="SkypeClick2Call.MenuInjectionHandler.hideMenu(event)" onmouseover="SkypeClick2Call.MenuInjectionHandler.showMenu(this, event)" tabindex="-1" dir="ltr" class="skype_c2c_container"><span skypeaction="skype_dropdown" dir="ltr" class="skype_c2c_highlighting_inactive_common"><span class="skype_c2c_textarea_span">[[Image:]]<span class="skype_c2c_text_span">819-758-0560</span><span class="skype_c2c_free_text_span" /></span></span></span> or file a support request.  
+
A notice will be sent to our clientele as soon as known vulnerabilities have been addressed, and you may then request a new scan of [http://www.JeDonneEnligne.com www.JeDonneEnligne.com] and/or [http://www.JeMinscrisMaintenant.com www.JeMinscrisMaintenant.com].
  
<br>
+
If the report still fails at this point, please send a copy to [mailto:Securite@logilys.com securite@logilys.com] and follow-up will be conducted.<div style="left: 689.283px; top: 92.8px; display: none;" id="skype_c2c_menu_container" class="skype_c2c_menu_container"><div class="skype_c2c_menu_click2call">[[Skype: 18197580560?call&origin=FFTB/SPNR/7.1.15383.6004/http://update wikien.logilys.com/extensions/FCKeditor/fckeditor/editor/fckeditor.html|Call]]</div><div class="skype_c2c_menu_click2sms">[[Skype: 18197580560?sms&origin=FFTB/SPNR/7.1.15383.6004/http://update wikien.logilys.com/extensions/FCKeditor/fckeditor/editor/fckeditor.html|Send SMS]]</div><div class="skype_c2c_menu_add2skype">[[Skype: 18197580560?add&origin=FFTB/SPNR/7.1.15383.6004/http://update wikien.logilys.com/extensions/FCKeditor/fckeditor/editor/fckeditor.html|Add to Skype]]</div><div class="skype_c2c_menu_toll_info"><span class="skype_c2c_menu_toll_callcredit">You'll need Skype Credit</span><span class="skype_c2c_menu_toll_free">Free via Skype</span></div></div>  
<div class="skype_c2c_menu_container" id="skype_c2c_menu_container" style="left: 689.283px; top: 92.8px; display: none;"><div class="skype_c2c_menu_click2call">[[Skype: 18197580560?call&origin=FFTB/SPNR/7.1.15383.6004/http://update wikien.logilys.com/extensions/FCKeditor/fckeditor/editor/fckeditor.html|Call]]</div><div class="skype_c2c_menu_click2sms">[[Skype: 18197580560?sms&origin=FFTB/SPNR/7.1.15383.6004/http://update wikien.logilys.com/extensions/FCKeditor/fckeditor/editor/fckeditor.html|Send SMS]]</div><div class="skype_c2c_menu_add2skype">[[Skype: 18197580560?add&origin=FFTB/SPNR/7.1.15383.6004/http://update wikien.logilys.com/extensions/FCKeditor/fckeditor/editor/fckeditor.html|Add to Skype]]</div><div class="skype_c2c_menu_toll_info"><span class="skype_c2c_menu_toll_callcredit">You'll need Skype Credit</span><span class="skype_c2c_menu_toll_free">Free via Skype</span></div></div>  
 
 
== Questions / Answers  ==
 
== Questions / Answers  ==
  
Q. What are the PCI requirements?<br>A. These are safety rules relating to handling credit card data, in order to prevent fraud.<br> <br>Q. Must we comply to the PCI requirements if we have a merchant account with Netbanx (Optimal Payments)?  
+
Q. What is the PCI standard?<br>A. PCI stands for ''Payment Card Industry.'' These are security regulations for handling credit card transaction data, established to prevent fraud.<br> <br>Q. Do we have to comply with the PCI standard if we have a merchant account with ''Netbanx (PaySafe)''?  
  
A. Yes, any merchant who accepts donations and/or credit card payments must comply to the PCI requirements.  
+
A. Yes. Any merchant accepting credit card transactions (donations or payments) must comply with the PCI standard.  
  
 
<br>  
 
<br>  
  
Q. We only have the Online Donation Module (IMakeAnOnlineDonation), therefore we do not deal with any credit card number (Web account), do we still have to comply with the PCI requirements?  
+
Q. We only have the online donation module (''IMakeAnOnlineDonation''), so we do not handle any credit card numbers (web account). Do we still have to comply with the PCI standard?  
  
A. Yes, you still have to comply to the PCI requirements, but the form to fill out in that case is very simple, it is the "SAQ A" form.  
+
A. Yes. You still must comply with the PCI standard, but the form to be completed in this case is very simple: the "SAQ A" form.  
  
 
<br>  
 
<br>  
  
Q. Is it normal to be asked to complete the "SAQ C" form?&nbsp;  
+
Q. Is it normal to be asked to fill out the "SAQ C" form?&nbsp;  
  
A. If you accept phone or mail donations (reply coupon), yes it is normal, you must fill out that form because you see and handle credit card numbers. The "SAQ C" form is a little more complete than the one mentioned in the previous question. This way, Optimal is making sure that you are handling credit card data safely when entering it into the virtual terminal.&nbsp;  
+
A. Yes, if you accept donations by telephone or mail (reply coupons), because you see and handle credit card numbers. The "SAQ C" form is a little more complete than the "SAQ A" form. It is designed to assure ''PaySafe'' that your methods are secure when you handle credit card data and enter it into the virtual terminal.&nbsp;  
  
 
<br>  
 
<br>  
  
Q. Is it normal to be asked to complete the "SAQ D" form?  
+
Q. Is it normal to be asked to fill out the "SAQ D" form?  
  
A. If you keep credit card numbers electronically (e.g. by e-mail or in an Excel spreadsheet), you must indeed complete the "SAQ D" form, which is highly complex. This method is to be avoided, because it exposes you to great risks of fraud and involves tremendous security constraints.  
+
A. Only if you store credit card numbers electronically (e.g. by email or in an ''Excel'' spreadsheet). This method should be avoided, as it exposes you to great risks of fraud and involves major security constraints. The "SAQ D" form is the most complex to fill.  
  
 
<br>  
 
<br>  
  
Q. We have an Optimal account as well as the Online Donation Module (IMakeAnOnlineDonation), are the credit card numbers stored on your website?  
+
Q. We have a ''PaySafe'' account and the online donation module (''IMakeAnOnlineDonation''); are credit card numbers stored on your site?  
  
A. Not at all, data relating to payments is stored in a secure vault at Netbanx and is not recoverable by you, nor by IMakeAnOnlineDonation.  
+
A. No. Payment data is stored in a secure vault at ''Netbanx'' and cannot be retrieved by you or ''IMakeAnOnlineDonation..''
  
 
<br>  
 
<br>  
  
Q. We have an Optimal account as well as the Electronic Transaction Module (virtual terminal), are the credit card numbers kept in ProDon?  
+
Q. We have a ''PaySafe'' account and the electronic transaction module (virtual terminal); are credit card numbers stored in ''ProDon''?  
  
A. Not at all, data relating to payments is kept in a secure vault at Netbanx and is not recoverable by you, nor by ProDon.  
+
A. No. Payment data is stored in a secure vault at ''Netbanx'' and cannot be retrieved by you or ''ProDon.''
  
 
<br>  
 
<br>  
  
Q. May Logilys assist me to fill out PCI form "SAQ A" or "SAQ C"?  
+
Q. Can Logilys help me fill out the PCI "SAQ A" or "SAQ C" form?  
 +
 
 +
A. Only for the section "LIST ALL THIRD PARTY SERVICE PROVIDERS (Leave blank if not applicable)". Here is what you need to enter:
 +
 
 +
*Payment Gateway: "''Netbanx-PaySafe''"
 +
*Point-of-Sale Terminal: N/A
 +
*Web Host: You must enter the name of your organization's website host
 +
*Payment Application: N/A
 +
*Shopping Cart: "''IMakeAnOnlineDonation - Logilys''"
 +
*Co-Location: N/A
 +
 
 +
All the other questions on these questionnaires concern the IT security systems installed in your establishment and on the workstations hosting ''ProDon''. Since we don't know this environment, nor do we have the expertise in the PCI standard, we are not able to assist you 
  
A. Unfortunately, these questionnaires concern the safety of your establishment and of the workstation hosting ProDon, we do not have the required knowledge of your environment nor the expertise with the PCI requirements to adequately assist you. However, do not hesitate to contact us if you have any questions concerning IMakeAnOnlineDonation or ProDon.  
+
However, please do not hesitate to contact us if you have any questions about ''IMakeAnOnlineDonation'' or ''ProDon.'' <br>
  
 
<br>  
 
<br>  
  
Q. Who is Security Metrics?  
+
Q. Who is ''Security Metrics''?
 +
 
 +
A. ''Security Metrics'' is a certified firm, specializing in the management of all aspects related to the PCI standards compliance, recommended by ''PaySafe''. This firm has the expertise required to assist you with the completion of the "SAQ A" or "SAQ C" form. For any questions about these forms, you can contact a support technician at 1-801-995-6403.<br>
 +
 
 +
Q: We are asked to provide URL addresses for a security scan, what should we submit?
  
A. This is a PCI firm, recommended by Optimal, that has the necessary certifications and expertise in order to assist you when completing the "SAQ A" or "SAQ C" forms. For any questions concerning PCI forms, you can contact Mike Kelly at <span class="skype_c2c_print_container">1-801-995-6708</span><span skype_menu_props="{&quot;numberToCall":"+18019956708","isFreecall":false,"isMobile":false,"isRtl":false}" onmouseout="SkypeClick2Call.MenuInjectionHandler.hideMenu(event)" onmouseover="SkypeClick2Call.MenuInjectionHandler.showMenu(this, event)" tabindex="-1" dir="ltr" class="skype_c2c_container"><span skypeaction="skype_dropdown" dir="ltr" class="skype_c2c_highlighting_inactive_common"><span class="skype_c2c_textarea_span">[[Image:]]<span class="skype_c2c_text_span">1-801-995-6708</span><span class="skype_c2c_free_text_span" /></span></span></span><br>
+
A: It is recommended to submit [http://www.JeDonneEnligne.com www.JeDonneEnligne.com] and/or [http://www.JeMinscrisMaintenant.com www.JeMinscrisMaintenant.com].
  
 
<br>  
 
<br>  
  
Q. Do we need a computer technician to complete the forms?  
+
Q. Do we need an IT technician to fill in the forms?  
  
A. Most of the time, it is necessary to be assisted by a computer technician, because certain questions are very technical and require an excellent understanding of your computing and networknig environments.  
+
A. Some questions are highly technical and require an excellent understanding of your IT and networking environment. It is very likely that you will need the help of your technician.  
  
 
<br>  
 
<br>  
  
Q. We have failed the PCI certification, what should we do?  
+
Q. We have failed PCI certification, what should we do?  
  
A. In the non-conformance report, the safety rules that were failed are identified, you must check these points with your technicians in order to rectify the situation.  
+
A. Failed safety rules are clearly identified in the compliance report. You must check each of these points with your technician to rectify the situation.  
  
 
<br>  
 
<br>  
  
{{Footer_ProDon}}  
+
{{Footer_Common_Functions}}<br>
<div class="skype_c2c_menu_container" id="skype_c2c_menu_container" style="display: none;"><div class="skype_c2c_menu_click2call">[[Call]]</div><div class="skype_c2c_menu_click2sms">[[Send SMS]]</div><div class="skype_c2c_menu_add2skype">[[Add to Skype]]</div><div class="skype_c2c_menu_toll_info"><span class="skype_c2c_menu_toll_callcredit">You'll need Skype Credit</span><span class="skype_c2c_menu_toll_free">Free via Skype</span></div></div>
 

Latest revision as of 08:49, 3 May 2024

FAQ - PCI Standards


*** THIS DOCUMENTATION APPLIES TO THE SOFTWARE PRODON AND PROLOC ***

Introduction

Here are some frequently asked questions about the PCI standard, which we invite you to read.

For any questions regarding the PCI DSS standard, please contact VikingCloud by email at support@pcidssportalna.com.

If you have any further questions, please contact us at 1-855-564-4597 or file a support request.


Temporary Notice:

A new version of the PCI-DSS standard (4.0) has just been adopted. This new version requires a vulnerability scan of your websites. You must submit the site where the transaction takes place, either: www.JeDonneEnligne.com and/or www.JeMinscrisMaintenant.com. The new standard includes a significant number of vulnerabilities to be addressed, which we are currently working to comply with. If you receive a failed compliance report, please send a copy to: securite@logilys.com. No individual follow-up will be conducted upon receipt of the report, but we will verify that the failures correspond to those already known and will be corrected shortly.

A notice will be sent to our clientele as soon as known vulnerabilities have been addressed, and you may then request a new scan of www.JeDonneEnligne.com and/or www.JeMinscrisMaintenant.com.

If the report still fails at this point, please send a copy to securite@logilys.com and follow-up will be conducted.

Questions / Answers

Q. What is the PCI standard?
A. PCI stands for Payment Card Industry. These are security regulations for handling credit card transaction data, established to prevent fraud.

Q. Do we have to comply with the PCI standard if we have a merchant account with Netbanx (PaySafe)?

A. Yes. Any merchant accepting credit card transactions (donations or payments) must comply with the PCI standard.


Q. We only have the online donation module (IMakeAnOnlineDonation), so we do not handle any credit card numbers (web account). Do we still have to comply with the PCI standard?

A. Yes. You still must comply with the PCI standard, but the form to be completed in this case is very simple: the "SAQ A" form.


Q. Is it normal to be asked to fill out the "SAQ C" form? 

A. Yes, if you accept donations by telephone or mail (reply coupons), because you see and handle credit card numbers. The "SAQ C" form is a little more complete than the "SAQ A" form. It is designed to assure PaySafe that your methods are secure when you handle credit card data and enter it into the virtual terminal. 


Q. Is it normal to be asked to fill out the "SAQ D" form?

A. Only if you store credit card numbers electronically (e.g. by email or in an Excel spreadsheet). This method should be avoided, as it exposes you to great risks of fraud and involves major security constraints. The "SAQ D" form is the most complex to fill.


Q. We have a PaySafe account and the online donation module (IMakeAnOnlineDonation); are credit card numbers stored on your site?

A. No. Payment data is stored in a secure vault at Netbanx and cannot be retrieved by you or IMakeAnOnlineDonation..


Q. We have a PaySafe account and the electronic transaction module (virtual terminal); are credit card numbers stored in ProDon?

A. No. Payment data is stored in a secure vault at Netbanx and cannot be retrieved by you or ProDon.


Q. Can Logilys help me fill out the PCI "SAQ A" or "SAQ C" form?

A. Only for the section "LIST ALL THIRD PARTY SERVICE PROVIDERS (Leave blank if not applicable)". Here is what you need to enter:

  • Payment Gateway: "Netbanx-PaySafe"
  • Point-of-Sale Terminal: N/A
  • Web Host: You must enter the name of your organization's website host
  • Payment Application: N/A
  • Shopping Cart: "IMakeAnOnlineDonation - Logilys"
  • Co-Location: N/A

All the other questions on these questionnaires concern the IT security systems installed in your establishment and on the workstations hosting ProDon. Since we don't know this environment, nor do we have the expertise in the PCI standard, we are not able to assist you

However, please do not hesitate to contact us if you have any questions about IMakeAnOnlineDonation or ProDon.


Q. Who is Security Metrics?

A. Security Metrics is a certified firm, specializing in the management of all aspects related to the PCI standards compliance, recommended by PaySafe. This firm has the expertise required to assist you with the completion of the "SAQ A" or "SAQ C" form. For any questions about these forms, you can contact a support technician at 1-801-995-6403.

Q: We are asked to provide URL addresses for a security scan, what should we submit?

A: It is recommended to submit www.JeDonneEnligne.com and/or www.JeMinscrisMaintenant.com.


Q. Do we need an IT technician to fill in the forms?

A. Some questions are highly technical and require an excellent understanding of your IT and networking environment. It is very likely that you will need the help of your technician.


Q. We have failed PCI certification, what should we do?

A. Failed safety rules are clearly identified in the compliance report. You must check each of these points with your technician to rectify the situation.



Document name: ProDon:FAQ - PCI Standards