Difference between revisions of "ProDon:FAQ - PCI Standards"

From Logilys
Jump to: navigation, search
Line 8: Line 8:
  
 
<br>  
 
<br>  
<div class="skype_c2c_menu_container" id="skype_c2c_menu_container" style="left: 689.283px; top: 92.8px; display: none;"><div class="skype_c2c_menu_click2call">[[Skype: 18197580560?call&origin=FFTB/SPNR/7.1.15383.6004/http://update wikien.logilys.com/extensions/FCKeditor/fckeditor/editor/fckeditor.html|Call]]</div><div class="skype_c2c_menu_click2sms">[[Skype: 18197580560?sms&origin=FFTB/SPNR/7.1.15383.6004/http://update wikien.logilys.com/extensions/FCKeditor/fckeditor/editor/fckeditor.html|Send SMS]]</div><div class="skype_c2c_menu_add2skype">[[Skype: 18197580560?add&origin=FFTB/SPNR/7.1.15383.6004/http://update wikien.logilys.com/extensions/FCKeditor/fckeditor/editor/fckeditor.html|Add to Skype]]</div><div class="skype_c2c_menu_toll_info"><span class="skype_c2c_menu_toll_callcredit">You'll need Skype Credit</span><span class="skype_c2c_menu_toll_free">Free via Skype</span></div></div>  
+
<div style="left: 689.283px; top: 92.8px; display: none;" id="skype_c2c_menu_container" class="skype_c2c_menu_container"><div class="skype_c2c_menu_click2call">[[Skype: 18197580560?call&origin=FFTB/SPNR/7.1.15383.6004/http://update wikien.logilys.com/extensions/FCKeditor/fckeditor/editor/fckeditor.html|Call]]</div><div class="skype_c2c_menu_click2sms">[[Skype: 18197580560?sms&origin=FFTB/SPNR/7.1.15383.6004/http://update wikien.logilys.com/extensions/FCKeditor/fckeditor/editor/fckeditor.html|Send SMS]]</div><div class="skype_c2c_menu_add2skype">[[Skype: 18197580560?add&origin=FFTB/SPNR/7.1.15383.6004/http://update wikien.logilys.com/extensions/FCKeditor/fckeditor/editor/fckeditor.html|Add to Skype]]</div><div class="skype_c2c_menu_toll_info"><span class="skype_c2c_menu_toll_callcredit">You'll need Skype Credit</span><span class="skype_c2c_menu_toll_free">Free via Skype</span></div></div>  
 
== Questions / Answers  ==
 
== Questions / Answers  ==
  
Line 25: Line 25:
 
Q. Is it normal to be asked to complete the "SAQ C" form?&nbsp;  
 
Q. Is it normal to be asked to complete the "SAQ C" form?&nbsp;  
  
A. If you accept phone or mail donations (reply coupon), yes it is normal, you must fill out that form because you see and handle credit card numbers. The "SAQ C" form is a little more complete than the one mentioned in the previous question. This way, Optimal is making sure that you are handling credit card data safely when entering it into the virtual terminal.&nbsp;  
+
A. Yes, it is. Since you accept phone or mail donations (reply coupon), you see and habndle credit card numbers. The "SAQ C" form is a little more complete than the one mentioned in the previous question. It aims at guaranteeing ''Optimal Payments'' that your methods are secure when it comes to handling credit card data to be entered in the virtual terminal.&nbsp;  
  
 
<br>  
 
<br>  
Line 31: Line 31:
 
Q. Is it normal to be asked to complete the "SAQ D" form?  
 
Q. Is it normal to be asked to complete the "SAQ D" form?  
  
A. If you keep credit card numbers electronically (e.g. by e-mail or in an Excel spreadsheet), you must indeed complete the "SAQ D" form, which is highly complex. This method is to be avoided, because it exposes you to great risks of fraud and involves tremendous security constraints.  
+
A. Only if you keep credit card numbers electronically (e.g. by email or in an ''Excel ''spreadsheet). However, this method is to be avoided, because it exposes you to great risks of fraud and implies major security constraints.&nbsp; It is the most complex form to complete.  
  
 
<br>  
 
<br>  
  
Q. We have an Optimal account as well as the Online Donation Module (IMakeAnOnlineDonation), are the credit card numbers stored on your website?  
+
Q. We have an ''Optimal Payments'' account as well as the Online Donation Module (''IMakeAnOnlineDonation''). Is the credit card data saved on your website?  
  
A. Not at all, data relating to payments is stored in a secure vault at Netbanx and is not recoverable by you, nor by IMakeAnOnlineDonation.  
+
A. No, it is not. The payment data is kept in a secure vault at ''Netbanx'' and cannot be recovered, neither by you, nor by ''IMakeAnOnlineDonation''.  
  
 
<br>  
 
<br>  
  
Q. We have an Optimal account as well as the Electronic Transaction Module (virtual terminal), are the credit card numbers kept in ProDon?  
+
Q. We have an ''Optimal Payments'' account as well as the Electronic Transactions Module (virtual terminal). Is the credit card data saved in ''ProDon''?  
  
A. Not at all, data relating to payments is kept in a secure vault at Netbanx and is not recoverable by you, nor by ProDon.  
+
A. No, it is not. The payment data is kept in a secure vault at ''Netbanx'' and cannot be recovered, neither by you, nor by ''ProDon''.  
  
 
<br>  
 
<br>  
Line 49: Line 49:
 
Q. Can Logilys assist me to fill out the "SAQ A" or "SAQ C" PCI form?  
 
Q. Can Logilys assist me to fill out the "SAQ A" or "SAQ C" PCI form?  
  
A. You will find the section "LIST ALL THIRD PARTY SERVICE PROVIDERS (Leave blank if not applicable)" on the documents, here is the information you have to enter:  
+
A. Only for the&nbsp; "LIST ALL THIRD PARTY SERVICE PROVIDERS (Leave blank if not applicable)" section. Here is the information you need to enter:  
  
*Payment Gateway: "Netbanx-Optimal Payments"  
+
*Payment Gateway: "''Netbanx-Optimal Payments''"  
 
*Point-of-Sale Terminal: N/A  
 
*Point-of-Sale Terminal: N/A  
*Web Host: You must enter the web host of your organization  
+
*Web Host: You must enter the name of your organization's website host
 
*Payment Application: N/A  
 
*Payment Application: N/A  
*Shopping Cart: "IMakeAnOnlineDonation - Logilys"  
+
*Shopping Cart: "''IMakeAnOnlineDonation - Logilys''"  
 
*Co-Location: N/A
 
*Co-Location: N/A
  
For any other question, unfortunately, those questionnaires have to do with the security of your establishment and of the workstation that hosts ProDon. We do not have the required knowledge of your environment, nor the expertise on the PCI requirements to assist you adequately. However, feel free to contact us if you have any questions concerning IMakeAnOnlineDonation or ProDon. <br>  
+
All the other questions on those questionnaires are related to the IT security implemented in your organization and on the workstations hosting ''ProDon''. Since we do not know this environment and do not have any expertise with the PCI standards, we are not able to assist you any further. However, feel free to contact us for any questions related to ''IMakeAnOnlineDonation ''or ''ProDon''. <br>  
  
 
<br>  
 
<br>  
  
Q. Who is Security Metrics?  
+
Q. Who is ''Security Metrics''?  
  
A. This is a PCI firm, recommended by Optimal, that has the necessary certifications and expertise in order to assist you when completing the "SAQ A" or "SAQ C" forms. For any questions concerning PCI forms, you can contact CJ Pillings at 1-801-995-6402.<br>  
+
A. ''Security Metrics'' is a certified firm, specializing in the management of all aspects related to the PCI standards compliance, recommended by ''Optimal Payments''. This firm has the expertise required to assist you with the completion of the "SAQ A" or "SAQ C" forms. For any questions about these forms, you can contact CJ Pillings at 1-801-995-6402.<br>  
  
 
<br>  
 
<br>  
  
Q. Do we need a computer technician to complete the forms?  
+
Q. Do we need an IT technician to complete the forms?  
  
A. Most of the time, it is necessary to be assisted by a computer technician, because certain questions are very technical and require an excellent understanding of your computing and networknig environments.  
+
A. Certain questions are very technical and require an excellent comprehension of your IT&nbsp;environment and networking; so it is probable that you would need the help of your IT technician.  
  
 
<br>  
 
<br>  
  
Q. We have failed the PCI certification, what should we do?  
+
Q. We have failed the PCI certification. What should we do?  
  
A. In the non-conformance report, the safety rules that were failed are identified, you must check these points with your technicians in order to rectify the situation.  
+
A. The security regulations that were failed are clearly identified in the compliance report. You must check those points with your technician to rectify the situation.  
  
 
<br>  
 
<br>  
  
 
{{Footer_ProDon}}
 
{{Footer_ProDon}}

Revision as of 16:33, 19 November 2014

Template:Header ProDon

Introduction

Here are a few frequently asked questions concerning the PCI requirements.

We invite you to read them, for further questions, please contact us at 1-855-564-4597 or file a support request.


Questions / Answers

Q. What are the PCI standards?
A. PCI stands for Payment Card Industry.Those are the security regulations related to the data manipulation of the transactions made with credit cards, in order to prevent fraud.

Q. Do we have to comply with the PCI standards if we have a merchant account with Netbanx (Optimal Payments)?

A. Yes, you do. Any merchant who accepts transactions (donations or payments) by credit cards must comply with the PCI standards.


Q. We only have the Online Donation Module (IMakeAnOnlineDonation), therefore we do not deal with any credit card number (Web account). Do we still have to comply with the PCI standards?

A. Yes, you do. You must still comply with the PCI standards, but the form is easier to complete. It is the "SAQ A" form.


Q. Is it normal to be asked to complete the "SAQ C" form? 

A. Yes, it is. Since you accept phone or mail donations (reply coupon), you see and habndle credit card numbers. The "SAQ C" form is a little more complete than the one mentioned in the previous question. It aims at guaranteeing Optimal Payments that your methods are secure when it comes to handling credit card data to be entered in the virtual terminal. 


Q. Is it normal to be asked to complete the "SAQ D" form?

A. Only if you keep credit card numbers electronically (e.g. by email or in an Excel spreadsheet). However, this method is to be avoided, because it exposes you to great risks of fraud and implies major security constraints.  It is the most complex form to complete.


Q. We have an Optimal Payments account as well as the Online Donation Module (IMakeAnOnlineDonation). Is the credit card data saved on your website?

A. No, it is not. The payment data is kept in a secure vault at Netbanx and cannot be recovered, neither by you, nor by IMakeAnOnlineDonation.


Q. We have an Optimal Payments account as well as the Electronic Transactions Module (virtual terminal). Is the credit card data saved in ProDon?

A. No, it is not. The payment data is kept in a secure vault at Netbanx and cannot be recovered, neither by you, nor by ProDon.


Q. Can Logilys assist me to fill out the "SAQ A" or "SAQ C" PCI form?

A. Only for the  "LIST ALL THIRD PARTY SERVICE PROVIDERS (Leave blank if not applicable)" section. Here is the information you need to enter:

  • Payment Gateway: "Netbanx-Optimal Payments"
  • Point-of-Sale Terminal: N/A
  • Web Host: You must enter the name of your organization's website host
  • Payment Application: N/A
  • Shopping Cart: "IMakeAnOnlineDonation - Logilys"
  • Co-Location: N/A

All the other questions on those questionnaires are related to the IT security implemented in your organization and on the workstations hosting ProDon. Since we do not know this environment and do not have any expertise with the PCI standards, we are not able to assist you any further. However, feel free to contact us for any questions related to IMakeAnOnlineDonation or ProDon.


Q. Who is Security Metrics?

A. Security Metrics is a certified firm, specializing in the management of all aspects related to the PCI standards compliance, recommended by Optimal Payments. This firm has the expertise required to assist you with the completion of the "SAQ A" or "SAQ C" forms. For any questions about these forms, you can contact CJ Pillings at 1-801-995-6402.


Q. Do we need an IT technician to complete the forms?

A. Certain questions are very technical and require an excellent comprehension of your IT environment and networking; so it is probable that you would need the help of your IT technician.


Q. We have failed the PCI certification. What should we do?

A. The security regulations that were failed are clearly identified in the compliance report. You must check those points with your technician to rectify the situation.



Document name: ProDon:FAQ - PCI Standards