ProDon:FAQ - PCI Standards

From Logilys
Revision as of 13:48, 14 April 2014 by Ncarrier (talk | contribs)
Jump to: navigation, search

Template:Header ProDon

Introduction

Here are a few frequently asked questions concerning the PCI requirements.

We invite you to read them, for further questions, please contact us at 819-758-0560 or file a support request.


Questions / Answers

Q. What are the PCI requirements?
A. These are safety rules relating to handling credit card data, in order to prevent fraud.

Q. Must we comply to the PCI requirements if we have a merchant account with Netbanx (Optimal Payments)?

A. Yes, any merchant who accepts donations and/or credit card payments must comply to the PCI requirements.


Q. We only have the Online Donation Module (IMakeAnOnlineDonation), therefore we do not deal with any credit card number (Web account), do we still have to comply with the PCI requirements?

A. Yes, you still have to comply to the PCI requirements, but the form to fill out in that case is very simple, it is the "SAQ A" form.


Q. Is it normal to be asked to complete the "SAQ C" form? 

A. If you accept phone or mail donations (reply coupon), yes it is normal, you must fill out that form because you see and handle credit card numbers. The "SAQ C" form is a little more complete than the one mentioned in the previous question. This way, Optimal is making sure that you are handling credit card data safely when entering it into the virtual terminal. 


Q. Is it normal to be asked to complete the "SAQ D" form?

A. If you keep credit card numbers electronically (e.g. by e-mail or in an Excel spreadsheet), you must indeed complete the "SAQ D" form, which is highly complex. This method is to be avoided, because it exposes you to great risks of fraud and involves tremendous security constraints.


Q. We have an Optimal account as well as the Online Donation Module (IMakeAnOnlineDonation), are the credit card numbers stored on your website?

A. Not at all, data relating to payments is stored in a secure vault at Netbanx and is not recoverable by you, nor by IMakeAnOnlineDonation.


Q. We have an Optimal account as well as the Electronic Transaction Module (virtual terminal), are the credit card numbers kept in ProDon?

A. Not at all, data relating to payments is kept in a secure vault at Netbanx and is not recoverable by you, nor by ProDon.


Q. May Logilys assist me to fill out PCI form "SAQ A" or "SAQ C"?

A. Unfortunately, these questionnaires concern the safety of your establishment and of the workstation hosting ProDon, we do not have the required knowledge of your environment nor the expertise with the PCI requirements to adequately assist you. However, do not hesitate to contact us if you have any questions concerning IMakeAnOnlineDonation or ProDon.


Q. Who is Security Metrics?

A. This is a PCI firm, recommended by Optimal, that has the necessary certifications and expertise in order to assist you when completing the "SAQ A" or "SAQ C" forms. For any questions concerning PCI forms, you can contact Mike Kelly at 1-801-995-6708[[Image:]]1-801-995-6708<span class="skype_c2c_free_text_span" />.


Q. Do we need a computer technician to complete the forms?

A. Most of the time, it is necessary to be assisted by a computer technician, because certain questions are very technical and require an excellent understanding of your computing and networknig environments.


Q. We have failed the PCI certification, what should we do?

A. In the non-conformance report, the safety rules that were failed are identified, you must check these points with your technicians in order to rectify the situation.



Document name: ProDon:FAQ - PCI Standards