ProDon:FAQ - PCI Standards

Introduction

Here are some frequently asked questions about the PCI standard, which we invite you to read.

If you have any further questions, please contact us at 1-855-564-4597 or file a support request.

Questions / Answers

Q. What is the PCI standard?
A. PCI stands for Payment Card Industry. These are security regulations for handling credit card transaction data, established to prevent fraud.

Q. Do we have to comply with the PCI standard if we have a merchant account with Netbanx (PaySafe)?

A. Yes. Any merchant accepting credit card transactions (donations or payments) must comply with the PCI standard.

Q. We only have the online donation module (IMakeAnOnlineDonation), so we do not handle any credit card numbers (web account). Do we still have to comply with the PCI standard?

A. Yes. You still must comply with the PCI standard, but the form to be completed in this case is very simple: the "SAQ A" form.

Q. Is it normal to be asked to fill out the "SAQ C" form? 

A. Yes, if you accept donations by telephone or mail (reply coupons), because you see and handle credit card numbers. The "SAQ C" form is a little more complete than the "SAQ A" form. It is designed to assure PaySafe that your methods are secure when you handle credit card data and enter it into the virtual terminal. 

Q. Is it normal to be asked to complete the "SAQ D" form?

A. Only if you keep credit card numbers electronically (e.g. by email or in an Excel spreadsheet). However, this method is to be avoided because it exposes you to great risks of fraud and implies major security constraints.  It is the most complex form to complete.

Q. We have a PaySafe account as well as the Online Donation Module (IMakeAnOnlineDonation). Are the credit card data saved on your website?

A. No, they are not. The payment data are kept in a secure vault at Netbanx and cannot be recovered, neither by you, nor by IMakeAnOnlineDonation.

Q. We have a PaySafe account as well as the Electronic Transactions Module (virtual terminal). Are the credit card data saved in ProDon?

A. No, they are not. The payment data are kept in a secure vault at Netbanx and cannot be recovered, neither by you, nor by ProDon.

Q. Can Logilys assist me to fill out the "SAQ A" or "SAQ C" PCI form?

A. Only for the  "LIST ALL THIRD PARTY SERVICE PROVIDERS (Leave blank if not applicable)" section. Here is the information you need to enter:

• Payment Gateway: "Netbanx-PaySafe"
• Point-of-Sale Terminal: N/A
• Web Host: You must enter the name of your organization's website host
• Payment Application: N/A
• Shopping Cart: "IMakeAnOnlineDonation - Logilys"
• Co-Location: N/A

All the other questions on those questionnaires are related to the IT security implemented in your organization and on the workstations hosting ProDon. Since we do not know this environment and do not have any expertise with the PCI standards, we are not able to assist you any further.

However, feel free to contact us with any questions related to IMakeAnOnlineDonation or ProDon.

Q. Who is Security Metrics?

A. Security Metrics is a certified firm, specializing in the management of all aspects related to the PCI standards compliance, recommended by PaySafe. This firm has the expertise required to assist you with the completion of the "SAQ A" or "SAQ C" form. For any questions about these forms, you can contact a support technician at 1-801-995-6403.

Q. Do we need an IT technician to complete the forms?

A. Certain questions are very technical and require an excellent understanding of your IT environment and networking; consequently it is very likely that you will need the help of your IT technician.

Q. We have failed the PCI certification. What should we do?

A. The security regulations that failed are clearly identified in the compliance report. You must check these points with your technician to rectify the situation.

Document name: ProDon:FAQ - PCI Standards