ProDon:FAQ - PCI Standards
Introduction
Here are a few frequently asked questions concerning the PCI requirements.
We invite you to read them, for further questions, please contact us at 819-758-0560 or file a support request.
Questions / Answers
Q. What are the PCI requirements?
A. These are safety rules relating to handling credit card data, in order to prevent fraud.
Q. Must we comply to the PCI requirements if we have a merchant account with Netbanx (Optimal Payments)?
A. Yes, any merchant who accepts donations and/or credit card payments must comply to the PCI requirements.
Q. We only have the Online Donation Module (IMakeAnOnlineDonation), therefore we do not deal with any credit card number (Web account), do we still have to comply with the PCI requirements?
A. Yes, you still have to comply to the PCI requirements, but the form to fill out in that case is very simple, it is the "SAQ A" form.
Q. Is it normal to be asked to complete the "SAQ C" form?
A. If you accept phone or mail donations (reply coupon), yes it is normal, you must fill out that form because you see and handle credit card numbers. The "SAQ C" form is a little more complete than the one mentioned in the previous question. This way, Optimal is making sure that you are handling credit card data safely when entering it into the virtual terminal.
Q. Is it normal to be asked to complete the "SAQ D" form?
A. If you keep credit card numbers electronically (e.g. by e-mail or in an Excel spreadsheet), you must indeed complete the "SAQ D" form, which is highly complex. This method is to be avoided, because it exposes you to great risks of fraud and involves tremendous security constraints.
Q. We have an Optimal account as well as the Online Donation Module (IMakeAnOnlineDonation), are the credit card numbers stored on your website?
A. Not at all, data relating to payments is stored in a secure vault at Netbanx and is not recoverable by you, nor by IMakeAnOnlineDonation.
Q. We have an Optimal account as well as the Electronic Transaction Module (virtual terminal), are the credit card numbers kept in ProDon?
A. Not at all, data relating to payments is kept in a secure vault at Netbanx and is not recoverable by you, nor by ProDon.
Q. Can Logilys assist me to fill out the "SAQ A" or "SAQ C" PCI form?
A. You will find the section "LIST ALL THIRD PARTY SERVICE PROVIDERS (Leave blank if not applicable)" on the documents, here is the information you have to enter:
- Payment Gateway: "Netbanx-Optimal Payments"
- Point-of-Sale Terminal: N/A
- Web Host: You must enter the web host of your organization
- Payment Application: N/A
- Shopping Cart: "IMakeAnOnlineDonation - Logilys"
- Co-Location: N/A
For any other question, unfortunately, those questionnaires have to do with the security of your establishment and of the workstation that hosts ProDon. We do not have the required knowledge of your environment, nor the expertise on the PCI requirements to assist you adequately. However, feel free to contact us if you have any questions concerning IMakeAnOnlineDonation or ProDon.
Q. Who is Security Metrics?
A. This is a PCI firm, recommended by Optimal, that has the necessary certifications and expertise in order to assist you when completing the "SAQ A" or "SAQ C" forms. For any questions concerning PCI forms, you can contact CJ Pillings at 1-801-995-6402.
Q. Do we need a computer technician to complete the forms?
A. Most of the time, it is necessary to be assisted by a computer technician, because certain questions are very technical and require an excellent understanding of your computing and networknig environments.
Q. We have failed the PCI certification, what should we do?
A. In the non-conformance report, the safety rules that were failed are identified, you must check these points with your technicians in order to rectify the situation.
Document name: ProDon:FAQ - PCI Standards
