PCI Tutorial

A Guide to the TrustWave PCI Compliance Questionnaire

You must complete a PCI compliance Self Assessment Questionnaire (SAQ) once a year in order to be PCI compliant and avoid paying a monthly noncompliance fee. To get started with the SAQ, follow the instructions below.

1

Log in to CardPointe

To begin, log in to your CardPointe account and complete the following steps:

  1. Click the My Account tab.
  2. If you currently have a PCI Non-Compliant MID, a warning will appear (pictured below). Click Learn how to get compliant to begin the questionnaire.

2

PCI Compliance Overview

Once the PCI Compliance Questionnaire opens, complete the Tell us about your business section as follows:

  • How do you accept credit cards? - Select Website, then click Next.

  • Where are credit card numbers collected? Select A Third-Party, then click Continue.

Then, you'll return to the Overview screen. Click Next to proceed to the Merchant Profile section.

3

Merchant Profile

To begin completing your Merchant Profile, enter your information into the General Info section as follows:

  • Industry: Use the drop-down menu to select your industry. (Charitable Organizations is a commonly selected choice.)
  • Secondary Contact: If needed, you can add a Secondary Contact for your profile.
  • Verify and/or edit other details as needed.

Within the Additional Info section, select the following:

  • Service Providers: Yes
  • Multiple Acquirers: No

Once finished, click Next. Then on the PCI Assessment and Status Reporting screen, simply confirm your Merchant ID and click Next to proceed.

4

Business Environment

Next, you'll need to Verify Your Card Acceptance Information. Verify that the following items are correct, then click Next.

  • In Person Purchases: No
  • Mail or Telephone Orders: No
  • Website Orders: Yes
  • Other Details: Your web site redirects customers to a third-party (service provider) to take credit cards from customers and process payments. Your customers never enter credit card numbers on your own web site directly.

Then click Add Web Site to enter your domain name (e.g., myparish.com). Once entered, click Save. Then click Next.

To continue, click Add Service Provider and complete the following steps:

  1. Use the Service Provider field to enter eCatholic.
  2. Click Search.
  3. Click No Match, then select Add New.
  4. Under Services Provided, use the drop-down menu to select Web Site Hosting and Payment Processing.
  5. Verify that the PCI Compliant option is set to Yes. Click Save and Next to proceed.

5

Questionnaire

Once you arrive to the fourth section, verify that Step-By-Step is selected, then click Next. Complete the subsequent sections as follows:

Card Data Storage & Processing 

  • Credit Card Data Storage: Select None of the above - I never store credit card data. Click Next. 

  • Website Control: Select No - a third-party service provider handles ALL administration. Click Next, then click Continue.

Physical Security

You may need to click Begin to proceed.

  • Paper Documents with Credit Card Data: Select No. Click Next, then click Continue.

Security Policies

  • Sharing Card Data with Third-Parties: Select No. Click Next.
  • Maintain Written Security Policies: Select Yes (the first item listed). You will then be sent general information about not storing credit card data. Click Next.
  • Define Security Responsibilities: Select Yes, even if the scenario of having other employees and contractors does not apply to your organization. Click Next.
  • Review Security Policies Annually: Select Yes. Click Next.
  • Computer and Device Usage: Check the top three items. Click Next.

  • Maintain an Incident Response Plan: Select Yes. Click Next.

You'll then be prompted to review your submission; click Next Section to proceed.

System Settings

Since eCatholic Payments does not require you to install anything on your network, Click N/A for questions 2.1 (a) and 2.1 (b). In the comments box, enter Does not apply for each item (pictured below). Click Next Section to proceed.

Account Security Questions

  • 8.1.1: Select Yes.
  • 8.1.3: Select Yes
  • 8.2: Select Yes.
  • 8.2.3 (a): Select Yes.
  • 8.5: Select Yes.

Then, click Acknowledge and Submit (pictured below).

Confirmation

Lastly, you'll need to complete the Confirmation of Compliant Status as follows:

  1. Verify/check all five statements.
  2. Use the checkbox to sign the acknowledgement.
  3. Enter your title.
  4. Enter your full name in the Merchant Executive Officer field.

Once finished, click Submit.

As a final step:

  1. Click Visit Your PCI Dashboard. Notice that your next PCI Certification Deadline will be one year from the date you completed the questionnaire.
  2. Go to Certificate of Compliance and use the Click here link (pictured below) to save a copy of the certificate to your hard drive.

Still need help? Contact Us Contact Us