PCI Tutorial

A Guide to the TrustWave PCI Compliance Questionnaire

You must complete a PCI compliance Self Assessment Questionnaire (SAQ) once a year in order to be PCI compliant and avoid paying a monthly noncompliance fee. To get started with the SAQ, follow the instructions below.

Access the "Get Started" page to create a SecureTrust account (pictured in the screenshot below)

  1. You must use SecureTrust to complete this questionnaire. You can get started using this link:  https://pci.securetrust.com/cardconnect. Click "Get Started" to register as a new user, following the steps below.

    NOTE: If you've completed the questionnaire in previous years and already have a username and password, click "Login" instead, and skip to Complete the PCI Questionnaire .

  2. Begin by entering your Business Information and Primary Contact Information. When you are done, click Next.

  3. Then, create your SecureTrust account credentials and choose three security questions. Be sure to keep this information in a safe place, as you will need it again next year to renew your PCI Compliance Questionnaire.
  4. To continue on to the PCI Questionnaire, click the blue Continue button on the bottom right of your web browser.
  5. Choose Guide Me to begin the PCI Questionnaire. 

Complete the PCI Questionnaire

The PCI Questionnaire is broken up in to 5 sections. You may save and exit the questionnaire at anytime during the process. You work will be saved so that you can come back and finish at anytime. However, we recommend completing the entire questionnaire in one sitting.

The instructions below are broken up by section:

  1. PCI Profile
  2. Company Profile
  3. Wizard
  4. Questionnaire
  5. Confirmation
1

PCI Profile

Select the following answers for each slide that you complete. They are listed in the order that you will answer them:

  1. What Are The Ways You Accept Credit Card Payments
    • ONLY select: My business has a website where payments with a credit card are made online. Then, click Next.

  2. Credit Card Data Storage
    • Select: None of the above - I never store credit card data. Then click Next.

  3. Web Site Control
    • Select: No - a third-party service provider handles ALL administration. Then click Next.

  4. Review your PCI Profile Summary. Then click Next
    IMPORTANT: Make sure the Annual Questionnaire listed under Included Tools is "Self Assessment Questionnaire "A". If it is a different version, please check your PCI Profile answers to make sure they match those given above.

2

Company Profile

  1. Review the listed contact information and verify that it is correct. Then click Next.
  2. Review your general account info, and add additional info.

    Under the General Info section, be sure to review or complete the following:

    • Industry
    • Primary Contact
    • Mailing Address
    • City
    • Country
    • State/Province
    • ZIP/Postal Code

    Under the Additional Info section, fill out the following:

    • Service Providers: Yes
    • Multiple Acquirers: No
    • Payment Card Activity: Type in "Merchant is e-commerce and outsources all credit card processing".
    • Environment Under Assessment: Type in "All processing is done through third-party software."

    Click  Next when you are done.

  3. Verify your merchant ID number is correct. Then click Next.
  4. Type in the website URL where you will be taking donations and payments and then click ADD (pictured below).

    If you are using more than one website to receive donations and payments with this merchant account, repeat this step until you have added every website you will be actively using.

    Once you are finished, the domains that you added will be listed in your window (pictured below):

    After you verify that all the correct URLs are listed, click Next.

  5. Next, add eCatholic as your service provider (pictured below):
  6. Under Company, use the following information:

    • Company: Select No match, add new and type "eCatholic" into the box.
    • Services: Use the drop-down menu to select Web Site Hosting and Payment Processing and select "Currently PCI Compliant".

    Once you are done, click Add. To continue, click Next at the bottom of the page.

3

Wizard

Select the following choices for each slide that you complete. They are listed in the order that you will answer them:

  1. Paper Documents with Credit Card Data
    • Select No, then click Next.
  2. Restrict Access to POS Devices
    • Select Yes, then click Next.
  3. Keep Track of POS Devices - Select ONLY the following boxes (pictured below):
    • The list includes all card-reading devices.
    • The list includes the device make and model, the location, and the serial number or similar identifier.
    • The list is kept up-to-date when devices are added, relocated, or removed from operation.

  4. Inspect POS Devices for Tampering
    • Select: Yes, then click Next.
  5. Sharing Card Data with Third-Parties
    • Select: No, then click Next.
  6. Maintain Written Security Policies
    • Select: Yes, then click Next.
  7. Define Security Responsibilities
    • Select Yes. Then click Next.
  8. Review Security Policies Annually
    • Select: Yes, then click Next.
  9. Computer and Device Usage - Select ONLY the following boxes (pictured below):
    • Require explicit approval by authorized parties to use the technologies.
    • Maintain a list of all such devices and personnel with access
    • Specify locations the technology can be used and a description of acceptable business usage. 

  10. Maintain an Incident Response Plan
    • Select Yes, then click Next.
  11. Restrict Sending of Credit Card Data
    • Select Yes, then click Next.
  12. Provide Security Training to Employees
    • Select Yes, then click Next.
  13. Recognize POS Device Tampering
    • Select Yes, then click Next.
4

Questionnaire

Select the following choices for each slide that you complete. They are shown in the order that you will answer them:

  1. Eligibility: Select ALL SIX checkboxes listed on the right-hand side of the page. Then click Next.
  2. System Settings - Select Not Applicable for both questions, then type "does not apply" into each text box (pictured below). Then, click Next
    • Note: When Not Applicable is selected, the words "Not Applicable" will be highlighted in blue.

  3. Application and Systems Security - Select Not Applicable on both questions, then type "does not apply" into each text box. Then, click Next
  4.  Account Security - Select Yes on ALL questions (pictured below). Then, click Next
  5. Physical Access Controls - Select Not Applicable on ALL NINE questions, then type "My business does not store credit card data in any form, either electronic or paper documents or receipts" into each text box (pictured below). Then, click Next
  6. Security Policies and Procedures - Select Not Applicable on ALL FIVE questions, then type "My organization does not have any relationships with third-party companies where credit card data is shared or who could affect the security of the credit card environment" into each text box (pictured below). Then, click Next.
  7. Acknowledge and Submit
    • Select ALL FIVE checkboxes.
    • Select the Sign checkbox
    • Type in "Admin" in the Title box.
    • Type in your name in the Executive Officer box.
    • Click Submit to complete the questionnaire.

5

Confirmation

Congratulations! You've completed the PCI Questionnaire. Be sure to download your Certificate of PCI Compliance (pictured below).

Finally, click on the blue PCI Home button, and you will be taken back to your PCI Home. There, you can view when your next certification is due, and see the current state of your questionnaire status.

Still need help? Contact Us Contact Us