PCI Tutorial

You must complete a PCI compliance Self Assessment Questionnaire (SAQ) once a year in order to be PCI compliant and avoid paying a monthly non-compliance fee. Even if you are not actively using eCatholic Payments at the moment, your CardConnect account is still subject to compliance. To get started with the SAQ, follow the instructions below.

There are two ways to get started:

  1. Log into your CardPointe account (if you have access to a CardPointe account)
  2. Create a SecureTrust account (if you do not yet have access to a CardPointe account)
1

Log into your CardPointe account (pictured below)

  1. Log into your CardPointe account by visiting www.cardpointe.com/account (pictured below).
  2. If you have not registered your account yet, you may do so by visiting cardpointe.com/account/registration#/registration (pictured below). You will need the MID that is in your PCI email.
  3. Once you are logged in, click on "My Account". Under PCI Status, you can click on the hyperlink labeled "Not Compliant" (pictured below) in-line with your main Merchant ID.
  4. After you click on "Not Compliant", you will be redirected to the SecureTrust website to start* the PCI Compliance process.
    *NOTE: When you are redirected to the PCI Compliance process, click on "Guide Me" to begin the tutorial. You can now skip ahead to the Complete the PCI Questionnaire portion of this Help Article below.
2

Create a SecureTrust account (pictured below)

  1. You can get started using this link:  https://pci.securetrust.com/cardconnect. Click "Get Started" to register as a new user (pictured below), and follow the steps below.

    NOTE: If you've completed the questionnaire in previous years and already have a username and password, click "Login" instead, and skip to Complete the PCI Questionnaire.

  2. Begin by entering your Business Information and Primary Contact Information. When you are done, click Next.Click image to expand.

  3. Then, create your SecureTrust account credentials and choose three security questions. Be sure to keep this information in a safe place, as you will need it again next year to renew your PCI Compliance Questionnaire.
  4. To continue on to the PCI Questionnaire, click the blue Continue button on the bottom right of your web browser.
  5. Choose Guide Me to begin the PCI Questionnaire. 

Complete the PCI Questionnaire

The PCI Questionnaire is broken up in to 5 sections. You may save and exit the questionnaire at anytime during the process. You work will be saved so that you can come back and finish at anytime. However, we recommend completing the entire questionnaire in one sitting.

The instructions below are broken up by section:

  1. PCI Profile
  2. Company Profile
  3. Wizard
  4. Questionnaire
  5. Confirmation
1

PCI Profile

Select the following answers for each slide that you complete. They are listed in the order that you will answer them:

  1. What Are The Ways You Accept Credit Card Payments
    • ONLY select: My business has a website where payments with a credit card are made online. Then, click Next.

    Click image to expand.

  2. Credit Card Data Storage
    • Select: None of the above - I never store credit card data. Then click Next.

    Click image to expand.

  3. Web Site Control
    • Select: No - a third-party service provider handles ALL administration. Then click Next.

    Click image to expand.

  4. Review your PCI Profile Summary. Then click Next
    STOP! Make sure the Annual Questionnaire listed under Included Tools is Self Assessment Questionnaire "A" (pictured below). If it is any other version, please click the "Change PCI Profile" button at the bottom, and ensure your PCI Profile answers match those given above.

    Click image to expand.

2

Company Profile

  1. Review the listed Contact Details and verify that it is correct. Then click Next.
  2. Review your Account Details.

    Under the General Info section, be sure to review or complete the following:

    • Industry
    • Primary Contact
    • Mailing Address
    • City
    • Country
    • State/Province
    • ZIP/Postal Code

    Under the Additional Info section, fill out the following:

    • Service Providers: Yes
    • Multiple Acquirers: No
    • Payment Card Activity: Type in "Merchant is e-commerce and outsources all credit card processing".
    • Environment Under Assessment: Type in "All processing is done through third-party software."

    Click  Next when you are done.

  3. Status Reporting. Verify your merchant ID number is correct. Then click Next.Click image to expand.
  4. Websites. Type in the website URL where you will be taking donations and payments, check the box asserting your organization "has full authority to allow TrustWave to monitor the above website", and then click ADD.   

    *Please note that if you are using a newer top level domain such as  .church or  .school, you may need to enter the full URL with the HTTP:// or HTTPS://.
    If you are using more than one website to receive donations and payments with this merchant account, repeat this step until you have added every website you will be actively using.

    Click image to expand.

    Once you are finished, the domains that you added will be listed in your window (pictured below): Click image to expand.

    After you verify that all the correct URLs are listed, click Next.

  5. Service Providers. Next, add eCatholic as your service provider (pictured below):Click image to expand.
  6. Under Company, use the following information:

    • Company: Select No match, add new and type "eCatholic" into the box.
    • Services: Use the drop-down menu to select Web Site Hosting and Payment Processing and select "Currently PCI Compliant".
    • Once you are done, click Add. Note: You may not see "eCatholic" appear in the list after clicking Add, but you can continue anyway.

    Click Next at the bottom of the page.

3

Wizard

Select the following choices for each slide that you complete. They are listed in the order that you will answer them:

  1. Paper Documents with Credit Card Data
    • Select No, then click Next.
  2. Restrict Access to POS Devices
    • Select Yes, then click Next.
  3. Keep Track of POS Devices - Select ONLY the following boxes (pictured below):
    • The list includes all card-reading devices.
    • The list includes the device make and model, the location, and the serial number or similar identifier.
    • The list is kept up-to-date when devices are added, relocated, or removed from operation.

    Click image to expand.

  4. Inspect POS Devices for Tampering
    • Select: Yes, then click Next.
  5. Sharing Card Data with Third-Parties
    • Select: No, then click Next.
  6. Maintain Written Security Policies
    • Select: Yes, then click Next.
  7. Define Security Responsibilities
    • Select Yes. Then click Next.
  8. Review Security Policies Annually
    • Select: Yes, then click Next.
  9. Computer and Device Usage - Select ONLY the following boxes (pictured below):
    • Require explicit approval by authorized parties to use the technologies.
    • Maintain a list of all such devices and personnel with access
    • Specify locations the technology can be used and a description of acceptable business usage. 

    Click image to expand.

  10. Maintain an Incident Response Plan
    • Select Yes, then click Next.
  11. Restrict Sending of Credit Card Data
    • Select Yes, then click Next.
  12. Provide Security Training to Employees
    • Select Yes, then click Next.
  13. Recognize POS Device Tampering
    • Select Yes, then click Next.
4

Questionnaire

Select the following choices for each slide that you complete. They are shown in the order that you will answer them:

  1. Eligibility: Select ALL SIX checkboxes listed on the right-hand side of the page. Then click Next.Click image to expand.
  2. System Settings - Select Not Applicable for both questions, and type "does not apply" into each text box (pictured below). Then, click Next
      Note: When Not Applicable is selected, the words "Not Applicable" will be highlighted in blue.

    Click image to expand.

  3. Application and Systems Security - Select Not Applicable on both questions, and type "does not apply" into each text box. Then, click Next
    Click image to expand.
  4.  Account Security - Select Yes on ALL questions (pictured below). Then, click Next
    Click image to expand.
  5. Physical Access Controls - Select Not Applicable on ALL NINE questions, and type "My business does not store credit card data in any form, either electronic or paper documents or receipts" into each text box (pictured below). Then, click Next. Click image to expand.
  6. Security Policies and Procedures - Select Not Applicable on ALL FIVE questions, and type "My organization does not have any relationships with third-party companies where credit card data is shared or who could affect the security of the credit card environment" into each text box (pictured below). **The sixth question (12.10.1 (a)) will already say "Yes", you should leave this unchanged. Then, click Next.Click image to expand.
  7. Acknowledge and Submit
    • Select ALL FIVE checkboxes.
    • Select the Sign checkbox
    • Type in "Admin" in the Title box.
    • Type in your name in the Executive Officer box.
    • Click Submit to complete the questionnaire.

    Click image to expand.

5

Confirmation

Congratulations! You've completed the PCI Questionnaire. Be sure to download your Certificate of PCI Compliance (pictured below). Click image to expand.

Finally, click on the blue PCI Home button, and you will be taken back to your PCI Home. There, you can view when your next certification is due, and see the current state of your questionnaire status.Click image to expand.

Still need help? Contact Us Contact Us