PCI Tutorial

A Guide to the TrustWave PCI Compliance Questionnaire

You must complete a PCI compliance Self Assessment Questionnaire (SAQ) once a year in order to be PCI compliant and avoid paying a monthly noncompliance fee. To get started with the SAQ, follow the instructions below.

Note: The PCI Compliance Questionnaire has recently been updated. The steps and screenshots showcased in this guide do not exactly reflect the current questionnaire. We are currently in the process of updating this guide, and should have a completed guide by August 15, 2020.

If you have any questions, or would like to be notified when this guide has been updated to reflect the correct questionnaire, please contact payments@ecatholic.com.


Access the "Get Started" page for Trustwave (pictured in screenshot below)

  1. You can get started using this link https://pci.trustwave.com/cardconnect

    NOTE: If prompted, you may need to enable Adobe Flash Player to proceed with the account registration process.

  2. Begin the registration process

  3. On the following screen, click WEBSITE, then NEXT:  

  4. Identify the SAQ version you completed (This portion may or may not appear.  If it does not, continue below)

    Next, select the SAQ With No Scan option ( illustrated below). Click Continue to proceed.  

  5. Create your user account: Finally, enter a username, password, and complete the account security questions. To finish your registration, click the green Register button.  


PCI Compliance Overview

Once the PCI Compliance Questionnaire opens, complete the Tell us about your business section as follows:

  • How do you accept credit cards? - Select Website, then click Next.

  • Where are credit card numbers collected? Select A Third-Party, then click Continue.

Then, you'll return to the Overview screen. Click Next to proceed to the Merchant Profile section.


Merchant Profile

To begin completing your Merchant Profile, enter your information into the General Info section as follows:

  • Industry: Use the drop-down menu to select your industry. (Charitable Organizations is a commonly selected choice.)
  • Secondary Contact: If needed, you can add a Secondary Contact for your profile.
  • Verify and/or edit other details as needed.

Within the Additional Info section, select the following:

  • Service Providers: Yes
  • Multiple Acquirers: No
  • Payment Card Activity: Type in "Merchant is e-commerce and outsources all credit card processing".
  • Environment Under Assessment: Type in "All processing is done through third party software."

Once finished, click Next. Then on the PCI Assessment and Status Reporting screen, simply confirm your Merchant ID and click Next to proceed.


Business Environment

Next, you'll need to Verify Your Card Acceptance Information. Verify that the following items are correct, then click Next.

  • In Person Purchases: No
  • Mail or Telephone Orders: No
  • Website Orders: Yes
  • Other Details: Your web site redirects customers to a third-party (service provider) to take credit cards from customers and process payments. Your customers never enter credit card numbers on your own web site directly.

Then click Add Web Site to enter your domain name (e.g., myparish.com). Once entered, click Save. Then click Next.

To continue, click Add Service Provider and complete the following steps:

  1. Use the Service Provider field to enter eCatholic.
  2. Click Search.
  3. Click No Match, then select Add New.
  4. Under Services Provided, use the drop-down menu to select Web Site Hosting and Payment Processing.
  5. Verify that the PCI Compliant option is set to Yes. Click Save and Next to proceed.



Once you arrive to the fourth section, verify that Step-By-Step is selected, then click Next. Complete the subsequent sections as follows:

Card Data Storage & Processing 

  • Credit Card Data Storage: Select None of the above - I never store credit card data. Click Next. 

  • Website Control: Select No - a third-party service provider handles ALL administration. Click Next, then click Continue.

Physical Security

You may need to click Begin to proceed.

  • Paper Documents with Credit Card Data: Select No. Click Next, then click Continue.

Security Policies

  • Sharing Card Data with Third-Parties: Select No. Click Next.
  • Maintain Written Security Policies: Select Yes (the first item listed). You will then be sent general information about not storing credit card data. Click Next.
  • Define Security Responsibilities: Select Yes, even if the scenario of having other employees and contractors does not apply to your organization. Click Next.
  • Review Security Policies Annually: Select Yes. Click Next.
  • Computer and Device Usage: Check the top three items. Click Next.

  • Maintain an Incident Response Plan: Select Yes. Click Next.

You'll then be prompted to review your submission; click Next Section to proceed.


System Settings

Since eCatholic Payments does not require you to install anything on your network, Click N/A for questions 2.1 (a) and 2.1 (b). In the comments box, enter Does not apply for each item (pictured below). Click Next Section to proceed.

Application and Systems Security

Account Security Questions

  • 8.1.1: Select Yes.
  • 8.1.3: Select Yes
  • 8.2: Select Yes.
  • 8.2.3 (a): Select Yes.
  • 8.5: Select Yes.

Then, click Acknowledge and Submit (pictured below).

Physical Access Controls

Security Policies and Procedures


Lastly, you'll need to complete the Confirmation of Compliant Status as follows:

  1. Verify/check all five statements.
  2. Use the checkbox to sign the acknowledgement.
  3. Enter your title.
  4. Enter your full name in the Merchant Executive Officer field.

Once finished, click Submit.

As a final step:

  1. Click Visit Your PCI Dashboard. Notice that your next PCI Certification Deadline will be one year from the date you completed the questionnaire.
  2. Go to Certificate of Compliance and use the Click here link (pictured below) to save a copy of the certificate to your hard drive.

Still need help? Contact Us Contact Us