PCI Compliance and Security
      Back to home
      1. Help Center
      2. PCI Compliance and Security

      PCI Compliance Questionnaire

      Below is the step by step questions and answers for completing the PCI Compliance questionnaire and becoming PCI Compliant.

      PCI Compliance Questionnaire



      Q. How do you accept payment cards?


      A. e-Commerce store



      Q. Where is your e-Commerce website hosted?


      A. Do you use a third-party hosting company to host your website? Yes

      Your website hosting company


      A. Select or add your website hosting company – Wordpress, Squarespace, GoDaddy, etc.



      Your e-Commerce payment processing


      Q. Are your online customers redirected from your company’s website to a payment
      gateway/processor hosted payment/webpage/iFrame to process card payments?


      A. Yes


      Q. Do you provide your customers with the ability to enter payment card data directly into
      your website(s) for processing?


      A. No



      Q. Who developed your e-Commerce store?


      A. Developed and built within my organization



      Q. Your payment service provider


      A. First Data Integrated Payment Systems

      Is your Payment Service Provider PCI Compliant?

      Q. Can you verify or provide proof that your Payment Service Provider is PCI Compliant
      for the services they provide?


      A. Yes


      Q. Have you verified with your PSP that they do not pass card data back to your payment
      application or website?


      A. Yes

      Your website shopping cart
      A. Select or add your website hosting company – Wordpress, Squarespace, GoDaddy, etc.

      Other uses of card numbers


      Q. Does anyone in your organization send or receive full card numbers via email or instant
      messaging?

      A. No


      Q. Does your company otherwise store, transmit or receive cardholder data electronically in any other way and for any other purpose? This could be via CD-ROM, USB drive or an internet network.

      A. No



      Your company policy for information security


      A. I already have an Information Security Policy in place that covers ALL of the relevant clauses of the Payment Card Industry Data Security Standard.



      Complete the Security Questions.

      The answer should be yes to all.

       

      Please provide the information requested below. This will form part of your Attestation of Compliance:

       

      Q. List your business premises type(s) and a summary of locations that are relevant to your PCI DSS assessment (eg. retail outlets, corporate offices, data centres, call centres, etc...)

      A. Corporate office. Payments are accepted online.
       
      Q. How and in what capacity does your business store, process and/or transmit cardholder data?
      A. Payment information is taken on our secure and compliant online payment page.
       
      Q. Provide a high-level description of your overall business environment, applicable to your PCI DSS assessment. For example describe the type of equipment you use for card processing, storage and transmission, such as POS devices and any databases and webservers, include a description as to how they connect both externally and any internal connections. 
      A. Our organization utilizes payment forms provided by our payment processor and all payments are taken on their secure pages. Payments are made by the cardholder and we do not touch or store card data. Our payment pages are linked on our website for our donors to access.