Create your own PCI DSS certification
The Payment Card Industry Data Service Standard (PCI DSS) is a set of requirements for the processing of credit card transactions. The PCI DSS is supported by major credit card issuers with the aim of avoiding misuse and theft of data.
If you would like to receive donations via credit card payments, you will be asked annually by SIX Payment Services to confirm the fulfilment of the requirements for secure credit card transactions.
For your first visit to the PCI DSS Merchant Compliance Portal (https://six.tuev-sued.com/six_merchant-portal/login?1), you need to register first. For this you need your customer number and the postal code of the company headquarters.
On the home page you can find the compliance overview. It takes two steps to your certificate and associated label. The first step is the classification.
First select the type of acceptance contract. In your case, it's e-commerce:
Then please enter the industry of your company, namely NGO:
Please do not change the number of transactions. These numbers are automatically entered by SIX based on your transactions. The numbers shown in the picture are an example only and do not belong in your certification:
Now it makes sense to fill out the optional information in the next window. Fill in the name of the payment service provider (PSP) as well as the list of software / hardware used.
Name of your PSP is Datatrans and the type is iframe / redirect. For the name and provider / solution of the software / hardware please enter RaiseNow:
The next question is related to network segmentation. Since you are not using them in a way that affects your PCI DSS environment, you can tick 'No' here:
If in the past there was no attack on your company for theft of card data, you can also tick 'No' here:
You are using a RaiseNow web form and therefore choose the first item "Web form of a payment gateway or service provider" when asking about the use of card data processing systems in the distance business:
Now it's about answering questions about accepting donations with the web form. Please choose the button 'Answer':
The first question in this questionnaire relates to the processing or storage of map data. Since the map data is not saved, you can choose 'No' here:
Since you do not have your own payment forms (none of them from RaiseNow), you can choose 'No' again. Otherwise you have to select 'Yes' here:
The next question concerns the confirmation of the last three questions:
We recommend clicking on 'Next' here to avoid having to answer the same questions again:
To complete the classification and start the self-assessment questionnaire, you must confirm all of your details, as well as your Level 4 classification:
3. Self-Assessment Questionnaire
After successfully completing the classification, you can start the Self-Assessment Questionnaire (SAQ):
You can negate the question of physical media by tapping into the empty window 'RaiseNow Software is being used':
Answer the requirements 2, 8 and 12 with 'yes'.
As a next step, you will be presented a summary of your previous answers, which you can then confirm by setting a check mark:
To complete the SAQ, you will need more information. Please put a check mark after the statements 1 to 3. For question 4 please choose 'No' and for question 5 'Yes'. For the language of your SAQ report you can choose between German and English:
Now you can finally download your certificate as well as your label and save it for your records.
Renewal of certification
Your PCI DSS certification is valid for one year. Before the runtime expires, you'll be reminded by SIX to rerun your PCI DSS.
Since you have already registered, you can log in with your login data via the customer login in a first step:
You can find the compliance overview under the menu item 'Home'. Here you can again perform a classification and answer the self-assessment questionnaire.
Under the item Classification select 'Details' and select 'New Classification'.
Now you get to the classification result from the previous year. Please scroll down to the bottom of this page and select 'New Classification' instead of 'Apply Classification'.
In a next step, you will be asked to confirm your entry and click on 'Next'.
The next steps correspond to the steps of the past classification. Please scroll to the top of this article and follow the steps for the classification and the SAQ.