English (US) Deutsch Français

Articles in this section

See more

How do I do a PCI DSS certification?

Avatar
Ann-Kristin Reiff
  • Updated
Follow

 

Create your own PCI DSS certification

The Payment Card Industry Data Service Standard (PCI DSS) is a set of requirements for the processing of credit card transactions. The PCI DSS is supported by major credit card issuers with the aim of avoiding misuse and theft of data.

If you would like to receive donations via credit card payments, you will be asked annually by SIX Payment Services to confirm the fulfilment of the requirements for secure credit card transactions.

 

First certification

1. Registration

For your first visit to the PCI DSS Merchant Compliance Portal (https://six.tuev-sued.com/six_merchant-portal/login?1), you need to register first. For this you need your customer number and the postal code of the company headquarters.

Bildschirmfoto_2018-01-30_um_16.18.16.png

2. Classification

On the home page you can find the compliance overview. It takes two steps to your certificate and associated label. The first step is the classification.

First select the type of acceptance contract. In your case, it's e-commerce:

Bildschirmfoto_2018-01-30_um_15.10.35.png

Then please enter the industry of your company, namely NGO:

Bildschirmfoto_2018-01-30_um_15.11.22.png

Please do not change the number of transactions. These numbers are automatically entered by SIX based on your transactions. The numbers shown in the picture are an example only and do not belong in your certification:

Bildschirmfoto_2018-01-30_um_15.32.51.png

Now it makes sense to fill out the optional information in the next window. Fill in the name of the payment service provider (PSP) as well as the list of software / hardware used.

Name of your PSP is Datatrans and the type is iframe / redirect. For the name and provider / solution of the software / hardware please enter RaiseNow:

Bildschirmfoto_2018-01-30_um_15.44.35.png

The next question is related to network segmentation. Since you are not using them in a way that affects your PCI DSS environment, you can tick 'No' here:

Bildschirmfoto_2018-01-30_um_15.55.22.png

If in the past there was no attack on your company for theft of card data, you can also tick 'No' here:

Bildschirmfoto_2018-01-30_um_15.56.21.png

You are using a RaiseNow web form and therefore choose the first item "Web form of a payment gateway or service provider" when asking about the use of card data processing systems in the distance business:

Bildschirmfoto_2018-01-30_um_15.57.14.png

Now it's about answering questions about accepting donations with the web form. Please choose the button 'Answer':

Bildschirmfoto_2018-01-30_um_15.59.19.png

The first question in this questionnaire relates to the processing or storage of map data. Since the map data is not saved, you can choose 'No' here:

Bildschirmfoto_2018-01-30_um_16.00.06.png

Since you do not have your own payment forms (none of them from RaiseNow), you can choose 'No' again. Otherwise you have to select 'Yes' here:

Bildschirmfoto_2018-01-30_um_16.01.01.png

The next question concerns the confirmation of the last three questions:

Bildschirmfoto_2018-01-30_um_16.01.52.png

We recommend clicking on 'Next' here to avoid having to answer the same questions again:

Bildschirmfoto_2018-01-30_um_16.02.54.png

To complete the classification and start the self-assessment questionnaire, you must confirm all of your details, as well as your Level 4 classification:

Bildschirmfoto_2018-01-30_um_16.03.49.png

3. Self-Assessment Questionnaire

After successfully completing the classification, you can start the Self-Assessment Questionnaire (SAQ):

Bildschirmfoto_2018-01-30_um_16.05.07.png

You can negate the question of physical media by tapping into the empty window 'RaiseNow Software is being used':

Bildschirmfoto_2018-01-30_um_16.10.10.png

 

Answer the requirements 2, 8 and 12 with 'yes'.

Bildschirmfoto_2018-01-30_um_16.11.55.png

Bildschirmfoto_2018-01-30_um_16.12.17.png

Bildschirmfoto_2018-01-30_um_16.12.34.png

 

 

As a next step, you will be presented a summary of your previous answers, which you can then confirm by setting a check mark:

Bildschirmfoto_2018-01-30_um_16.15.31.png

To complete the SAQ, you will need more information. Please put a check mark after the statements 1 to 3. For question 4 please choose 'No' and for question 5 'Yes'. For the language of your SAQ report you can choose between German and English:

Bildschirmfoto_2018-01-30_um_16.15.48.png

Now you can finally download your certificate as well as your label and save it for your records.

 

Renewal of certification

Your PCI DSS certification is valid for one year. Before the runtime expires, you'll be reminded by SIX to rerun your PCI DSS.

Login

Since you have already registered, you can log in with your login data via the customer login in a first step:

Bildschirmfoto_2018-01-30_um_10.36.03.png

1. Classification

You can find the compliance overview under the menu item 'Home'. Here you can again perform a classification and answer the self-assessment questionnaire.

Bildschirmfoto_2018-01-30_um_16.20.58.png

 

Under the item Classification select 'Details' and select 'New Classification'.

Bildschirmfoto_2018-01-30_um_16.45.53.png

Now you get to the classification result from the previous year. Please scroll down to the bottom of this page and select 'New Classification' instead of 'Apply Classification'.

Bildschirmfoto_2018-01-30_um_16.46.46.png

 

In a next step, you will be asked to confirm your entry and click on 'Next'.

 

Bildschirmfoto_2018-01-30_um_16.47.29.png

 

The next steps correspond to the steps of the past classification. Please scroll to the top of this article and follow the steps for the classification and the SAQ.

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.