What is a PCI DDS Certification

How do I do a PCI DSS certification?

 

In which Payment Card Industry Data Service Standard (PCI DSS) these are set requirements for processing credit card transactions. The PCI DSS is supported by major credit card institutions with the aim of preventing the misuse and theft of data.

If you would like to receive donations through credit card payments, you will be sent annually from SIX Payment Services Prompted to confirm compliance with the requirements for secure credit card transactions.

 

First certification

1. Registration

For your first visit to the PCI DSS Merchant Compliance Portal (https://six.tuev-sued.com/six_merchant-portal/login?1) you must first register. For this you need your customer number and the zip code of the company headquarters.

2. Classification

You can find the compliance overview on the home page. It takes two steps to your certificate and your associated label. The first step is classification.

First select the type of your acceptance contract. In your case, it's e-commerce:

Then please enter the branch of your company: NGO.

Please do not change the number of transactions. SIX automatically enters these numbers based on your transactions. The figures shown in the picture are only used as an example and do not belong in your certification:

In the next window it makes sense to fill in the optional information. Fill in the name of the payment service provider (PSP) as well as the list of software / hardware used.

Your PSP's name is Datatrans and the type is iframe / redirect. For the name and provider / solution of the software / hardware, please enter RaiseNow:

The next questions relate to network segmentation. Since you are not using this in a way that affects your PCI DSS environment, you can tick 'No' here:

If there has not been an attack on your company in the past with the aim of stealing card data, you can also tick 'No' here with confidence:

You are using a RaiseNow web form and therefore choose the first item "Web form for a payment gateway or service provider" when asked about the use of a card data processing system in distance selling:

Now it is a matter of answering questions regarding the acceptance of donations with the web form. Please select the 'Answer' button:

The first question in this block of questions relates to the processing or storage of card data. Since the card data will not be saved, you can select 'No' here:

Since you do not use your own payment forms (i.e. none from RaiseNow), you can choose 'No' again here. Otherwise you would have to select 'Yes' here:

The next question relates to confirming the information given in the last three questions:

We recommend that you click on 'Next' here in order not to have to answer the same questions again:

In order to complete the classification and to be able to begin with the questionnaire for the self-assessment questionnaire, you have to confirm all of your information as well as your classification in dealer level 4:

 

3. Self-Assessment Questionnaire

After you have successfully completed the classification, you can start with the Self-Assessment Questionnaire (SAQ):

 

You can answer the question about physical media in the negative by typing 'RaiseNow software is in use' in the empty window:

 

Requirements 2, 8 and 12 must be answered with 'Yes'.

In the next step, your previous answers will be summarized, which you can then only confirm by ticking the box:

In order to be able to complete the SAQ, further information is required from you. Please tick each of the statements 1 to 3. For question 4 please choose 'No' and for question 5 'Yes'. You can choose between German and English for the language for your SAQ report:

Now you can finally download your certificate and your label and save them for your records.

 

Renewal of certification

Your PCI DSS certification is valid for one year. Before the term expires, you will receive a reminder from SIX to carry out your PCI DSS again.

Log in

Since you have already registered, in a first step you can log in with your login data via the customer login:

1. Classification

You can find the compliance overview under the menu item 'Home'. Here you can again carry out a classification and answer the self-assessment questionaire.

 

Under Classification, select 'Details' and select 'New Classification':

Now you get to the classification result from the previous year. Please scroll here to the end of the page and choose 'New Classification' instead of 'Apply Classification':

In the next step you will be asked to confirm your information and to click on 'Next':

The next steps correspond to the steps of the previous classification. Please scroll to the top of this article and follow the steps given for classification and the SAQ.