Knowledgebase
PCI DSS Questionnaire Help
Posted by Matt Marler on 11 February 2011 12:00 PM

If you are unsure of the answer to some of the questions asked on the PCI DSS Card Not Present questionnaire issued by Clearent, please refer to the following:

4. Do you take orders or accept payments using payment gateways or websites?
Yes

Please list the provider(s) and describe the relationship(s).
The software is version 7.0/8.0 (if you have a black log in box, you are on v8.0, otherwise you're on v7.0)

5. Do you have Validation that These Providers are in compliance with the PCI DSS?
Yes

7. Do you have firewalls that prevent access to cardholder data from the public Internet?
Yes

8. Do the firewalls prevent any public access between the public Internet and processing credit card, debit card and/or other payment card data is processed, stored or managed?
Yes

9. Do you maintain secure passwords for system access?
Yes

10. Are all passwords changed on a regular basis?
Yes

11. Are vendor supplied default settings pertaining to security changed immediately?
Yes

12. Are vendor supplied passwords changed immediately?
Yes

14. Does your system deploy any Wi-Fi technology?
No

15. If your system employs Wi-Fi, are all Wi-Fi communications encrypted?
Not Applicable

16. Is all credit card, debit card and/or other payment card data stored by your software or system provider?
Yes

17. Is any credit card, debit card and/or other payment card data stored on your servers, hardware or system?
No

18. Is all credit card, debit card and/or other payment card data encrypted when being transmitted to your provider?
Yes

19. Is access to the data restricted and limited to only those with a need to know?
Yes

20. Are security controls, limitations, network connections, and restrictions tested annually?
Yes

21. Do you self test or do you employ a third party to complete your security testing?
Third Party

22. If requested, can you provide a copy of their audit report?
Yes

23. Do you perform quarterly system scans to test the ability to prevent unauthorized system access? For Level 1, 2 and 3 merchants, the PCI DSS requires quarterly network scans by an approved scan vendor.
Yes

24. Do you have a written security policy that is reviewed annually and is required reading by all employees?
Yes

25. Does your security policy state that all third parties you use must be in compliance with the PCI DSS?
Yes

26. Do all written agreements with vendors establish that the vendors who store data on your behalf assume responsibility for the security of such data?
Yes

Any question not present on the list is a question about your business that must be answered by the owner of business.

(22 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments: