Frequently Asked Question
PCI DSS Questionnaire Help
Last Updated 5 years ago
If you are unsure of the answer to some of the questions asked on the PCI DSS Card Not Present questionnaire issued by Clearent, please refer to the following:
4. Do you take orders or accept payments using payment gateways or
websites?
YES
Please list the provider(s) and describe the relationship(s). THE SOFTWARE IS VERSION 7.0/8.0 (if you have a black log in box, you are on v8.0 or above. The version should also be listed on the bottom of the page for newer versions. Otherwise you're on v7.0).
5. Do you have Validation that These Providers are in compliance with the PCI DSS?
YES
7. Do you have firewalls that prevent access to cardholder data from the public Internet?
YES
8. Do the firewalls prevent any public access between the public Internet and processing credit card, debit card and/or other payment card data is processed, stored or managed?
YES
9. Do you maintain secure passwords for system access?
YES
10. Are all passwords changed on a regular basis?
YES
11. Are vendor supplied default settings pertaining to security changed immediately?
YES
12. Are vendor supplied passwords changed immediately?
YES
14. Does your system deploy any Wi-Fi technology?
NO
15. If your system employs Wi-Fi, are all Wi-Fi communications encrypted?
NOT APPLICABLE
16. Is all credit card, debit card and/or other payment card data stored by your software or system provider?
YES
17. Is any credit card, debit card and/or other payment card data stored on your servers, hardware or system?
NO
18. Is all credit card, debit card and/or other payment card data encrypted when being transmitted to your provider?
YES
19. Is access to the data restricted and limited to only those with a need to know?
YES
20. Are security controls, limitations, network connections, and restrictions tested annually?
YES
21. Do you self test or do you employ a third party to complete your security testing?
THIRD PARTY
22. If requested, can you provide a copy of their audit report?
YES
23. Do you perform quarterly system scans to test the ability to prevent unauthorized system access? For Level 1, 2 and 3 merchants, the PCI DSS requires quarterly network scans by an approved scan vendor.
YES
24. Do you have a written security policy that is reviewed annually and is required reading by all employees?
YES
25. Does your security policy state that all third parties you use must be in compliance with the PCI DSS?
YES
26. Do all written agreements with vendors establish that the vendors who store data on your behalf assume responsibility for the security of such data?
YES
Any question not present on the list is a question about your business that must be answered by the owner of business.
4. Do you take orders or accept payments using payment gateways or
websites?
YES
Please list the provider(s) and describe the relationship(s). THE SOFTWARE IS VERSION 7.0/8.0 (if you have a black log in box, you are on v8.0 or above. The version should also be listed on the bottom of the page for newer versions. Otherwise you're on v7.0).
5. Do you have Validation that These Providers are in compliance with the PCI DSS?
YES
7. Do you have firewalls that prevent access to cardholder data from the public Internet?
YES
8. Do the firewalls prevent any public access between the public Internet and processing credit card, debit card and/or other payment card data is processed, stored or managed?
YES
9. Do you maintain secure passwords for system access?
YES
10. Are all passwords changed on a regular basis?
YES
11. Are vendor supplied default settings pertaining to security changed immediately?
YES
12. Are vendor supplied passwords changed immediately?
YES
14. Does your system deploy any Wi-Fi technology?
NO
15. If your system employs Wi-Fi, are all Wi-Fi communications encrypted?
NOT APPLICABLE
16. Is all credit card, debit card and/or other payment card data stored by your software or system provider?
YES
17. Is any credit card, debit card and/or other payment card data stored on your servers, hardware or system?
NO
18. Is all credit card, debit card and/or other payment card data encrypted when being transmitted to your provider?
YES
19. Is access to the data restricted and limited to only those with a need to know?
YES
20. Are security controls, limitations, network connections, and restrictions tested annually?
YES
21. Do you self test or do you employ a third party to complete your security testing?
THIRD PARTY
22. If requested, can you provide a copy of their audit report?
YES
23. Do you perform quarterly system scans to test the ability to prevent unauthorized system access? For Level 1, 2 and 3 merchants, the PCI DSS requires quarterly network scans by an approved scan vendor.
YES
24. Do you have a written security policy that is reviewed annually and is required reading by all employees?
YES
25. Does your security policy state that all third parties you use must be in compliance with the PCI DSS?
YES
26. Do all written agreements with vendors establish that the vendors who store data on your behalf assume responsibility for the security of such data?
YES
Any question not present on the list is a question about your business that must be answered by the owner of business.