PCI FAQ
Questions & answers about PCI
Content
» General Questions
» Registration & Certification Procedure
» Technical Requirements for using the PCI DSS Platform
» Self Assessment Questionnaire (SAQ)
» Scanning Process
» Use of the usd PCI DSS Platform
PCI Terms and Aronyms
We have compiled an overview of the most important of terms and acronyms from the world of PCI.
General questions
Nicht bearbeiten!
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.
What is the PCI DSS?
Which credit card organizations accept certification according to the PCI Data Security Standard?
Almost all large credit card organizations like VISA, MasterCard, American Express, JCB, Discover accept certification according to the PCI Data Security Standard.
Who must be certified according to the PCI Standard?
For e-commerce merchants, service providers and acquirers, the certification of their systems by accredited providers has been made mandatory by the credit organizations, if they save and process credit card data or pass it on to third parties.
When do I store, process or forward credit card data?
Nicht bearbeiten!
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.
I work together with a payment service provider which has taken over all settlement tasks for me. Do I still have to be certified according to the PCI Security Standard?
If you store credit card data on your systems or forward them via your systems, you are required to be certified. If you are not sure, please ask your acquirer or our PCI Competence Center.
Does MasterCard or VISA provide information online regarding the topic of PCI?
Detailed information can be found here:
- Mastercard
http://www.mastercard.com/us/sdp/index.html - Visa
https://www.visa.com.bs/run-your-business/small-business/information-security/ais-program.html - PCI Security Standards Council
http://www.pcisecuritystandards.org
According to what guidelines is a merchant and/or service provider classified?
The merchant and/or service provider is classified according to the guidelines of the credit card organizations. An essential factor for the classification is the annual transaction volume. Detailed information can be found here: MasterCard / VISA / American Express.
Registration & certification procedure
Nicht bearbeiten!
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.
How can I sign up?
Just register via the usd PCI DSS Platform. After successful registration, an employee of our PCI Competence Center will call you and discuss all further steps with you.
How long does registration last via the usd PCI DSS Platform?
Registration takes about 10 minutes.
How does the certification work via the PCI DSS Platform?
Depending on the annual number of transactions, a merchant or service provider goes through various certification measures. For one, you must fill in a Self-Assessment Questionnaire. For another, PCI security scans are performed on the external IT systems of the merchant or service provider.
What are the fees for signing up?
You can sign up for usd PCI DSS Platform free of charge.
Nicht bearbeiten!
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.
What does certification cost?
The price for certification is determined by the level classification of the merchant or service provider and the number of annual security scans thus determined. We will be happy to provide you with detailed information about our services and prices. Please contact us.
Do the costs for a security scan depend on the number of my IP addresses?
You can find details about our services and prices here or please contact the usd PCI Competence Center.
The first security scan showed that my systems are not compliant with PCI. Do additional costs arise for another scan after I have closed the security gaps in my system?
If your scan has not resulted in compliance, you have the possibility to have your IP addresses rescanned free of charge within four weeks to eliminate vulnerabilities and achieve PCI Compliance.
Technical requirements for using the PCI DSS platform
Nicht bearbeiten!
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.
Which technical requirements must be met for the use of the PCI DSS Plattform?
The following technical requirements must be met for the use of the PCI DSS Platform: Browser: IE (Internet Explorer) 6.x or Mozilla Firefox 1.x and Acrobat Reader from 4.x. Please activate JavaScript. In addition, we recommend the activation of cookies.
For what are cookies used?
Nicht bearbeiten!
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.
Which systems have to be checked during a PCI security scan?
Which technical requirements must be met to make a security scan by usd AG possible?
Self assessment questionnaire (SAQ)
Nicht bearbeiten!
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.
Do all questions of the Self-Assessment Questionnaire have to be answered?
Which topics does the Self-Assessment Questionnaire include?
The Questionnaire addresses the 12 main reqiurements of the PCI Data Security Standard (PCI DSS).
Nicht bearbeiten!
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.
Is there a German version of the Self-Assessment Questionnaire?
No, to avoid linguistic imprecision, the questions are asked and should be answered only in English.
Scanning process
Nicht bearbeiten!
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.
Can I define the time of the security scan myself?
Yes, you can basically select the point in time freely and set the date via the PCI DSS Platform yourself. We recommend that you plan your security scan early so that we can reserve the corresponding resources for your desired date. A binding registration for scanning must take place at least three days before your planned date.
Which information do I obtain after a security scan has been performed?
After finishing a security scan, you will be informed by e-mail at a previously defined e-mail address. After that, the reports (executive summary and technical report) will be created in *.pdf format. You will be able to download these reports from the platform.
How long does the actual scanning process last?
The duration of a security scan depends on the number and type of the services that can be reached on the target system. In general, however, a security scan lasts about 1 hour per IP Address.
How are my systems checked over the Internet?
Nicht bearbeiten!
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.
Are my systems hacked during the security scan?
Does the scan make a break-in attempt on my system?
The scanning method we use does not have the objective of “breaking into” the target system, but rather is merely a means of determining weaknesses in its configuration using information that the respective target systems themselves provide. This type of data recording is similar to the preparation of an attack on your system through an external attacker, but merely the people you authorize obtain access to this data material.
What happens if a security scan is not successful?
In this case, we inform you by e-mail that the scan was not successful and give you recommendations how to change the configuration of your systems to permit a successful scan in a *.pdf report. After corresponding measures have been taken, a rescan can be planned. This rescan will check all IP addresses specified for the scan again to reach a generally successful result.
Use of the PCI DSS platform
Nicht bearbeiten!
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.
I have forgotten my password
On the login page you will find the “Forgotten your password?” function. Just click this function to obtain a new password from us by e-mail.
I accidentally entered incorrect data during the Registration.
Log in to the PCI DSS Platform and select the “my account” area. Here you can change all data that refers to your customer account.
Nicht bearbeiten!
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.
My company data has changed. What do I have to do?
Log in to the PCI DSS Platform and select the “my account” area. Here you can change all data that refers to your customer account.
The language settings change even though I have selected a certain language.
Make sure that you have activated cookies in your browser.