As an organization, you have the privilege and convenience of receiving donations and payments by credit card. This capability provides ease, security, and often, consistency for your donors as they partner with your ministry financially.
As an added layer of service, we are proud to offer a Payment Card Industry (PCI) Compliance program via Aperia, a qualified security assessor. This program will ensure your compliance with PCI’s security standards.
The Payment Card Industry Data Security Standards or PCI DSS is a set of requirements to ensure that you follow these best practices to protect your cardholders’ information. Formed in 2004 by the five major card brands (Visa, MasterCard, American Express, Discover, and JCB International), compliance with PCI DSS is required of all who accept credit cards.
We selected Aperia for its easy-to-use tools and excellent customer service. They can assist you in completing the appropriate Self-Assessment Questionnaire and assist with any scan requirements. As an Approved Scanning Vendor (ASV), Aperia is a leading provider of PCI security solutions and will be an invaluable resource to you and your organization as you work towards and maintain your compliance with PCI.
How to Validate Your PCI Compliance Through Aperia:
PCI Self-Assessment Questionnaire (SAQ)
You will complete your SAQ yearly through Aperia’s PCI Apply solution as a merchant. You will be directed to the SAQ that applies to how your organization processes credit card transactions when you log in. If needed, you have access to Aperia support to assist you as you complete your questionnaire. Once completed, the system will produce your Attestation of Compliance and Certificate of Validation. The system does make available access to Security Policies for your organization to use should you not already have one.
Network Scans
Aperia will help you determine if network scans are required for your organization.
Should network scans be required, Aperia will conduct an external vulnerability scan, evaluating your IP(s) from a hacker’s point of view to detect potential vulnerabilities in your network. No scan will interfere with your operations and there is nothing you must do internally to accommodate the external scan. Further, scans can be scheduled ahead of time or processed on-demand; quarterly scan validation reports are created and submitted to Payment Brands on your behalf.
Reporting & Attestation of PCI Compliance
Annually, you will attest your compliance with PCI through your Aperia account. Email communications will alert you as to your SAQ re-assessment each year and, if necessary, your quarterly scan requirement.
You can accomplish this by logging into your account and attesting your compliance with PCI (acknowledgment is completed with your electronic signature). Your certificate of PCI Compliance can be printed and stored along with a copy of your security policy. We are automatically notified of your compliance status, so there are no additional steps required on your part.
Aperia support is available to assist you at 877-200-6940 or via live chat within your Aperia PCI Apply account.
FAQs
What does PCI Compliance mean?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure the security of credit card transactions. These security standards provide the guidelines for operational standards and best practices for accepting credit card payments. As a merchant (an organization who has the means to process credit card transactions) you are required to handle credit card information in a secure manner. As you completed your Self-Assessment Questionnaire (SAQ) through Aperia, you will be able to validate that you are meeting the requirements of PCI.
PCI Compliance also applies to us as a Service Provider, we are proud to be validated Level 1 PCI Compliant. This means we meet the highest standard of security as set forth by the PCI Council.
We are PCI Compliant through a different vendor. Does that mean we need to complete compliance with Aperia as well?
If you have already validated your compliance with PCI through another Qualified Security Assessor, you can provide us with your current certificate of compliance.
We don’t ever see or possess card numbers; everything is done by the donors online. Is this still necessary?
The PCI Council requires that all merchants are PCI Compliant. As you complete your questionnaire you will outline the ways in which you currently process credit card transactions. Based on your answers, Aperia will provide you with the correct Self-Assessment Questionnaire for you to complete. For example, if you only have transactions processing through your website through your online giving solution and you do not take transactions over the phone or via snail-mail, your questionnaire will not include questions related to processing transactions of this type. The questionnaire will be specific to your processing needs. Even the simplest processing methods are required to be compliant with PCI.
What if I need assistance with my Aperia account of have additional questions about compliance?
Aperia support is available to assist you at 877-200-6940 or via live chat within your Aperia PCI Apply account. Let them know what questions you have, and they will address your questions and help you complete your validation.
Updated