This document provides you with a response from Intelligent Retail for the questions within the “Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance” (Version 1.2 October 2008).
Intelligent Retail cannot answer the questions for you but we have provided this to lend a helping hand. There are some questions within the questionnaire where Intelligent Retail can offer no assistance, if this is the case, this is indicated by the statement, “This is down to your interpretation”. We also recommend you read our Helpsheet – PCI Compliance Q&A.
If you have questions about PCI compliance or about filling in forms you should talk to your Payment Service Provider (PSP) for example; Commidea, SagePay, Paypal etc. Retailers tell us their banks are often very helpful. Also, there are companies that are accredited to the PCI Security Standards Council and have Qualified Security Assessors (QSAs) that will offer paid for expert consultancy should you need it. Here is a link to find an organisations, (we would recommend Ambersail): https://www.pcisecuritystandards.org/qsa_asv/find_one.shtml
Payment Card Industry (PCI) Data Security Standard Self-Assessment
Questionnaire C and Attestation of Compliance
(Version 1.2 October 2008)
Part 1. Qualified Security Assessor Company Information (if applicable)
This is down to your interpretation.
Part 2. Merchant Organization Information
This is down to your interpretation.
Part 2a. Type of merchant business (check all that apply):
This is down to your interpretation.
Part 2b. Relationships
This is down to your interpretation.
Note: Many of our customers will have relationships with Commidea for Chip and Pin as well as SagePay for online payments.
Part 2c. Transaction Processing
Payment Application in use:
If you use IR integrated Chip and Pin:
- Ocius for PC
If you have an IR website please select one of the following:
- SagePay: Hosted Payment Page on SagePay secure servers.
- HSBC eSecure: Hosted Payment Page on HSBC secure servers.
- PayPal: Hosted Payment Page on PayPal secure servers.
- WorldPay: Hosted Payment Page on WorldPay secure servers.
Payment Application Version:
If you use IR integrated Chip and Pin:
- Ocius for PC version = 2
If you have an IR website please select one of the following:
- SagePay version = SagePay Server (using inFrame)
- HSBC eSecure version = unknown
- PayPal version = unknown
- WorldPay version = unknown
Part 2d. Eligibility to Complete SAQ C
Merchant has a payment application system and an Internet or public network connection on the same device;
Computers installed by Intelligent Retail running IR Connect should all be connected to the Internet.
The payment application system/Internet device is not connected to any other system within the merchant environment;
This is down to your interpretation. Please refer to your specific Payment Service Providers for more
information.
Notes:
If you have an IR website:
The payment application system is a fully hosted page within the Payment Service Providers
environment, all of which are fully PCI DSS compliant.
Merchant does not store cardholder data in electronic format;
IR Connect does not store cardholder data in electronic format. Websites designed by Intelligent Retail do not store cardholder data.
If Merchant does store cardholder data, such data is only in paper reports or copies of paper receipts and is not received electronically; and
IR Connect does not receive cardholder data in electronic format. Websites designed by Intelligent Retail do not receive cardholder data in electronic format.
Merchant’s payment application software vendor uses secure techniques to provide remote support to merchant’s payment application system.
This is down to your interpretation. Please contact your Payment Service Provider; for example, Commidea, SagePay, PayPal etc
Part 3. PCI DSS Validation
This is down to your interpretation. Please contact your Payment Service Provider; for example, Commidea, SagePay, PayPal etc
Part 3a. Confirmation of Compliant Status
This is down to your interpretation.
Part 3b. Merchant Acknowledgment
This is down to your interpretation.
Part 4. Action Plan for Non-Compliant Status
This is down to your interpretation.
[su_divider]