A step-by-step guide for completing your PaySafe PCI-SAQ for merchants using the Authorize.net gateway for software integration and the virtual terminal only.
As your Merchant Services Provider, Rise Payments is required to report to the credit card associations that you have met Payment Card Industry- Data Security Standards (PCI-DSS) compliance requirements. A certificate of compliance will be awarded upon completion of the Self-Assessment Questionnaire (SAQ.) The certificate of compliance is valid for 12 months. In some instances, a system scan is required every 90-days in order to stay in compliance. Your SAQ results will indicate if a scan is required for you.
If you do not complete your certificate of compliance within 90 days of opening your merchant account, a non-validation fee of $29.95 will be charged monthly until completed.
To begin the compliance process, go to www.pciapply.com/ipcs and click the “First Time Logging In?” link. Your log-in credentials will be:
USER ID: Full 12-Digit Merchant ID Number
PASSWORD: Last 5 digits of Merchant ID Number followed by the two-letter state abbreviation in capital letters. (ex. 12345TX)
The following instructions are intended to help you complete the SAQ if you are using the Authorize.net gateway for a software integration and/or the Authorize.net virtual terminal ONLY. If you have other payment acceptance methods with another merchant services provider, please contact them for assistance with your PCI-SAQ for the other payment acceptance methods. They will likely require you to use their SAQ for that merchant services account. If you are using Rise Payments as your merchant services provider for your Authorize.net gateway and another solution, please reach out directly to firstname.lastname@example.org for questions about your PCI-SAQ.
Part 1: Merchant Information
Verify the Merchant Information in Part 1 is accurate.
Part 2: Type of Merchant Business
Select the type of business you operate. For non-profits or charitable organizations, you would select Other and type in 'Non-Profit Organization.'
Part 3: Relationships
Question: Does your company have a relationship with one or more third-party service providers (e.g. gateways, webhosting companies, airline booking agents, loyalty program agents, etc.)?
Answer: Yes, in this case you are using the Authorize.net payment gateway.
Part 4: Processing Solution
Question: What solution do you use to process credit cards?
Answer: Select MOTO/E-COMMERCE because you are using Authorize.net to accept payments online and via your virtual terminal.
Question: Do you store any sensitive cardholder data electronically?
Answer: No. Sensitive authentication data must never be stored – even if this data is encrypted. If your answer to this question is YES and you have a need to store cardholder data electronically, then your PCI standards will be significantly higher and will have additional requirements outside of the SAQ that we provide. Please let us know if your answer to this question is 'Yes.' The instructions provided in this guide do not apply to an organization storing cardholder data electronically.
Question: How do you process payments?
Answer: Integrated Payment
You can search for Authorize.net as a solution. The request has been made to have it added to the list. If it is listed, use the pre-populated data. If it is not yet in the list, click the link that says "if you don't see your solution, click here to type it in manually."
Service Provider: Visa
Service Name: Authorize.net
Version: To Check the Version of your Authorize.net Gateway, from the homepage go to the Account Tab, and under Settings Select Transaction Version.
AGREE to the Terms and Conditions and hit Save & Continue
CONFIRM your eligibility to take Questionnaire A by reading and affirming that the criteria are accurate. If you agree, check the box that says "I agree that the statements above are true."
You will now be led through the 5 Sections of Questionnaire A. Read the short descriptions of PCI compliance requirements for each Section. If you agree that you are adhering to the requirements, check the box that says, "I attest that I have read and adhere to requirements in this section," and then hit Continue. If you are not adhering to the requirements then you are NOT PCI compliant and you need to take appropriate steps to remedy the deficiencies.
Section 1: Do not use vendor-supplied defaults for system passwords and other security parameters.
Section 2: Develop and maintain secure systems and applications.
Section 3: Identify and authenticate access to system components.
Section 4: Restrict physical access to cardholder data.
Section 5: Maintain a policy that addresses information security for all personnel.
Once you have completed the SAQ, as executive or officer of the organization, you will certify the accuracy and sign electronically, list your title and validate your identity by providing the last 4 digits of the Tax ID Number or your SSN.
Congratulations! You have now completed your PCI Questionnaire. You should download and save the SAQ Answer Sheet, the Attestation of Compliance and the Certificate of Validation for your records. It is no longer required to submit your PCI Questionnaire to Rise Payments.
For additional assistance with your Self-Assessment Questionnaire (SAQ) please utilize our SAQ Help Desk at 877-277-0998 from 8:00 AM to 5:00 PM CST.