Section 1: Assessment Information



Similar documents
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Attestation of Compliance for Onsite Assessments Service Providers

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard

Attestation of Compliance for Onsite Assessments Service Providers

Attestation of Compliance for Onsite Assessments Service Providers

Attestation of Compliance for Onsite Assessments Service Providers

Attestation of Compliance, SAQ A

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers

Payment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Report on Compliance. Template for Report on Compliance for use with PCI DSS v3.0. Version 1.

Payment Card Industry (PCI) Data Security Standard ROC Reporting Instructions for PCI DSS v2.0

Registration and PCI DSS compliance validation

Understanding the SAQs for PCI DSS version 3

THIRD PARTY AGENT REGISTRATION PROGRAM

Third Party Agent Registration and PCI DSS Compliance Validation Guide

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C-VT and Attestation of Compliance

Agent Registration. Program Guidelines. (For use in Asia Pacific, Central Europe, Middle East and Africa)

PCI DSS Gap Analysis Briefing

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance

FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program

Third Party Agent Registration Program Frequently Asked Questions

PCI DSS Compliance Information Pack for Merchants

Payment Application Data Security Standard

HOW SECURE IS YOUR PAYMENT CARD DATA? COMPLYING WITH PCI DSS

PCI Compliance Overview

Spokane Airport Board (Spokane International Airport, Airport Business Park, Felts Field) Addendum #1 - Q&A

Point-to-Point Encryption (P2PE)

Third Party Agent (TPA) Registration Program - TPA Types and Functional Descriptions

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance

Agent Registration. Program Guide. (For use in Asia Pacific, Central Europe, Middle East, Africa)

PCI DSS v3.0 SAQ Eligibility

Qualified Integrators and Resellers (QIR) Implementation Statement

FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program

Transitioning from PCI DSS 2.0 to 3.1

Template for PFI Final Incident Report for Remote Investigations

IT TECHNICAL SECURITY REVIEW CHECKLISTS FOR E-COMMERCE WEBSITES

How To Protect Your Business From A Hacker Attack

Data Security Basics for Small Merchants

Case 2:13-cv ES-JAD Document Filed 12/09/15 Page 1 of 116 PageID: Appendix A

Processing e-commerce payments A guide to security and PCI DSS requirements

CardControl. Credit Card Processing 101. Overview. Contents

1/18/10. Walt Conway. PCI DSS in Context. Some History The Digital Dozen Key Players Cardholder Data Outsourcing Conclusions. PCI in Higher Education

Payment Card Industry (PCI) Data Security Standard PFI Final Incident Report. Template for PFI Final Incident Report. Version 1.1.

GLOSSARY OF MOST COMMONLY USED TERMS IN THE MERCHANT SERVICES INDUSTRY

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

Payment Card Industry (PCI) Data Security Standard PFI Final Incident Report. Template for PFI Final Incident Report. Version 1.0.

PROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN

Adyen PCI DSS 3.0 Compliance Guide

How To Ensure Account Information Security

PCI DSS 3.0 Overview. OSU Business Affairs Business Affairs PIT Crew - Project, Improvement, & Technology Robin Whitlock

Credit Card Processing Overview

PCI DSS Overview. By Kishor Vaswani CEO, ControlCase

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.1)

* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.

HOW SECURE IS YOUR PAYMENT CARD DATA?

PCI on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for PCI on AWS

Payment Card Industry (PCI) Data Security Standard. Requirements and Security Assessment Procedures. Version 3.1 April 2015

Frequently Asked Questions

Common Use Systems and PCI Compliance

Registry of Service Providers

Why Is Compliance with PCI DSS Important?

Becoming PCI Compliant

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire

Point Secure Commerce Application (SCA) 2.x PCI PA-DSS Out of Scope White Paper

MasterCard PCI & Site Data Protection (SDP) Program Update. Academy of Risk Management Innovate. Collaborate. Educate.

Understanding and Managing PCI DSS

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

Thoughts on PCI DSS 3.0. D. Timothy Hartzell CISSP, CISM, QSA, PA-QSA Associate Director

It is important to note, the payment brands and acquirers are responsible for enforcing compliance, not the PCI council.

The Relationship Between PCI, Encryption and Tokenization: What you need to know

Transcription:

Section 1: Assessment Information Instructions for Submission This document must be completed as a declaration of the results of the service provider s self-assessment with the Payment Card Industry Data Security Standard Requirements and Security Assessment Procedures (PCI DSS). Complete all sections: The service provider is responsible for ensuring that each section is completed by the relevant parties, as applicable. Contact the requesting payment brand for reporting and submission procedures. Part 1. Service Provider and Qualified Security Assessor Information Part 1a. Service Provider Organization Information Company Name: Winedirect Canada Ecommerce Inc DBA (doing business as): Vin65 Contact Name: Jason Andres Title: IT Manager ISA Name(s) (if applicable): Title: IT Manager Telephone: 604-852-8140 E-mail: jason@vin65.com Business Address: 34434 McConnell Road City: Abbotsford State/Province: BC Country: CA Zip: V2S7P1 URL: http://www.vin65.com Part 1b. Qualified Security Assessor Company Information (if applicable) Company Name: Lead QSA Contact Name: Telephone: Business Address: Title: E-mail: State/Province: Country: Zip: URL: City: 2006-2014 PCI Security Standards Council, LLC. All Rights Reserved. Page 1

Part 2. Executive Summary Part 2a. Scope Verification Services that were INCLUDED in the scope of the PCI DSS Assessment (check all that apply): Name of service(s) assessed: Vin65 Platform Type of service(s) assessed: Hosting Provider: Applications / software Hardware Infrastructure / Network Physical space (co-location) Storage Web Security services 3-D Secure Hosting Provider Shared Hosting Provider Other Hosting (specify): Managed Services (specify): Systems security services IT support Physical security Terminal Management System Other services (specify): Payment Processing: POS / card present Internet / e-commerce MOTO / Call Center ATM Other processing (specify): Account Management Fraud and Chargeback Payment Gateway/Switch Back-Office Services Issuer Processing Prepaid Services Billing Management Loyalty Programs Records Management Clearing and Settlement Merchant Services Tax/Government Payments Network Provider Others (specify): Note: These categories are provided for assistance only, and are not intended to limit or predetermine an entity s service description. If you feel these categories don t apply to your service, complete Others. If you re unsure whether a category could apply to your service, consult with the applicable payment brand. 2006-2014 PCI Security Standards Council, LLC. All Rights Reserved. Page 2

Services that are provided by the service provider but were NOT INCLUDED in the scope of the PCI DSS Assessment (check all that apply): Name of service(s) not assessed: None Type of service(s) not assessed: Hosting Provider: Applications / software Hardware Infrastructure / Network Physical space (co-location) Storage Web Security services 3-D Secure Hosting Provider Shared Hosting Provider Other Hosting (specify): Managed Services (specify): Systems security services IT support Physical security Terminal Management System Other services (specify): Payment Processing: POS / card present Internet / e-commerce MOTO / Call Center ATM Other processing (specify): Account Management Fraud and Chargeback Payment Gateway/Switch Back-Office Services Issuer Processing Prepaid Services Billing Management Loyalty Programs Records Management Clearing and Settlement Merchant Services Tax/Government Payments Network Provider Others (specify): Provide a brief explanation why any checked services were not included in the assessment: None Part 2b. Description of Payment Card Business Describe how and in what capacity your business stores, processes, and/or transmits cardholder data. Describe how and in what capacity your business is otherwise involved in or has the ability to impact the security of cardholder data. We store cards for recurring billing and card on file ecommerce transactions. All card data is encrypted at rest and in transit. We are a SAAS platform and store encrypted card data to allow our clients to run their business. Part 2c. Locations List types of facilities and a summary of locations included in the PCI DSS review (for example, retail outlets, corporate offices, data centers, call centers, etc.) Type of facility Location(s) of facility (city, country) 2006-2014 PCI Security Standards Council, LLC. All Rights Reserved. Page 3

AWS Cloud California, USA Part 2d. Payment Application Does the organization use one or more Payment Applications? Yes No Provide the following information regarding the Payment Applications your organization uses: Payment Application Name Version Number Application Vendor Is application PA-DSS Listed? PA-DSS Listing Expiry date (if applicable) Part 2e. Description of Environment Provide a high-level description of the environment covered by this assessment. For example: Connections into and out of the cardholder data environment (CDE). Critical system components within the CDE, such as POS devices, databases, web servers, etc., and any other necessary payment components, as applicable. All components with-in the CDE, Databases, Webservers, VPN and all other components as applicable. Does your business use network segmentation to affect the scope of your PCI DSS environment? (Refer to Network Segmentation section of PCI DSS for guidance on network segmentation) Yes No Part 2f. Third-Party Service Providers Does your company have a relationship with one or more third-party service providers (for example, gateways, payment processors, payment service providers (PSP), web-hosting companies, airline booking agents, loyalty program agents, etc.)? Yes No If Yes: Type of service provider: Gateway Description of services provided: Payment Processing 2006-2014 PCI Security Standards Council, LLC. All Rights Reserved. Page 4

Part 2g. Summary of Requirements Tested For each PCI DSS Requirement, select one of the following: Full The requirement and all sub-requirements were assessed for that Requirement, and no subrequirements were marked as Not Tested or Not Applicable in the SAQ. Partial One or more sub-requirements of that Requirement were marked as Not Tested or Not Applicable in the SAQ. None All sub-requirements of that Requirement were marked as Not Tested and/or Not Applicable in the SAQ. For all requirements identified as either Partial or None, provide details in the Justification for Approach column, including: Details of specific sub-requirements that were marked as either Not Tested and/or Not Applicable in the SAQ Reason why sub-requirement(s) were not tested or not applicable Note: One table to be completed for each service covered by this AOC. Additional copies of this section are available on the PCI SSC website. Name of Service Assessed: PCI DSS Requirement Full Partial None Requirement 1: Requirement 2: Requirement 3: Requirement 4: Requirement 5: Requirement 6: Requirement 7: Requirement 8: Requirement 9: Requirement 10: Requirement 11: Requirement 12: Appendix A: Details of Requirements Assessed Justification for Approach (Required for all Partial and None responses. Identify which sub-requirements were not tested and the reason.) 2006-2014 PCI Security Standards Council, LLC. All Rights Reserved. Page 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information