Overview: What are we talking about?
Once you've signed up through Gingr to accept credit cards, you should receive a notification from our parent processor, CardConnect, that you need to complete your PCI compliance questionnaire and scan. It is your responsibility as the business owner to complete this information.
PCI is the Payment Card Industry Data Security Standard (aka PCI-DSS) and it is a guideline for how you accept, transmit, and store credit card information from your customers. Luckily, CardConnnect has made this process fairly easy for you to remain compliant through a secure tokenization of customer card data. You never have your customers' card information. All transactions are immediately encrypted with the first swipe of their card. Nowhere in the Gingr remote databases nor on your computer locally is that card information stored. All card info is stored through CardConnect's secure, Level I PCI-compliant data centers. When Gingr calls up that info so you can keep "cards on file", the transmission is tokenized, which means a token representing that customer's info is pulled back. The token represents the customer's info, but does not contain the specific card information.
As long as you follow a few basic procedures, you will have no issue with maintaining your compliance.
Helpful Hints: Before you begin.
- The Trustwave online questionnaire can be found here: https://cardpointe.managepci.com/
- For support regarding PCI compliance, please direct all requests to SecureTrust Support (a division of TrustWave) as they handle PCI Compliance.
- You can contact them directly at:
- PCI Support Phone: 1-877-257-0239
- PCI Support Email: email@example.com.
- You can contact them directly at:
- Being compliant will save you money - non-compliance will incur higher fees.
- We cannot enforce your compliance and we cannot, nor are we suggesting that we will, ensure your compliance. You need to put the answers from this questionnaire into practice if you are truly to be considered compliant.
- We are technically not allowed to assist in answering the questions, but the attached SAQ (self assessment questionnaire) guide can be used as a reference. See the bottom of this article for the link.
- Also ensure that you are in the right version of the questionnaire, which is SAQ type C-VT.
- This will make the SAQ short and not require a scan since you are processing through the CardPointe virtual terminal that is already compliant itself.
- You may be able to manually select the SAQ type C-VT version, but if not you can reach out to the CardConnect PCI Support team. They can also assist with any questions you may have related to completing the PCI compliance.
How to: Access the Trustwave PCI Compliance Questionnaire.
- First go to CardConnect MerchantCenter to start the process: https://gingr.cardconnect.com/account/login#/login
If you don't have a MerchantCenter account, now's your chance to sign up. There's a lot of useful account info here like transaction reports, on-demand statements, equipment, and documentation.
- Once logged into the MerchantCenter, select My Account from the top menu bar:
and right at the top of the page, you'll see your PCI status:
- Copy your Merchant ID as you will need that in a bit, and click the circled "Learn how to get compliant" link to take you to the CardConnect/Trustwave Portal, or you can get there directly via https://cardpointe.managepci.com/
Click the Get Started button to move forward if this is your first time on the site. Once you register, you can use the Login link to check on the status of your account.
- SAQ_User_Guide.pdf500 KB