Attestation Process 2011 October-November: Department PCI Administrators submit online SAQ December: Controller’s Office verifies compliance with each department Campus submits annual attestation to acquiring bank
2011 PCI Validation The Controller’s Office is working with trustkeeper.net to grant access to the online portal for approved merchant accounts. Once activated, department PCI Administrators will be able to submit their SAQ results online All merchants with a swipe terminal account are required to complete the SAQ, and all merchants with an internet account are required to complete an IP address scan in addition to the SAQ
Access to the trustekeeper.net Portal Once access is granted to the portal, the department PCI Administrator will receive an email from trustkeeper.net with enrollment information A sample of this email is in the next slide Once the email is received, the department PCI Administrator can start the online PCI:DSS attestation process
Welcome to TrustKeeper®. Please click the link below to log in and begin the certification process. If you have already completed the process, you may use this login information to manage your account over time. https://www.trustkeeper.net/ Account Details: Account name: ********** Username: ********* TrustKeeper® is a certified remote assessment and compliance solution created by Trustwave and designed to help merchants meet the PCI data security standards and achieve compliance with the associated programs of Visa®, MasterCard®, American Express®, Discover®, and other credit card associations. The TrustKeeper solution is an integrated easy-to-use tool that removes the challenge of navigating the complex PCI requirements and provides a "one stop shop" for merchants to achieve compliance and receive certification. DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This mail is sent by an automated message system and the reply will not be received. Thank you for using TrustKeeper. Email Subject Line: Your TrustKeeper account registration is now complete!
Access to the trustekeeper.net Portal Departments with multiple merchant accounts must follow this online attestation process for every merchant account –a separate trustkeeper.net username should be assigned for each merchant account
Logging in to the Portal Access the portal log in page by clicking on the link provided in the email (or go to www.trustkeeper.net) www.trustkeeper.net Log in with your account username and password –If forgotten, follow the navigation links to re-set your password New trustkeeper.net users – If this is the first time you have used the trustkeeper.net portal, identify your username in the email from trustkeeper.net and use the ‘I Forgot my Password’ link on the portal page to have a temporary password emailed to you.
Navigating the Portal The remaining slides contain step by step instructions on how to renew your trustkeeper.net subscription and validate annual PCI:DSS compliance Based on your current account status, your portal view may be slightly different A departmental P-Card should be used to pay for the subscription renewal in Step 1
Before You Start Remember, as the PCI Administrator: You are attesting that the answers are valid and applicable to your environment You are personally responsible for the accuracy of your SAQ submission; no guessing allowed
Current compliance status If your current status is expired this screen may look different Step 1 – Renew Subscription Choose the ‘Extend Subscription’ link from the left menu bar
Step 1 – Renew Subscription - Print screen to use for P-Card payment confirmation -Click on ‘continue to next step’ button UCSF Annual Fee’s $50.00 SAQ A, B, and C merchants with no scanning -OR- $299.00 SAQ C and D merchants with scanning IMPORTANT: Trustkeeper.net is experiencing a problem displaying the correct annual subscripting fee on this page. However, your credit card transaction will be processed for the correct amount here
Step 1 – Renew Subscription Click on ‘I AGREE’ Contract Agreement The Trustwave contract is a system wide agreement negotiated by UCOP Banking Services
Step 1 – Renew Subscription -Complete payment information using a P-Card -Click on ‘Submit’ P-Card holders name and billing address P-Card Information
Step 1 – Renew Subscription - Print screen to use for P-Card payment confirmation -Click on ‘continue’ button UCSF Annual Fee’s $50.00 SAQ A, B, and C merchants with no scanning -OR- $299.00 SAQ C and D merchants with scanning IMPORTANT: If your credit card was charged for the incorrect amount, send an email to Kevin.Leung2@ucsf.edu
PCI: Compliant Status Click on the ‘Refresh Compliance Questionnaire’ link -OR- PCI: Expired Status Click on the ‘Compliance Questionnaire’ link Step 2 – Validate Compliance Select the appropriate link according to your current account status
Step 2 – Validate Compliance -Select the appropriate SAQ Form (A,B,C) choosing the 1.2 version -Click on ‘begin’ IMPORTANT: The portal defaults the SAQ selection to Form D. You must select the correct Form based on your current processing environment
Step 2 – Validate Compliance -Complete the SAQ Form Read through the instructions Starting with the ‘Eligibility’ tab, go through each of the sections selecting the ‘Continue’ link in the bottom right corner to move to the next tab
Step 2 – Validate Compliance Navigation tips Click on ‘?’ to view helpful tips Items are removed from the ‘Unanswered Questions’ tab once questions in the category are satisfactorily answered Click on ‘All Questions’ tab to review questions no longer displayed in ‘Unanswered Questions’ tab
Step 2 – Validate Compliance Complete ‘Confirmation and Acknowledgement’ information The confirmation and acknowledgement fields are displayed below SAQ Requirement 12 questions. The tabs on the left collapse once your have reached this last section Type name and title of Departmental PCI Administrator validating compliance to the requirements on the SAQ Form
Step 2 – Validate Compliance Submit and Save results Submit and Save results! Your compliance will not be extended if you forget this last step!
New compliance status If you completed and passed the SAQ Form, your status expiration date will extend to 12 months from the day passed (year 2012) Step 2 – Validate Compliance Verify compliance status is extended to year 2012
CONGRATULATIONS! We appreciate your diligent ongoing efforts to keep credit card data safe and secure at UCSF. UCSF Controller’s Office CashControlsSVCDesk@ucsf.edu