Navigating trustkeeper.net 2011 PCI:DSS Attestation

advertisement
Navigating the
trustkeeper.net
Portal
2011 PCI:DSS Compliance Validation
UCSF
Controller’s Office
Attestation Process 2011
October-November:
Department PCI Administrators
submit online SAQ
December:
Controller’s Office verifies compliance
with each department
Campus submits annual attestation
to acquiring bank
2011 PCI Validation


The Controller’s Office is working with
trustkeeper.net to grant access to the online
portal for approved merchant accounts. Once
activated, department PCI Administrators will be
able to submit their SAQ results online
All merchants with a swipe terminal account are
required to complete the SAQ, and all merchants
with an internet account are required to complete
an IP address scan in addition to the SAQ
Access to the trustekeeper.net
Portal



Once access is granted to the portal, the
department PCI Administrator will receive an
email from trustkeeper.net with enrollment
information
A sample of this email is in the next slide
Once the email is received, the department PCI
Administrator can start the online PCI:DSS
attestation process
Email Subject Line:
Your TrustKeeper account registration is now complete!
Welcome to TrustKeeper®. Please click the link below to log in and begin the certification
process. If you have already completed the process, you may use this login information to
manage your account over time.
https://www.trustkeeper.net/
Account Details:
Account name: **********
Username: *********
TrustKeeper® is a certified remote assessment and compliance solution created by
Trustwave and designed to help merchants meet the PCI data security standards and
achieve compliance with the associated programs of Visa®, MasterCard®, American
Express®, Discover®, and other credit card associations. The TrustKeeper solution is an
integrated easy-to-use tool that removes the challenge of navigating the complex PCI
requirements and provides a "one stop shop" for merchants to achieve compliance and
receive certification.
DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This mail is sent by an automated message
system and the reply will not be received. Thank you for using TrustKeeper.
Access to the trustekeeper.net
Portal

Departments with multiple merchant accounts
must follow this online attestation process for
every merchant account
– a separate trustkeeper.net username should be assigned
for each merchant account
Logging in to the Portal


Access the portal log in page by clicking on the
link provided in the email (or go to
www.trustkeeper.net)
Log in with your account username and
password
– If forgotten, follow the navigation links to re-set your
password

New trustkeeper.net users
– If this is the first time you have used the
trustkeeper.net portal, identify your username in the
email from trustkeeper.net and use the ‘I Forgot my
Password’ link on the portal page to have a temporary
password emailed to you.
www.trustkeeper.net
Navigating the Portal



The remaining slides contain step by step
instructions on how to renew your trustkeeper.net
subscription and validate annual PCI:DSS
compliance
Based on your current account status, your portal
view may be slightly different
A departmental P-Card should be used to pay for
the subscription renewal in Step 1
Before You Start

Remember, as the PCI Administrator:
 You
are attesting that the answers are valid
and applicable to your environment
 You are personally responsible for the
accuracy of your SAQ submission; no
guessing allowed
Step 1 – Renew Subscription
Choose the ‘Extend Subscription’ link
from the left menu bar
Current compliance status
If your current status is
expired this screen may look
different
Step 1 – Renew Subscription
Click on ‘Renew Subscription Now’
button
Step 1 – Renew Subscription
-Print screen to use for P-Card
payment confirmation
-Click on ‘continue to next step’ button
IMPORTANT: Trustkeeper.net is
experiencing a problem
displaying the correct annual
subscripting fee on this page.
However, your credit card
transaction will be processed for
the correct amount here
UCSF Annual Fee’s
$50.00
SAQ A, B, and
C merchants with no
scanning
-OR$299.00
SAQ C and D
merchants with
scanning
Step 1 – Renew Subscription
Click on ‘I AGREE’
Contract
Agreement
The Trustwave
contract is a system
wide agreement
negotiated by UCOP
Banking Services
Step 1 – Renew Subscription
-Complete payment information using
a P-Card
-Click on ‘Submit’
P-Card holders name
and billing address
P-Card Information
Step 1 – Renew Subscription
-Print screen to use for P-Card
payment confirmation
-Click on ‘continue’ button
UCSF Annual Fee’s
$50.00
SAQ A, B, and
C merchants with no
scanning
-OR$299.00
SAQ C and D
merchants with
scanning
IMPORTANT: If your credit card
was charged for the incorrect
amount, send an email to
Kevin.Leung2@ucsf.edu
Step 2 – Validate Compliance
PCI: Compliant Status
Select the appropriate link according to
your current account status
Click on the ‘Refresh Compliance Questionnaire’ link
-ORPCI: Expired Status
Click
on the ‘Compliance Questionnaire’ link
Step 2 – Validate Compliance
-Select the appropriate SAQ Form
(A,B,C) choosing the 1.2 version
-Click on ‘begin’
IMPORTANT: The portal
defaults the SAQ
selection to Form D. You
must select the correct
Form based on your
current processing
environment
Step 2 – Validate Compliance
-Complete the SAQ Form
Read through the instructions
Starting with the ‘Eligibility’ tab,
go through each of the sections
selecting the ‘Continue’ link in the
bottom right corner to move to
the next tab
Step 2 – Validate Compliance
Navigation tips
Items are removed from the
‘Unanswered Questions’ tab
once questions in the category
are satisfactorily answered
Click on ‘?’ to view helpful tips
Click on ‘All Questions’ tab to
review questions no longer
displayed in ‘Unanswered
Questions’ tab
Step 2 – Validate Compliance
Complete ‘Confirmation and
Acknowledgement’ information
The confirmation and
acknowledgement fields are
displayed below SAQ
Requirement 12 questions. The
tabs on the left collapse once
your have reached this last
section
Type name and title of
Departmental PCI Administrator
validating compliance to the
requirements on the SAQ Form
Step 2 – Validate Compliance
Submit and Save results
Submit and Save results!
Your compliance will not be extended if you
forget this last step!
Step 2 – Validate Compliance
Verify compliance status is extended to
year 2012
New compliance status
If you completed and passed
the SAQ Form, your status
expiration date will extend to
12 months from the day
passed (year 2012)
CONGRATULATIONS!
We appreciate your diligent ongoing efforts to keep
credit card data safe and secure at UCSF.
UCSF
Controller’s Office
CashControlsSVCDesk@ucsf.edu
Download