Navigating the Navigating the trustkeeper.nettrustkeeper.net
PortalPortal2011 PCI:DSS Compliance Validation2011 PCI:DSS Compliance Validation
UCSFUCSFController’s OfficeController’s Office
Attestation Process 2011Attestation Process 2011
October-NovemberOctober-November: : Department PCI Administrators Department PCI Administrators submit online SAQsubmit online SAQ
DecemberDecember: : Controller’s Office verifies compliance Controller’s Office verifies compliance with each departmentwith each departmentCampus submits annual attestation Campus submits annual attestation to acquiring bankto acquiring bank
2011 PCI Validation2011 PCI Validation
The Controller’s Office is working with The Controller’s Office is working with trustkeeper.net to grant access to the online trustkeeper.net to grant access to the online portal for approved merchant accounts. Once portal for approved merchant accounts. Once activated, department PCI Administrators will be activated, department PCI Administrators will be able to submit their SAQ results onlineable to submit their SAQ results online
All merchants with a swipe terminal account are All merchants with a swipe terminal account are required to complete the SAQ, and all merchants required to complete the SAQ, and all merchants with an internet account are required to complete with an internet account are required to complete an IP address scan in addition to the SAQan IP address scan in addition to the SAQ
Access to the trustekeeper.net Access to the trustekeeper.net PortalPortal
Once access is granted to the portal, the Once access is granted to the portal, the department PCI Administrator will receive an department PCI Administrator will receive an email from trustkeeper.net with enrollment email from trustkeeper.net with enrollment informationinformation
A sample of this email is in the next slideA sample of this email is in the next slide
Once the email is received, the department PCI Once the email is received, the department PCI Administrator can start the online PCI:DSS Administrator can start the online PCI:DSS attestation processattestation process
Welcome to TrustKeeper®. Please click the link below to log in and begin the certification process. If you have already completed the process, you may use this login information to manage your account over time.
https://www.trustkeeper.net/
Account Details:Account name: **********Username: *********
TrustKeeper® is a certified remote assessment and compliance solution created by Trustwave and designed to help merchants meet the PCI data security standards and achieve compliance with the associated programs of Visa®, MasterCard®, American Express®, Discover®, and other credit card associations. The TrustKeeper solution is an integrated easy-to-use tool that removes the challenge of navigating the complex PCI requirements and provides a "one stop shop" for merchants to achieve compliance and receive certification.
DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This mail is sent by an automated message system and the reply will not be received. Thank you for using TrustKeeper.
Email Subject Line:Your TrustKeeper account registration is now complete!
Access to the trustekeeper.net Access to the trustekeeper.net PortalPortal
Departments with multiple merchant accounts Departments with multiple merchant accounts must follow this online attestation process for must follow this online attestation process for every merchant accountevery merchant account
– a separate trustkeeper.net username should be a separate trustkeeper.net username should be assigned for each merchant account assigned for each merchant account
Logging in to the PortalLogging in to the Portal Access the portal log in page by clicking on the Access the portal log in page by clicking on the
link provided in the email (or go to link provided in the email (or go to www.trustkeeper.net) )
Log in with your account username and passwordLog in with your account username and password– If forgotten, follow the navigation links to re-set your If forgotten, follow the navigation links to re-set your
passwordpassword
New trustkeeper.net usersNew trustkeeper.net users– If this is the first time you have used the If this is the first time you have used the
trustkeeper.net portal, identify your username in the trustkeeper.net portal, identify your username in the email from trustkeeper.net and use the ‘I Forgot my email from trustkeeper.net and use the ‘I Forgot my Password’ link on the portal page to have a temporary Password’ link on the portal page to have a temporary password emailed to you. password emailed to you.
www.trustkeeper.net
Navigating the PortalNavigating the Portal The remaining slides contain step by step The remaining slides contain step by step
instructions on how to renew your trustkeeper.net instructions on how to renew your trustkeeper.net subscription and validate annual PCI:DSS subscription and validate annual PCI:DSS compliancecompliance
Based on your current account status, your portal Based on your current account status, your portal view may be slightly differentview may be slightly different
A departmental P-Card should be used to pay for A departmental P-Card should be used to pay for the subscription renewal in Step 1the subscription renewal in Step 1
Before You StartBefore You Start
Remember, as the PCI Administrator:Remember, as the PCI Administrator:You are attesting that the answers are valid You are attesting that the answers are valid
and applicable to your environmentand applicable to your environmentYou are personally responsible for the You are personally responsible for the
accuracy of your SAQ submission; no accuracy of your SAQ submission; no guessing allowedguessing allowed
Current compliance status
If your current status is expired this screen may look different
Step 1 – Renew Subscription
Choose the ‘Extend Subscription’ link from the left menu bar
Step 1 – Renew Subscription
Click on ‘Renew Subscription Now’ button
Step 1 – Renew Subscription
-Print screen to use for P-Card payment confirmation
-Click on ‘continue to next step’ button
UCSF Annual Fee’s
$50.00 SAQ A, B, and C merchants with no scanning
-OR-
$299.00 SAQ C and D merchants with scanning
IMPORTANT: Trustkeeper.net is experiencing a problem displaying the correct annual subscripting fee on this page. However, your credit card transaction will be processed for the correct amount here
Step 1 – Renew Subscription
Click on ‘I AGREE’
Contract Agreement
The Trustwave contract is a system wide agreement negotiated by UCOP Banking Services
Step 1 – Renew Subscription
-Complete payment information using a P-Card
-Click on ‘Submit’
P-Card holders name and billing address
P-Card Information
Step 1 – Renew Subscription
-Print screen to use for P-Card payment confirmation
-Click on ‘continue’ button
UCSF Annual Fee’s
$50.00 SAQ A, B, and C merchants with no scanning
-OR-
$299.00 SAQ C and D merchants with scanning
IMPORTANT: If your credit card was charged for the incorrect amount, send an email to [email protected]
PCI: Compliant Status
Click on the ‘Refresh Compliance Questionnaire’ link
-OR-
PCI: Expired Status
Click on the ‘Compliance Questionnaire’ link
Step 2 – Validate Compliance
Select the appropriate link according to your current account status
Step 2 – Validate Compliance
-Select the appropriate SAQ Form (A,B,C) choosing the 1.2 version
-Click on ‘begin’
IMPORTANT: The portal defaults the SAQ selection to Form D. You must select the correct Form based on your current processing environment
Step 2 – Validate Compliance
-Complete the SAQ Form
Read through the instructions
Starting with the ‘Eligibility’ tab, go through each of the sections selecting the ‘Continue’ link in the bottom right corner to move to the next tab
Step 2 – Validate Compliance
Navigation tipsClick on ‘?’ to view helpful tips
Items are removed from the ‘Unanswered Questions’ tab once questions in the category are satisfactorily answered
Click on ‘All Questions’ tab to review questions no longer displayed in ‘Unanswered Questions’ tab
Step 2 – Validate Compliance
Complete ‘Confirmation and Acknowledgement’ information
The confirmation and acknowledgement fields are displayed below SAQ Requirement 12 questions. The tabs on the left collapse once your have reached this last section
Type name and title of Departmental PCI Administrator validating compliance to the requirements on the SAQ Form
Step 2 – Validate Compliance
Submit and Save results
Submit and Save results!Your compliance will not be extended if you forget this last step!
New compliance status
If you completed and passed the SAQ Form, your status expiration date will extend to 12 months from the day passed (year 2012)
Step 2 – Validate Compliance
Verify compliance status is extended to year 2012
CONGRATULATIONS!CONGRATULATIONS!We appreciate your diligent ongoing efforts to keep We appreciate your diligent ongoing efforts to keep
credit card data safe and secure at UCSF.credit card data safe and secure at UCSF.
UCSFUCSF
Controller’s OfficeController’s [email protected]