PCI Compliance Walkthrough - YouTube

Hi, my name is Brittany, and I'm part of the training team. Today we will be going

over PCI. First you will receive an email from our support team titled

"LawPay and Affinipay PCI Compliance" that includes your user name and password for your

LawPay PCI account. You will go to the www.PCIcentral.com link and enter in the given

login information. Once you submit your initial login credentials you will be

prompted to enter the email address associated with your account.

When that information is submitted you will receive an email from control scan which

will include the link for setting up your PCI account.

The first link will direct you to a page where you will set up three security questions and then your password.

You will automatically be logged into the PCI website once your password is submitted.

And you can click the box at the bottom of the next page

agreeing to the terms and conditions of the website, when you are finished

setting up your account you will be taken to a page titled "compliance

overview at a glance" from here you will click on the link below next to action

that says "click here to start the questionnaire" in the light gray box.

This will direct you to the introduction page and you can begin clicking next on the

bottom right. The first page of the questionnaire will show your company information.

Here you do not need to change the information but instead send

[email protected] an email if anything needs to be updated. Next, you will be

asked to enter your merchant type. In the empty field type in your business type

for example if you're an attorney you will type in attorney and select the

option that best fits your business.

The following page will ask you to select your processing method, the option

to select a "secure payment page/secure payment link".

The next page will have only one option to select for "outsourced" when you hit next for this

section there will be a pop-up message asking you if you would like to add

another processing method and you will answer "no".

You will then be automatically directed to the question that asks if your business electronically stores

credit card numbers, the answer will be "no". Next you will select YES for the

Next you will select "YES" for the eligibility page which says you are qualified for the shortened SAQ A

version and describes the processing method for your company.

After the eligibility page will be questions asking about how you process credit

cards in your office. The first section will ask about how you handle media.

Media refers to any full credit card information that is written down on paper.

If you do not store any paper copies of full credit card numbers you

will answer the next 9 questions pertaining to media as "not applicable".

If you receive the email receipt notifications from LawPay and print

those copies those do not count as media because the receipts only show the last

four digits of the card number, so you can still answer not applicable.

The next seven questions have to do with unique user IDs and passwords to access the

online system these questions will be true as long as everyone has separate

login credentials with secure personal passwords. All passwords contain at least

7 characters that contain both numbers and letters and users are deleted if

they are no longer working for the company.

The last six questions discussed the relationship that your business has with

LawPay in regards to processing credit card information. The last five questions

discuss the relationship that your business has with LawPay in regards to

processing credit card information. For the question asking "if you have a list

of service providers" the answer will be TRUE, because you can find LawPay's contact

information online if you do not already have it. The next question regarding

having a written agreement states that you understand that LawPay is in charge

of keeping credit card numbers on the website secure, so this will be marked as TRUE.

The established process for engaging service providers means that

you researched the LawPay before choosing us as your service provider which will be TRUE.

LawPay is required to be PCI compliant every year as well, so the

question stating the year service provider is PCI compliant annually will

be marked as TRUE as well. The last question explains that you understand

that as a merchant you're responsible for keeping credit card information

confidential and making sure you are not storing full credit card numbers electronically.

While your service provider, LawPay, has to continue

providing the safe payment page for you, this is also TRUE.

And lastly, the final question states that if you feel as though your system has been breached

your first plan of action should be to contact LawPay. You will then get to

the attestation page which confirms that you answer the PCI questions to the best

of your knowledge. You will enter in your first and last name in the empty field

and check the box certifying that you are an authorized representative of your company.

Once you click next you will reach the page that says Congratulations! You have

completed the SAQ A for your PCI compliance. This confirms that you are

finished with the PCI compliance questionnaire for the year and you have

nothing further to do. There will be a button that allows you to download your

PCI certificate, this is optional for you to print or save.

LawPay will get confirmation that your account is PCI compliant once you reach the

congratulations page and you can just click sign out at the top right.

If you have any additional questions please contact our PCI compliance team at 866 - 376 -0947 .

Thank you for choosing LawPay and happy charging!