PCI-DSS / SAQ
The PCI standard is administered by PCI Security Standards Council for the credit card industry. The standard was created to help curb credit card fraud. Validation of compliance is performed regularly by an external Qualified Security Assessor (QSA) that creates a Report on Compliance (ROC) for organizations handling ecommerce transactions. All StarChapter instances are compliant from a technology standpoint. However, a part of PCI compliance pertains to your Refund Policy, Shipping Policy, Terms and Conditions, Privacy Policy, and Contact Information posted on your website, as well as your internal process and procedures too. You are required to produce this content and validate it with your merchant account provider accordingly. StarChapter can help you learn how to post this PCI compliance text on the system, but does not write or validate it for you.
On a periodic basis, you may be required to answer a self-assessment questionnaire. You should qualify for the simple version of the questionnaire (SAQ A). Below is some guidance that may be helpful when completing the SAQ A, but please confer with your payment gateway and/or merchant provider with any further questions. Note that this guidance is only pertinent to organizations whose sole point of credit card transactions is through StarChapter. Chapter's that have additional points of sale should contact their merchant account provider for further guidance.
Section 1: Assessment Information
Part 1. Merchant and Qualified Security Assessor Information
Part 1a. Merchant Organization Information
Complete this section with your organization or chapter's information.
Part 1b. Qualified Security Assessor Company Information
This section can typically be left blank as it is not applicable if chapters don't have an independent security resource.
Part 2. Executive Summary
Part 2a. Type of Merchant Business
If your organization is solely using StarChapter, all sections within Part 2a should denote E-Commerce as the type of business and payment channels.
Part 2b. Description of Payment Card Business
Information is entered and passed to the payment gateway using SSL encryption. No sensitive credit card information is stored in our software provider's software.
Part 2c. Locations
Type of Facility: Data Center
Number of Facilities of this Type: 1
Location(s) of Facility: Northern Virginia, USA
Part 2d. Payment Application
Does the organization use one or more Payment Applications? No
Part 2e. Description of Environment
Encrypted transmission of card holders data from StarChapter web-based software to payment gateway.
Does your business use network segmentation to affect the scope of your PCI DSS environment? No
Part 2f. Third-Party Service Providers
Does your company use a Qualified Integrator & Reseller (QIR)? No
Does your company share cardholder data with any third-party service providers (for example, Qualified Integrator & Resellers (QIR), gateways, payment processors, payment service providers (PSP), web-hosting companies, airline booking agents, loyalty program agents, etc.)? Yes
Name of Service Provider - Description of Services Provided:
Star Chapter, LLC - Web-based application
Gateway or Payment Service - Payment gateway provider
Cloudflare - Cloud networking platform
Liquid Web - Data center
Amazon AWS - Data center
Part 2g. Eligibility to Complete SAQ A
StarChapter's payment gateway connection qualifies for all point required for the SAQ A survey. Note that if credit card payments are accepted through other avenues, this may not be the correct survey. Contact your payment gateway or service for furthe guidance in the case of additional points of sale.
Section 2: Self-Assessment Questionaire A
Section 2 of the SAQ A pertains to your organization's policies and procedures. These responses may vary between chapters, so StarChapter cannot offer guidance on this section of the survey.
