Section III - Credit Card Transactions Processed by the Customer through a Web Site with a Hosted Payment Gateway – Self Assessment Questionnaire A (SAQ A)
Note: Section I should also be used in conjunction with this section when developing a department’s individual policies.
Section III pertains to a secure website accepting payments through a hosted payment gateway which has been authorized (both the website and the payment gateway) by Student Receivables. The Receivables Office will meet with the department to review the department’s plan for a web site and discuss services that are centrally provided to accommodate web processing and to provide advice and guidance regarding proposed options and/or vendors. To be approved as a secure website accepting payments through a hosted payment gateway, the following conditions must be met:
-
Electronic files containing customer credit card numbers and expiration dates are not created or stored (including spreadsheets, databases).
-
The security code or value is not stored. This is normally used to verify identity when the credit card is not available to swipe.
-
The personal identification number is not stored.
-
Department employees do not enter credit card data on behalf of the customer into the web site.