PCI DSS Attestation - Platinum Payments Only

When starting the PCI compliance questionnaire/business information profile, it is our suggestion to respond to the following questions when prompted as follows. If you have started the questionnaire it's important to revert to the very beginning of the questionnaire. After which, all other questions will be in relation to how your practice's network is setup up (which may require you to work with your IT representative) and/or the procedures/protocols the practice has set in place.   

• Have you already completed a PCI DSS Self-Assessment Questionnaire (SAQ) or Attestation of Compliance (AoC) that you would like to upload? Select, first time through this process, OR if you have completed this process more than 12 months ago. 
• How do you accept payment cards?  Mail or telephone order
• How you accept your mail and telephone order customer card payments: Phone
• Do you outsource your telephone or mail ordering service including payment capture to a third party? Yes
• Please provide the name of your contact center services provider: Authorize.Net
• Is your call center fulfillment service provider PCI DSS compliant? Yes
• How do you accept payments over the phone? My customers give their payment card number over the phone to a person in my organization or call center
• To handle payment cards, you are required by PCI DSS to have an Information Security Policy in place for your organization. This must cover all relevant areas of the standard.  If you do not currently have one, one can be provided with a template below: I do not have an information Security Policy in place at the moment, I will implement a security policy using the template provided – download provided template. 
• How and in what capacity does your business store, process, and/or transmit cardholder data? Our business does not store, process, or transmit any cardholder data throughout the lifecycle of the transaction.  We use IDEXX Petly Plans which offers us a fully hosted, PCI compliant solution for transaction and payment processing through Authorize.Net. 
• Provide a high-level description of the environment covered by this assessment: We utilize IDEXX Petly Plans that submit the person's name to Authorize.Net to acquire a customer token.  An HTML iFrame provided by Petly Plans and originates from Authorize.Net to capture cardholder data.  Payment tokens are returned to Petly Plans for later use of initiating charges.  Such charges may be automated or requested manually. 

If you’re experiencing issues logging into the Platinum Payments PCI questionnaire, it would be best to contact Platinum Payments directly to get your access reset by calling 888.888.4009 Option 3 for Account Services or Option 8 for PCI Services.

If the practice continues to experience issues after performing the steps above, please email directly and I’ll reach out to the practice contact to schedule a screen-sharing session.