While Schedulicity does not store any credit card data, rest assured our payment processor — Clearent — is absolutely PCI compliant and securely processes your credit card transactions.
Our payment integration with Clearent was designed to give businesses the assurance of PCI security, so they can focus on all the things that makes their business boom! 💥
Jump to a section in this article:
What is PCI Compliance?
PCI-DSS Compliance is a credit card industry acronym that stands for Payment Card Industry Data Security Standard, and it's important for any business looking to accept, store, and process card payments through means of internet-based payments.
These guidelines were created to ensure a level of protection for consumers, businesses, and banks from online fraud and data breaches during this ever-growing internet era. This means that all businesses should practice a set of PCI standards as well as host their data securely with a PCI compliant hosting provider. That PCI compliant hosting provider for Schedulicity is our Payment Processor, Clearent.
While PCI compliance is not required by law it is, however, required by credit card companies to make online transactions secure and protect them against identity theft. Any business that wants to process, store, or transmit credit card data is required to be PCI compliant, according to the PCI Compliance Security Standard Council.
If you're curious about what those requirements are, see them listed below:
Install and maintain a firewall configuration to protect cardholder data
Do not use vendor-supplied defaults for system passwords and other security parameters
Protect stored cardholder data
Encrypt transmission of cardholder data across open, public networks
Use and regularly update antivirus software
Develop and maintain secure systems and applications
Restrict access to cardholder data by business need-to-know
Assign a unique ID to each person with computer access
Restrict physical access to cardholder data
Track and monitor all access to network resources and cardholder data
Regularly test security systems and processes
Maintain a policy that addresses information security
Why do I need to acknowledge my PCI compliance?
Spot a banner asking you to acknowledge your PCI compliance at the top of your screen? You're not seeing things – PCI compliance helps everyone, from Schedulicity to your business, know that your transactions are being run safely. To acknowledge that compliance, the payment world has what's called a SAQ-A.
What's a SAQ-A? SAQ stands for "Self Assessment Questionnaire," and it's a handy self-validation tool intended to assist businesses and service providers evaluate their compliance with the Payment Card Industry Data Security Standard, otherwise known as PCI DSS. SAQs are designed to help you report the results of your PCI DSS self-assessment and it's important that you meet all of the standards for a specific SAQ. There are many different types of SAQ forms and it can get confusing if you're trying to go about this on your own.
Fortunately, upon approval for our built-in payment processing, you receive a pre-filled SAQ from our partner, Clearent, to review and accept. To accept it, all you have to do is follow these steps:
On the banner, click on the Acknowledge Here button
If you wish to view your SAQ-A before acknowledging, click on the View SAQ-A button
Otherwise, select the checkmark and click Agree to acknowledge
Please keep in mind that the payment processing industry requires you to re-acknowledge SAQs every year, so you'll want to keep your eye out when it's been about a year! From there, all you'll need to do is repeat these steps and you'll be golden. 👌