What is PCI Compliance?
Payment card industry (PCI) compliance is a set of rules and regulations that protect credit card data from hackers and scammers. If your nonprofit accepts credit cards you are required to adhere to PCI data security standards. This process can be confusing, but ignoring it puts your organization and donors at risk. That’s why Neon One offers the industry’s only free PCI Compliance Program to all of our customers—to keep you and your supporters safe.
What does the PCI Compliance Program include?
Tools, training resources, and templates
Annual compliance certification support
$100,000 in data breach protection
TOOLS, TRAINING, RESOURCES
Gain knowledge to keep your data safe
Don’t know much about PCI compliance? Don’t worry. You’ll have access to tools, training, and templates that make it easy to keep your organization protected.
ANNUAL CERTIFICATION SUPPORT
Simplify your annual certification process
With PCI Self-Assessment Questionnaire (SAQ) assistance, quarterly Approved Scanning Vendor (ASV) scans, plus chat, email, and phone support.
The Neon One PCI Compliance Program is a free program we offer in partnership with SecureTrust, a leading PCI compliance and cybersecurity vendor. It is offered to all Neon One customers and provides PCI compliance certification assistance, security scans, and access to training and resources. This program gives our nonprofit customers the tools they need to keep their data secure, mitigate credit card fraud, and protect themselves from security breaches.
While PCI compliance is not part of any law, it is an internationally-used set of regulations that comes with significant penalties and costs for organizations that don’t apply to the requirements. Any organization accepting credit card transactions is required to be PCI compliant.
As a Neon One customer, you are encouraged, but not required to participate in this program.
Yes. Neon One is PCI-DSS Level 1 compliant and re-certifies annually.
Yes. All organizations accepting credit card payments are required to certify compliance with PCI standards, regardless of the tools they use. Software vendors who host payment pages, like Neon One, are also required to annually certify their compliance.
Using a software vendor that is certified PCI Compliant is an important part of the compliance process. Using Neon One’s technology in addition to certifying your organization’s own PCI Compliance is a great way to keep data protected end-to-end.
No. Only organizations accepting credit card payments are required to certify compliance with PCI standards.
When you sign up for Neon One’s PCI Compliance program, your organization immediately receives access to a SecureTrust compliance account and its merchant portal. By creating a SecureTrust account, your organization receives the following:
– Self-Assessment Questionnaire (SAQ) assistance
– Quarterly Approved Security Vendor (ASV) scans
– 24/7 phone, chat, and email support
– Training resources
– Policy templates
– $100,000 in data breach protection
Enrollment into the program is free for all Neon One customers.
While Neon Pay provides encrypted, tokenized credit card processing, it does not protect your organization from all angles. Along with using a secure, encrypted payment processor, making sure your organization is handling sensitive data correctly and has the right technology policies in place, in accordance with industry standards, is the best defense against data breaches.
Neon One partners with SecureTrust, a leading cybersecurity and compliance firm, to bring this program to our customers. When you enroll in the Neon One PCI Compliance program, a SecureTrust account is created for your organization.
To enroll in the free PCI Compliance program, log in to the Neon One Portal and click the PCI Compliance menu option. Click Enroll Now to designate a PCI Compliance Contact at your organization. This should be a technology administrator or someone at your organization who is responsible for managing the technology systems you use. Our partner, SecureTrust, will provide login credentials and access to their compliance portal via email within 24 hours. Certification guidance, security tools, training materials, policy templates, and more, are all available in the SecureTrust portal as long as you are enrolled in the program.
Certifying compliance with a SecureTrust account consists of three main steps.
1. Complete your Business Profile information
2. Set up quarterly Approved Security Vendor (ASV) scans
3. Complete the Self-Assessment Questionnaire (SAQ) and Attestation of Compliance (AOC)
The SecureTrust support team is available 7 days a week to answer any questions you have before, during, or after the compliance certification process.
No. Our program is currently available only to Neon One customers.
PCI Compliance is required to be certified each year. When you certify compliance, it is valid for one calendar year, after which time it expires. SecureTrust will notify your main PCI Contact of the upcoming expiration date and guide you through the process of re-certifying compliance. Luckily, all of your previous information is stored.
Yes. Your PCI Contact can create additional users in the SecureTrust portal and receive full access. Note that these users will not be synced to Neon One Portal.
Yes. Your PCI Contact can be updated in the SecureTrust portal. This update will then be synced to Neon One Portal and reflected on the PCI Compliance page.
If you would like to cancel your SecureTrust service through the Neon One PCI Compliance program, please reach out to your Neon One support team or account representative, and we will arrange the deactivation with SecureTrust.
Our PCI Compliance program through SecureTrust offers 24/7 support from PCI Compliance experts. If you’d like to learn more about PCI Compliance on your own, we recommend visiting the PCI Security Standards Council’s website and resource library.