Complete Your PCI Compliance Questionnaire in Xplor Pay
Search Keywords: PCI questionnaire, PCI compliance, SAQ A, Xplor Pay merchant portal, PCI incomplete, annual PCI certification
Summary
Merchants using Xplor Pay through FlowerBuddy are required to complete an annual PCI Compliance Questionnaire. This guide will help you complete your PCI compliance questionnaire.
This reference only serves as a guide. Please ensure all of your responses are accurate to the best of your knowledge. If you have questions, call the PCI Compliance Help Desk at 855-864-1732.
For the purposes of this PCI compliance questionnaire as it relates to credit card payment processing through FlowerBuddy, the following should be true:
All payment processing is handled by Xplor Pay and its payment partners.
You do not directly store, process, or transmit credit card information.
Customers enter payment information through secure payment pages provided by FlowerBuddy and Xplor Pay.
You do not manually record customer credit card information.
Important: This questionnaire only applies to your FlowerBuddy payment processing account and the Xplor Pay merchant ID associated with FlowerBuddy. Do not include any other payment systems you use outside of FlowerBuddy when answering these questions. For example, if you also use a separate point-of-sale system, Stripe account, Square account, another website, or any other payment processor that is not connected to your FlowerBuddy Xplor Pay merchant account, those systems should not be considered when completing this questionnaire.
Access the PCI Questionnaire
Open Workspace Settings
Select Integrations
Select Payments
Scroll to Xplor Pay
Click Xplor Pay Merchant Portal
Locate the PCI status box
Click the link that says PCI: Incomplete
Part 1: Merchant Information
Review the merchant information displayed and confirm it is correct.
If necessary, click Edit and complete any required fields before continuing.
Contact Name
Email Address
For the question: Is your organization a service provider as defined by the PCI Council (e.g. hosting providers, payment processors, managed service providers)?
Select No.
Click Save before continuing.
Part 2: Merchant Business Payment Channels
Under payment channels:
Mail Order / Telephone Order (MOTO): Leave unchecked.
E-Commerce: Check E-Commerce.
For Do you electronically store or transmit consumer account data? select No.
Card-Present: Leave unchecked.
For Are any payment channels not included in this assessment? select No.
Click Save.
Part 3: Relationships
Remember that this questionnaire only applies to your FlowerBuddy Xplor Pay merchant account. Do not consider any separate payment processors, websites, point-of-sale systems, Stripe accounts, Square accounts, or other payment solutions that are not connected to your FlowerBuddy Xplor Pay merchant ID.
Question 1: Do you have relationships with third-party service providers that handle your account data, such as payment gateways or processors? Select No.
Question 2: Do you engage with third-party service providers managing system components within your PCI DSS assessment scope? Select No.
Question 3: Do you work with third-party service providers that could impact the security of your Cardholder Data Environment? Select No.
Click Save.
Part 4: Processing Solution
For What solution do you use to process credit cards? select Moto/E-Commerce.
For Do you store any sensitive cardholder data electronically? select No.
For Does your business use network segmentation to affect the scope of your PCI DSS environment? select No.
Moto/E-Commerce Configuration
For How do you process payments? select Hosted Payment and iFrame.
For Does your website use either a redirection mechanism or an embedded payment form? select No.
Add Your Payment Processor
Click Add/Edit in the Solution Selection section.
Choose Service Provider: Clearent LLC.
For the service selection, choose (or type) VISANET PROCESSOR, PAYMENT FACILITATOR, THIRD PARTY SERVICER.
Click Save.
Confirm Eligibility for SAQ A
Review the eligibility statements. If the statements accurately describe your FlowerBuddy payment processing setup, check I agree that the statements above are true and click Continue.
Completing the Questionnaire Sections
The remaining sections contain PCI compliance attestations. These attestations only apply to your use of Xplor Pay through FlowerBuddy. FlowerBuddy and Xplor Pay handle the technical aspects of securely storing, processing, and transmitting payment information. You are not responsible for managing cardholder data systems, servers, payment infrastructure, or electronic storage of payment information. Asside from the technical aspects, the following should be true as it relates to your use of FlowerBuddy and Xplor Pay:
You do not write down customer credit card numbers.
You do not write down card security codes (CVV/CVC codes).
You do not write down PIN numbers or other payment authentication information.
You do not store cardholder information on paper, spreadsheets, documents, notes, or other records.
Anyone in your organization who may handle payments understands that cardholder information should not be written down or stored.
If those statements are true for your business, you can proceed through the attestation sections.
Section 1: Protect Stored Account Data - Review the statements, check the attestation box, and click Continue.
Section 2: Restrict Physical Access to Cardholder Data - Review the statements, check the attestation box, and click Continue.
Section 3: Support Information Security with Organizational Policies and Programs - Review the statements, check the attestation box, and click Continue.
Progress Reports and Charts - No action is required on this screen.
Review and Submit
Review your responses, complete the electronic signature section, and submit the questionnaire.
After Submission
PCI completion status may not update immediately. Please allow up to two business days for the completed questionnaire status to appear in your Xplor Pay Merchant Portal and within your FlowerBuddy account. The PCI Compliance Questionnaire must be completed annually.