The Office of the Treasurer has contracted with Trustwave to provide us access to an online portal called Trustkeeper. The Trustkeeper portal will allow each department to go online and fill out their annual Self-Assessment Questionnaire. The Self-Assessment Questionnaire is an annual process to verify each locations compliance with the Payment Card Industry Data Security Standard (PCI-DSS).

The process will begin with the main Payment Card contact for each merchant location receiving a Welcome Email from Trustwave. Only one person in each area will receive this email. The email will contain a link to the Trustkeeper Portal as well as your access information. You will need to click on the link and complete the registration. The registration process must be completed in one sitting and should only take 5 to 10 minutes. The information you will need to complete the registration process is as follows:

• Your merchant ID or Account Number (not FIS Account number)
• Card brands you accept (Visa, MasterCard, Discover, American Express)
• Acceptance channel (in person/card present, eCommerce, telephone, mail-in, etc.)
• Card transaction volumes (both $ and # for month and year) (estimates are okay)
• How you send your transactions to our processor
• If applicable, how you connect to the Internet
• If applicable, manufacturer/vendor name and model/version of Point-of-sale terminal or application

If you have an eCommerce website, you will need (if applicable):

• SAQ A – Outsourced e-commerce merchants
• SAQ B – Imprint machines or stand-alone dial up terminals (no internet connection used for processing transactions and no online storage of data)
• SAQ C – Payment application connects to internet, but not to any other systems (i.e. databases or other systems)
• SAQ D – All others

If you are unsure of which SAQ to choose, please contact Payment Card Services via email or phone 812-855-0586.

The questions will all be Yes/No questions and should be answered truthfully. You may print the SAQ if you need others in your area to provide responses. You may also grant access to others in your department either online via the Trustkeeper Portal or by calling the Trustkeeper help desk at 1-800-363-1621.

While the questionnaire will assess our compliance at a point in time, you must remember that compliance with PCI DSS is an ongoing process. If you make changes to how you process, you will need to ensure that you are still in compliance with the PCI DS Standard.

The deadline for completing the SAQ is September 26, 2008.