PCI AoC Guidelines for Pinterest Buyable Pins
Pinterest’s payment partner Braintree will be reviewing your PCI Attestation of Compliance. To download the specific form required, click here. Creatuity is not involved with this review process, and cannot give advice on how to answer questions on this form. Here is a list of Requirements to assist you:
- 1a – Complete all merchant information.
- 1b – If you have a QSA, list it here, and ensure that your QSA signs page 6. (Having a QSA is not required for approval, so you can leave this blank)
- 2a – E-commerce should always be checked for a Magento merchant.
- 2b – At a very high level, describe how you are currently handling credit card data. (Example: “ecommerce sales using magento & paypal website payments pro”)
- 2c – In addition to your warehouse/office/store locations, make sure to include where your site resides, if that is in a datacenter or hosting provider not on-site.
- 2d – Be sure to include Magento, which is PA-DSS listed.
- 2e – Give more detail on how you accept credit card data and if you do/don’t use segmentation (segmentation is not necessary for approval). Be sure to describe your website server/databases.
- 2f – If you check yes, please list third-party service providers used.
- “The assessment documented in this attestation and in the SAQ was completed on:” – make sure you put a date here
- Most likely “No” will be checked in all of the following boxes, but here’s some details to assist if you think your answer is Yes
- “Have compensating controls been used to meet any requirement in the SAQ?” – If the answer is yes, list what requirements and what the compensating control was
- “Were any requirements in the SAQ identified as being not applicable (N/A)?” – If the answer is yes, list what requirements and why
- “Were any requirements in the SAQ identified as being not tested?” – If yes, list what was not tested
- “Were any requirements in the SAQ unable to be met due to a legal constraint?” – If yes, the reasons should be listed in the next section
- 3 – Compliant will be checked if you met the requirements.
- 3a – Need all boxes to be checked for approval.
- 3b – An officer’s name, signature, date, and title is required. If dated in the past, it must be no more than 1 year old.
- 4 – If you are compliant, Yes will be checked for all of these. If anything is non-compliant, there needs to be a remediation plan listed.