Overview

This guide explains what PCI DSS compliance is and how Cornerstone helps you achieve it easily through our partnership with Finix.

What is PCI Compliance?

PCI DSS (Payment Card Industry Data Security Standards) is a set of security requirements designed to protect credit card information. Major credit card brands require businesses that process payments to be PCI compliant.

Why It's Important

• Protects Customer Data - Ensures the security of your customers' credit card information
• Protects Your Business - Reduces fraud risk and liability
• Avoids Fees - You must complete PCI compliance to avoid monthly non-compliance fees
• Maintains Trust - Demonstrates your commitment to data security

How Cornerstone and Finix Help

Cornerstone takes several steps to simplify PCI compliance for customers:

Pre-Filled SAQ Form

We present you with a pre-filled Self Attestation Questionnaire (SAQ) form, specific to your e-commerce needs. This eliminates the complexity of determining which form applies to your business.

Easy Submission

We present the pre-filled form for your review. You need only sign and submit - no complicated paperwork or technical assessments required.

Annual Reminders

You must certify PCI compliance once a year. Cornerstone will remind and assist you ahead of your annual deadline, so you never miss the requirement.

What You Need to Do

Step 1: Review the SAQ Form (Within 90 Days)

1. Navigate to your Cornerstone account
2. Go to General Account > Email/Misc tab
3. Review the pre-filled questionnaire

Important Deadline: To be approved as a merchant for Finix (our payment gateway and processor), you must submit this form within 90 days of Finix approval.

Step 2: Sign and Submit

Have an authorized representative sign off on the form. This signature attests to your company's compliance with PCI standards.

Frequently Asked Questions

Why Do I Have to Sign This?

Every dealer is set up as a merchant account in Finix, giving you the benefit of your subscriber/customer seeing your company's name on credit card statements. As the merchant, you must attest to PCI compliance in order to process credit cards.

What is SAQ?

The Self Attestation Questionnaire (SAQ) is a questionnaire that helps merchants assess their PCI compliance. We have pre-selected the correct SAQ form for your e-commerce business, so you don't need to determine which of the many SAQ types applies to you.

How Does Cornerstone Minimize PCI Scope?

Cornerstone has partnered with Finix, a Level 1 compliant service provider, to use their payment gateway and process credit card payments. This significantly reduces both Cornerstone's and your PCI scope in several important ways:

1. Tokenization

What It Is: Tokenization is the process of encrypting sensitive data into a non-sensitive equivalent, known as tokens.

How It Works:

• Cornerstone's software stores tokens of card data in our cloud
• Finix maintains the raw card data in its secure environment
• You never store actual credit card numbers

Benefit: Dramatically reduces your PCI scope since you're not storing sensitive card data.

2. Use of iFrames

What It Is: An iFrame (Inline Frame) is an HTML document embedded inside another HTML document (like a checkout page) on a website.

How It Works:

• Cardholder data is securely entered into the iFrame
• Data is tokenized within the payment provider's secure environment
• Card data never touches your servers

Benefit: Protects card data by keeping it in Finix's cloud environment throughout the transaction.

3. Use of Tokenization APIs

What It Is: Application Programming Interfaces that handle tokenization automatically.

How It Works:

• Allows easy tokenization of credit card information
• Protects data when transmitting card information for large recurring batches
• Handles processing and transmission of card data without you storing it

Benefit: Secure handling of recurring payments at scale without increasing your PCI compliance burden.

The Security Advantage

By using Cornerstone with Finix integration, you benefit from:

• Level 1 Compliance - Finix is a Level 1 PCI compliant service provider (the highest level)
• Reduced Liability - Minimal PCI scope means less risk and responsibility
• Secure Storage - Tokenization means you never store actual card numbers
• Professional Processing - Enterprise-grade security for all transactions
• Simple Compliance - Pre-filled forms and annual reminders make compliance easy

Key Takeaways

✅ PCI compliance is required to process credit cards and avoid non-compliance fees

✅ Cornerstone simplifies compliance with pre-filled SAQ forms

✅ Submit within 90 days of Finix approval to maintain merchant status

✅ Annual renewal is required, but we'll remind you

✅ Finix partnership dramatically reduces your PCI scope through tokenization and secure processing

✅ Your company name appears on customer statements because you're the merchant

Need Help?

Still have questions about PCI compliance, the SAQ form, or your merchant status, our team is here to help. Contact Cornerstone Holding Co. 847-405-9517 or email us customer.success@alarmbills.com