PCI Compliance Requirements and Procedures

Issue: Review video for troubleshooting content
Cause: Document root causes
Resolution: Document solutions
Timestamp: Add timestamp link

VIDEO TRANSCRIPT | Recorded: 2025-12-17 | Verify against current system state

Abstract¶

PCI DSS compliance requirements, security controls, and audit procedures for AANP payment systems

This article was auto-generated from the video transcript. Review and enhance the content based on the full video.

Two PCI compliance portals: Security Metrics (Braintree) and Cardpoint (Blue Pay/Aptify)
Login credentials in 1Password under "security metrics" - use IT Support account
Current compliance valid until March 2026 - don't wait until last minute
Start compliance activities early in case of complex issues or false positives
Contact Aptify Cloud team (via support ticket) for false positive documentation
Corcoran PCI requests: provide our certificate (their portal handles their own payments)
Once Aptify transactions stop, can drop Cardpoint but keep Security Metrics for Braintree
Scans run against my.aanp.org and account.aanp.org domains
For vulnerabilities, may need Cloudflare or infrastructure team involvement
SAQ questionnaire has tricky questions - review carefully before submitting

7:28 "So you should log in as IT support if you can,"
11:55 "but I kind of let it slide because it just I could not get them to understand"
15:22 "The reason I say that is because there are tricky questions,"
17:54 "Because we have a certain level of transactions and also the tokens that we"
22:29 "You need to come down to the questionnaire status which says you are"
26:28 "you have to, you know, document why it's a false positive and"
30:37 "There is. This is where it gets confusing because"
38:04 "like if you got if it said, hey, there is a vulnerability you need to take"

Item	Value/Setting	Timestamp	Notes
Review video	Add settings	Add timestamp	Add notes