User selects the product from the company main e-commerce website where merchants are required register as a valid user with username and password. Username and password is currently stored in a table in a mysql database which is used for access to company e-commerce website.
Once purchase has been made on company e-commerce site the user gets a email with new URL to the compliance portal. On the compliance portal the user is requested to log in with username and password used for registration on the e-commerce website.
On the compliance portal the user (merchant) is presented with a compliance status dashboard indicating the merchant’s overall pci-dss compliance status.
By default merchants are non-compliant. The merchants must start a compliance questionnaire identification process in the form of a process of elimination determined by qualification questions.
The questions are presented in yes/no format. The sequence of questions determines one of 4 basic types of questionnaires for which a merchant can qualify.
Self-assessment questionnaire (SAQ) Qualification process:
The portal needs to be developed to enable the administrator to add criteria questions and set conditions for the questions so that a corresponding SAQ could be associated with the business processes the merchant qualify for.
Does your company store credit card data?
Do you outsource your cardholder process through compliant third party?
If the merchant answers yes to both questions then the merchant is allowed to complete SAQ (A). If the merchant however answers no to question 1 then he no longer qualify for SAQ (A) and need to further eliminate to determine (B), (C) or (D)
Each question has a description and additional guidance section where the user can obtain further information on the criteria.
Once the questionnaire has been identified the merchant moves to phase 2 where they are presented with the questionnaire questions.
Completion of questionnaire.
The merchant completes the details of the questions in a yes/no format until all questions are done. Merchants meet compliance objectives and gain compliant status once all questions are marked as yes.
Each compliance question again has additional guidance and description and the administrator need to be able to add rich content to each question.
Once the merchant has reached compliance status a completed questionnaire is mailed to the customer in Word or PDF format.
Design layout and technical specs.
The developer is required to come up with a clean layout and CSS only design.
ruby script/generate scaffold customer acquirer:boolean third_party:boolean salutation:string name:string surname:string title:string street:string city:string state:string postcode:string country:string phone:string email:string business_name:string dba:string merchant_id:string app_name:string app_version:string locations:string compliant:boolean date:datetime type:integer
ruby script/generate scaffold business_type customer_id:integer retail:boolean telecommunication:boolean supermarket:boolean moto:boolean petrol:boolean ecomm:boolean other:string
ruby script/generate scaffold validation customer_id:integer card_present:boolean store_data:boolean third_party:boolean paper:boolean pdq:boolean computer:boolean segregated:boolean internet:boolean ecommerce:boolean vt:boolean remote_support:boolean
ruby script/generate scaffold saq req_no:string question:text saq_a:boolean saq_b:boolean saq_c:boolean saq_cvt:boolean saq_d:boolean
ruby script/generate scaffold question customer_id:integer req_no:string pass:boolean special:text