CyberSource Email FAQ

Here is some quick information regarding the basic CyberSource and TrustWave emails that you may have received.

PCI Compliance

  1. All Harvard Clubs and SIGs that accept credit cards or debit cards as a form of payment through CyberSource is required by Visa, MasterCard, AMEX and the other card brands to be compliant with the Payment Card Industry Data Security Standard (PCI DSS). 
  2. CyberSource provides most merchant accounts and gateways for Harvard Clubs and SIGs and is required to help you achieve PCI DSS compliance.  Harvard Clubs and SIGs are also required to provide proof of compliance to CyberSource.
  3. Your transactions are being processed through AlumniMagnet servers by CyberSource. AlumniMagnet is PCI compliant and CyberSource has a copy of AlumniMagnet’s PCI compliance certification.
  4. Your Club or SIG, as the organization collecting the online payment also needs to verify their PCI compliance.  To do this, you only need to fill out the SAQ A form.

TrustWave

  1. If you have decided to use another third party company (TrustWave) to submit your PCI compliance documents, it will include a fee.  TrustWave is a verified partner as part of the CyberSource PCI Compliance Program. TrustWave is an optional service and is not required by CyberSource.  If you are receiving emails from TrustWave, most likely your Club or SIG signed up for the service when they originally signed up with CyberSource.
  2. If your Club or SIG decides to use TrustWave – you will need to contact your TrustWave rep and change your domain's status. The nature of your website is such that payments are not collected directly on your domain. Your website is hosted by OmniMagnet which collects the payments on your behalf by redirecting customers to their site. This means that you do not require monthly vulnerability scans and, in some cases, your Self-Assessment Questionnaire (SAQ) may be shorter. You should call TrustWave at (800) 213-8918 in order to verify that your merchant categorization is correct. Please be sure to mention that your website redirects customers to a third party in order to process payments. TrustWave can assist you with removing scan targets if scanning is no longer required.


Expiring P12 Keys

As of January 3, 2017 your AlumniMAgnet website no longer uses the p12 Transaction Key.  Your website now uses an API security key.  These keys are good for 3 years and will expire in January 2020 (All sites will expire the same week as we made the switch the same week last year.)

You may still be receiving automated emails that your p12 Key is expiring.  You can either ignore those emails or delete the active p12 key in your CyberSource account.


CyberSource Customer Support

You may also be receiving various emails about CyberSource security updates.  If you recieve an email from “CyberSource Customer Support” and are not sure of what it means, please let us know right away. You can either forward it to alumni_magnet@harvard.edu or cut and paste into your online support tracker.