Customer Payment Form Processes | PCI Compliance

To ensure Q4Launch is compliant with our security standards in storing customer billing information, new processes are going into effect on how we are internally sharing and storing payment information (Example: ACH and credit card forms).

Basics of PCI Compliance: https://www.pcicomplianceguide.org/faq/#1

Q4Launch Processes

1. New Logo/New Customer Onboarding
   1. Upon receiving a verbal from a potential new customer, Sales uploads the service agreement along with an ACH form in DocuSign. They’ll add themselves and the Sales Manager as parties that will receive a notification once the agreement has been completed.
   2. Once signed, billing adds a new line item on the Kick Off Billing tab of the Client Billing sheet. A note will also be added that the completed payment forms and agreement are located in DocuSign. The Billing Team will directly log into DocuSign to pull the needed forms to complete the billing set-up.
   3. Sales will then email Team-Leaders@q4launch.com with the agreement (no payment information included) and basic customer notes to begin team assignments for setting up a kick-off call with the new customer.
2. Existing Customer Adds PPC Services
   1. CSM creates an agreement for the customer outlining all needed fields (Set-up fee details, monthly budgeted ad spend, customer name, etc.)
   2. CSM shares created agreement, customer name, and email address with a Customer Success Team Lead while ccing the Senior PPC Specialist.
   3. The assigned Customer Success Team Lead will review the submitted details to confirm it’s ready and upload in DocuSign along with a credit card form to be sent to the customer. The CSM, Team Lead, and Sr. PPC Specialist will all be listed as parties to be notified once the agreement has been completed.
   4. Once signature confirmation is received, the CSM will update the Client Billing sheet to begin billing and share the agreement (no payment information included) with billing@q4launch.com. The Sr. PPC Specialist will then log into DocuSign to view credit card information and enter it in the applicable ads platform.
3. Business Ownership Changes
   1. The Customer Success Team Lead (or Sales team member) leading the conversation will confirm the service level that the new business owner plans to move forward with.
   2. Upload the agreement(s) and an ACH form in DocuSign to share with the new owner for review. Add any applicable parties to be notified once the agreement has been completed.
   3. Add a line to the Billing Changes tab of the Client Billing sheet that there is a new business owner along with noting the completed ACH form and new agreement can be found in DocuSign.
   4. Introduce to the team member (or support@q4launch.com) that will be their contact long-term.
4. Existing Customers Updating Payment Information
   1. CSM shares created agreement, customer name, and email address with a Customer Success Team Lead while ccing the Senior PPC Specialist.
   2. CSM or Support share customer name, email address, and request to a Customer Success Team Lead who will upload new payment forms in DocuSign to be sent to the customer. The requester, and Team Lead will all be listed as parties to be notified once the agreement has been completed.
   3. Once signature confirmation is received, the CSM will update the Client Billing sheet stating new payment information has been received. A billing team member will then log into DocuSign to view payment information and enter it in the billing portal for future invoicing.

Ongoing Best Practices:

• Ensure customer billing information isn’t being stored or shared via Outlook, Teams, or SharePoint. If any information is found, be sure to delete it as those situations arise.
• Access to billing information should only be reviewed by applicable parties directly in DocuSign. This does not apply to customer agreements which are sharable as long as an ACH or CC form isn’t attached in the PDF.
• Avoid ccing recipients of DocuSign’ed payment forms and simply select team members to be notified once completed.
• If you’re ever unclear if something you’re doing is compliant (or not), reach out to a Team Lead and they can assist!
• Customer payment information should never be taken over the phone and will always need to go through DocuSign.