CISP Compliance. CounterPoint Helps Retailers Comply with Payment Card Industry (PCI) Data Security Standards... Compliance with CISP

Size: px
Start display at page:

Download "CISP Compliance. CounterPoint Helps Retailers Comply with Payment Card Industry (PCI) Data Security Standards... Compliance with CISP"

Transcription

1 CISP Compliance Compliance with CISP means compliance with the PCI Data Security Standard with the required program validation. Using the PCI Data Security Standard as its framework, CISP provides the tools and measurements needed to protect against cardholder data exposure and compromise. CounterPoint Helps Retailers Comply with Payment Card Industry (PCI) Data Security Standards... What is CISP Compliance? The Visa Card Holder Information Security Program (CISP) is a subset of PCI that established compliance validation programs for software applications and processing service providers who serve Visa and MasterCard merchants. How does this help with PCI Compliance? The purpose of this validation is to make it easier for merchants to be sure providers are offering solutions which do not violate the merchants PCI compliance requirements. Where can I get more information? You can read more about CISP as it relates to PCI at the following address: CounterPoint s CISP Validation On the following two abbreviated PDF documents, Visa lists all validated applications and providers. The documents are also available from the site referenced above. You will see in these documents that all Radiant Systems applications and services, including CounterPoint, current in their validation testing of CISP compliance. By investing in a CounterPoint system with CISP Compliance, you have the tools available to you to help you meet PCI compliance requirements

2 List of Validated Payment Applications As of The following List of Validated Payment Applications have been assessed for compliance with the Payment Application Best Practices ( PABP ). Only those versions of the application identified in the listing below have been evaluated and determined to comply with PABP. Compliance with the PABP is determined based upon data and information developed by an evaluation of the application by a Qualified Payment Application Security Company ( QPASC ). Although Visa reviews the QPASC-developed data and information, Visa does not independently confirm such data or information nor does Visa perform any tests or analysis of the functionality, performance or suitability of any of the applications and/or products listed. Visa makes no endorsement or recommendation of applications or products, or of their respective developers or distributors. Furthermore, Visa makes no warranties, guarantees or representations that any of the applications or products will meet your requirements for performance or functionality, that the applications or products will be free from errors or malicious code, or that the applications or products will be compatible with any other systems or applications. Any and all representations or warranties, including any and all representations and warranties made by the payment application vendor, are disclaimed by Visa. The information provided herein is provided AS IS with no warranties, expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose and/or non-infringement. The information provided herein is subject to change by Visa, with or without notice. Although Visa makes good faith efforts to provide accurate and complete information, merchants, or anyone else utilizing the information set forth on the following List of Validated Payment Applications remain responsible for confirming the accuracy of the information set forth below, including but not limited to, confirming with the appropriate payment application vendor that the version of the application identified below is in compliance with PABP. Use of any one or more of the applications below (i) does not guarantee or ensure compliance with the PCI DSS; and (ii) does not satisfy any Acquirers obligation to perform their own evaluation and due diligence, to ensure the PCI DSS compliance of their merchants and agents. PABP reviews are valid for one year, with annual attestation due to Visa one year from the below VALIDATION DATE. Attestations that are from 1-60 days late are noted in yellow and reports that are from days late are noted in red. Entities with reports over 90 days past due will be removed from this list. (1) An annual validation is required for those payment applications with major upgrade or product version changes. If there are no changes to the product, Visa will require a letter signed by an Officer of the software company indicating no changes to the payment application and continued adherence to the Payment Application Best Practices. Visa will note that there were no changes to the product Visa U.S.A List of Validated Payment Applications 2007 Visa Inc. 1

3 PAYMENT APPLICATION VENDOR Princeton Payment Solutions m Quest Retail Radiant Systems PAYMENT APPLICATION APPLICATION VERSION VALIDATION DATE (1) ASSESSOR DESCRIPTION December 15, Labs Dial-to-IP and Serialto-IP converter and router to facilitate the transmission of transactions from an existing terminal across the Internet PayWare NET/ERP 4.3 June 20, 2006 Quest Manager (Quest Venue Manager, Quest Enterprise Manager, Quest Hospitality Manager) Aloha Suite Middleware solutions for large merchants 1.5 Coalfire Systems POS software solution designed for large stadiums or event venues with the need of centralized POS and payment processing 6.1 August 30, March 24, 2005 CounterPoint 7 December 15, 2007 CounterPoint SQL December 15, 2007 Exhibitor POS Suite November 15, April 11, 2006 table and quick service industry Formerly Synchronics. A point-of-sale and inventory management system suitable for businesses of all sizes that need to manage, consolidate and distribute information across many locations. The application also includes features designed to meet the specific needs of wholesale distributors and mail order business movie theatre / entertainment industry Lighthouse Suite November 15, 2007 quick service restaurants QSR POS Suite December 15, 2007 quick service restaurants RPOS PCS 6.6 July 7, 2006 petroleum and retail (1) An annual validation is required for those payment applications with major upgrade or product version changes. If there are no changes to the product, Visa will require a letter signed by an Officer of the software company indicating no changes to the payment application and continued adherence to the Payment Application Best Practices. Visa will note that there were no changes to the product Visa U.S.A List of Validated Payment Applications 2007 Visa Inc. 21

4 Visa U.S.A. Cardholder Information Security Program (CISP) List of Compliant Service Providers As Of The companies listed below successfully completed a CISP review based on the PCI Data Security Standard. The "VALIDATION DATE" is the date of last compliance. CISP reviews are valid for one year, with the next annual report due to Visa one year from the "VALIDATION DATE". Reports that are from 1-60 days late are noted in yellow and reports that are from days late are noted in red. Entities with reports over 90 days past due are removed from this list. It is the member's responsibility to use compliant service providers and to follow up with service providers if there are any questions about their compliance status. Visa U.S.A. Cardholder Information Security Program (CISP) List of Compliant Service Providers - All SERVICE PROVIDER VALIDATION DATE SERVICES COVERED BY REVIEW (1) ASSESSOR 1ShoppingCart.com Internet Security Metrics 1st Americard Merchant Payment Services 3Delta Systems July 31, 2007 Merchant Payment Services Fortrex Technologies 3Pea Technologies, Inc Prepaid Card Processing A3 IT Solutions Managed Hosting Academy Collection Service Debt Collection Agency Accel Networks January 31, 2008 Wireless AccountNow July 31, 2007 Account Management Services Accretive Commerce Direct Marketing Order Fulfillment RSM McGladrey ACH Direct Merchant RSM McGladrey ACI Worldwide Merchant, Inc ACS Government and Community Solutions April 30, 2007 Jefferson Wells Acxiom ICS/BNS Core & ISC/BNS Proprietary Bankruptcy Notification Services Adeptra Fraud and Chargeback Services Adteractive, Inc. February 28, 2008 Merchant Digital Marketing Digital Resources Group (DRG) Aegis Communications K3DES Affinity Solutions Loyalty Programs (1) CISP reviews represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Inclusion on this list indicates only that the service provider successfully completed a CISP assessment following requirements prescribed for their CISP Level, based on the report of an independent security assessor. Visa does not endorse the service providers or their business processes or practices. Visa has no duty to Members, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report Visa U.S.A. Inc. 1 of 20

5 Visa U.S.A. Cardholder Information Security Program (CISP) List of Compliant Service Providers - All SERVICE PROVIDER VALIDATION DATE SERVICES COVERED BY REVIEW (1) ASSESSOR PEMCO Coalfire PeopleSupport GCA PeopleSupport-Costa Rica PFSweb, Inc. Order Fulfillment Pipeline Data Planet eshop Information Exchange Planet Payment Multi-Currency Plug & Pay Technologies, Inc. Internet POS Portal August 31, 2007 Merchant Coalfire POST Integrations, Inc. CyberTrust Prairie Systems, Inc. Payment Gateway Preferred Health Premiere Global Services Records Management Presto ATM Processing Priority Payment Systems Merchant Process America Information Exchange Profit Margins, Inc. Direct Marketing ProfitStars April 30, 2007 Progressive Distribution Merchant Janus Associates Propco Marketing PropertyBridge Merchant PSCU Financial Services, Inc. February 28, 2008 Bill Dispute Resolution Verizon Business PSIGate Internet Payment Gateway Qgiv QS/1 Quantum Services Payment Gateway Raven Eye Quickbooks Merchant Services Merchant Radiant Systems Rainbow Rewards Rewards/Gift Card Programs RBS Lynk (1) CISP reviews represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Inclusion on this list indicates only that the service provider successfully completed a CISP assessment following requirements prescribed for their CISP Level, based on the report of an independent security assessor. Visa does not endorse the service providers or their business processes or practices. Visa has no duty to Members, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report Visa U.S.A. Inc. 15 of 20

The following are responsible for the accuracy of the information contained in this document:

The following are responsible for the accuracy of the information contained in this document: AskUGA 1 of 5 Credit/Debit Cards Responsible administrator: Senior Vice President for Finance and Administration Related Procedure: The Credit/Debit Card Processing Procedures Responsible department: Bursar's

More information

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS 1. Introduction Debit and Credit Card Receipt Standards apply to the administration

More information

PROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN

PROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN PCI Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information

More information

THIRD PARTY AGENT REGISTRATION PROGRAM

THIRD PARTY AGENT REGISTRATION PROGRAM THIRD PARTY AGENT REGISTRATION PROGRAM Frequently Asked Questions For the U.S., Canada and Latin America & Caribbean Regions General Information Q. What is the Third Party Agent Registration Program? A.

More information

Payment Gateways: Value and Security

Payment Gateways: Value and Security Payment Gateways: Value and Security Presented by: Dmitriy Lerman, Dir. of Marketing 2009 CHARGE Anywhere, LLC. All trademarks, service marks, and trade names referenced in this material are the property

More information

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW David Kittle Chief Information Officer Chris Ditmarsch Network & Security Administrator Smoker Friendly International / The Cigarette Store Corp

More information

Introduction to PCI DSS Compliance. May 18, 2009 1:15 p.m. 2:15 p.m.

Introduction to PCI DSS Compliance. May 18, 2009 1:15 p.m. 2:15 p.m. Introduction to PCI DSS Compliance May 18, 2009 1:15 p.m. 2:15 p.m. Disclaimer The opinions of the contributors expressed herein do not necessarily state or reflect those of the National Association of

More information

Tools to help you purchase your POS System

Tools to help you purchase your POS System Tools to help you purchase your POS System Purchasing any technology can be confusing, and this applies to the purchase of a point-of-sale (POS) System. This document will provide you with a checklist

More information

* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.

* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level. Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain

More information

ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS:

ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS: Boston College Policy ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS: PURPOSE OF POLICY: The purpose of this policy is to establish procedures for accepting payment cards at Boston College

More information

Agent Registration. Program Guide. (For use in Asia Pacific, Central Europe, Middle East, Africa)

Agent Registration. Program Guide. (For use in Asia Pacific, Central Europe, Middle East, Africa) Agent Registration Program Guide (For use in Asia Pacific, Central Europe, Middle East, Africa) Version 1 April 2014 Contents 1 INTRODUCTION... 3 1.1 ABOUT THIS GUIDE... 3 1.2 WHO NEEDS TO BE REGISTERED?...

More information

Your Compliance Classification Level and What it Means

Your Compliance Classification Level and What it Means General Information What are the Payment Card Industry (PCI) Data Security Standards? The PCI Data Security Standards represents a common set of industry tools and measurements to help ensure the safe

More information

Third Party Agent Registration Program Frequently Asked Questions

Third Party Agent Registration Program Frequently Asked Questions Third Party Agent Registration Program Frequently Asked Questions U.S., Canada and Latin America & Caribbean Regions General Information What is the Third Party Agent Registration Program? The Third Party

More information

CREDIT CARD PROCESSING AND MERCHANT SERVICES

CREDIT CARD PROCESSING AND MERCHANT SERVICES CREDIT CARD PROCESSING AND MERCHANT SERVICES provides credit card processing and merchant services for a wide range of business types - including retail, e-commerce, professional services, restaurants,

More information

Agent Registration. Program Guidelines. (For use in Asia Pacific, Central Europe, Middle East and Africa)

Agent Registration. Program Guidelines. (For use in Asia Pacific, Central Europe, Middle East and Africa) (For use in Asia Pacific, Central Europe, Middle East and Africa) January 2012 Contents 1 INTRODUCTION... 3 1.1 BACKGROUND... 3 1.2 PURPOSE OF DOCUMENT... 4 1.3 WHO NEEDS TO BE REGISTERED?... 5 1.4 WHY

More information

FAQ s for Payment Card Processing at the University

FAQ s for Payment Card Processing at the University FAQ s for Payment Card Processing at the University 1) We are thinking about taking credit cards for payments. What do we need to know? 2) Who is the PCPC (Payment Card Process Coordinator)? 3) What is

More information

Q: What is PCI? Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)? Q: What are the PCI compliance deadlines?

Q: What is PCI? Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)? Q: What are the PCI compliance deadlines? Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain

More information

Your Reference Guide to EMV Integration: Understanding the Liability Shift

Your Reference Guide to EMV Integration: Understanding the Liability Shift Your Reference Guide to EMV Integration: Understanding the Liability Shift UNDERSTANDING EMV EMVCo was formed in February 1999 by Europay, MasterCard and Visa to establish and maintain global interoperability

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Instructions and Guidelines Version 1.1 February 2008 Table of Contents About this Document... 1 PCI Data Security Standard

More information

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating Given recent payment data breaches, clients are increasingly demanding robust security and fraud solutions; and Financial institutions continue to outsource and leverage technology providers given their

More information

SCHEDULE A MODIFIED SCOPE OF SERVICES MERCHANT CARD PROCESSING SERVICES STATE OF NORTH CAROLINA AND SUNTRUST MERCHANT SERVICES

SCHEDULE A MODIFIED SCOPE OF SERVICES MERCHANT CARD PROCESSING SERVICES STATE OF NORTH CAROLINA AND SUNTRUST MERCHANT SERVICES SCHEDULE A MODIFIED SCOPE OF SERVICES MERCHANT CARD PROCESSING SERVICES STATE OF NORTH CAROLINA AND SUNTRUST MERCHANT SERVICES Contract Number 14-06002 The terms Servicers and Vendor shall be used interchangeably

More information

Merchant Application & Agreement Merchant Processing Terms & Conditions

Merchant Application & Agreement Merchant Processing Terms & Conditions Merchant Application & Agreement Merchant Processing Terms & Conditions MERCHANT # (ASSIGNED BY BANK) 100 Throckmorton Street, Suite 1800 Fort Worth, Texas 76102 MCC: MERCHANT APPLICATION & AGREEMENT ASSOCIATION

More information

Frequently Asked Questions

Frequently Asked Questions PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply

More information

How To Protect Your Business From A Hacker Attack

How To Protect Your Business From A Hacker Attack Payment Card Industry Data Security Standards The payment card industry data security standard PCI DSS Visa and MasterCard have developed the Payment Card Industry Data Security Standard or PCI DSS as

More information

List of Compliant Service Providers

List of Compliant Service Providers As of May 03, 2007 The companies listed below successfully completed a CISP review based on the PCI Data Security Standard. The " " is the date of last compliance. CISP reviews are valid for one year,

More information

ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS:

ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS: Boston College Policy ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS: PURPOSE OF POLICY: The purpose of this policy is to establish procedures for accepting payment cards at Boston College

More information

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.1)

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.1) PDQ has created an Answer Guide for the Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C to help wash operators complete questionnaires. Part of the Access Customer Management

More information

Intro to PCI Compliance

Intro to PCI Compliance Intro to PCI Compliance And the role Stone Edge V7.1 plays in helping you achieve that goal Monsoon Commerce. All rights reserved. What is PCI? PCI stands for Payment Card Industry In 2006, major financial

More information

La règlementation VisaCard, MasterCard PCI-DSS

La règlementation VisaCard, MasterCard PCI-DSS La règlementation VisaCard, MasterCard PCI-DSS Conférence CLUSIF "LES RSSI FACE À L ÉVOLUTION DE LA RÉGLEMENTATION" 7 novembre 07 Serge Saghroune Overview of PCI DSS Payment Card Industry Data Security

More information

SELLER METRICS Effective October 2013

SELLER METRICS Effective October 2013 SELLER METRICS Effective October 2013 TICKET SELLER METRICS What are Seller s? Bottom Line: Better Brokering = Lower Fees! TicketNetwork s Seller s is a set of measurements used to determine the fee that

More information

Registry of Service Providers

Registry of Service Providers Registry of Service Providers Program Guide Contents 1 2 1.1 What is the Registry of Service Providers? 2 1.2 Who can register? 3 1.3 Why register with Visa? 3 1.4 Implications for Visa Clients 4 2 5 2.1

More information

Payment Card Security

Payment Card Security Payment Card Security January 31, 2008 Kieran Norton, Senior Manager Security & Privacy Services, Deloitte & Touche LLP Focus of the Presentation PCI Overview Background Current Environment Key Considerations

More information

Verified by Visa. Acquirer and Merchant Implementation Guide. U.S. Region. May 2011

Verified by Visa. Acquirer and Merchant Implementation Guide. U.S. Region. May 2011 Verified by Visa Acquirer and Merchant Implementation Guide U.S. Region Verified by Visa Acquirer and Merchant Implementation Guide U.S. Region VISA PUBLIC DISCLAIMER: THE RECOMMENDATIONS CONTAINED HEREIN

More information

The Comprehensive, Yet Concise Guide to Credit Card Processing

The Comprehensive, Yet Concise Guide to Credit Card Processing The Comprehensive, Yet Concise Guide to Credit Card Processing Written by David Rodwell CreditCardProcessing.net Terms of Use This ebook was created to provide educational information regarding payment

More information

PCI Compliance Overview

PCI Compliance Overview PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)

More information

Introduction to. May 18, 2009 1:15 p.m. 2:15 p.m.

Introduction to. May 18, 2009 1:15 p.m. 2:15 p.m. Introduction to PCI DSS Compliance May 18, 2009 1:15 p.m. 2:15 p.m. Disclaimer The opinions of the contributors expressed herein do not necessarily state or reflect those of the National Association of

More information

Frequently Asked Questions

Frequently Asked Questions Contents CISP Program Overview... 2 1. To whom does CISP apply?...2 2. What does VISA define as "cardholder data"?...2 3. What if a merchant or service provider does not store Visa cardholder data?...2

More information

Mobile Near-Field Communications (NFC) Payments

Mobile Near-Field Communications (NFC) Payments Mobile Near-Field Communications (NFC) Payments OCTOBER 2013 GENERAL INFORMATION American Express continues to develop its infrastructure and capabilities to support growing market interest in mobile payments

More information

Tokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism

Tokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism Tokenization Amplified XiIntercept The ultimate PCI DSS cost & scope reduction mechanism Paymetric White Paper Tokenization Amplified XiIntercept 2 Table of Contents Executive Summary 3 PCI DSS 3 The PCI

More information

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History

More information

How To Protect Visa Account Information

How To Protect Visa Account Information Account Information Security Merchant Guide At Visa, protecting our cardholders is at the core of everything we do. One of the many reasons people trust our brand is that we make buying and selling safer

More information

05.118 Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013

05.118 Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013 05.118 Credit Card Acceptance Policy Authority: Vice Chancellor of Business Affairs History: Effective July 1, 2011 Updated February 2013 Source of Authority: Office of State Controller (OSC); Office of

More information

Simplêfy Client Support and Information Services. PCI Compliance Guidebook

Simplêfy Client Support and Information Services. PCI Compliance Guidebook Simplêfy Client Support and Information Services PCI Compliance Guidebook Simplêfy, Inc. 301 Science Drive, Suite 280 Moorpark, CA 93021 Phone 888.341.2999 Fax 877.280.0885 Simplêfy is a Registered Trademark

More information

Cal Poly PCI DSS Compliance Training and Information. Information Security http://security.calpoly.edu 1

Cal Poly PCI DSS Compliance Training and Information. Information Security http://security.calpoly.edu 1 Cal Poly PCI DSS Compliance Training and Information Information Security http://security.calpoly.edu 1 Training Objectives Understanding PCI DSS What is it? How to comply with requirements Appropriate

More information

ICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone!

ICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone! ICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone! Presenters: Cliff Gray Senior Associate of The Strawhecker Group Jon Bonham CISA, Coalfire The opinions of the contributors

More information

Why Is Compliance with PCI DSS Important?

Why Is Compliance with PCI DSS Important? Why Is Compliance with PCI DSS Important? The members of PCI Security Standards Council (American Express, Discover, JCB, MasterCard, and Visa) continually monitor cases of account data compromise. These

More information

Security Breaches and Vulnerability Experiences Overview of PCI DSS Initiative and CISP Payment Application Best Practices Questions and Comments

Security Breaches and Vulnerability Experiences Overview of PCI DSS Initiative and CISP Payment Application Best Practices Questions and Comments Security in the Payment Card Industry OWASP AppSec Seattle Oct 2006 Hap Huynh, Information Security Specialist, Visa USA hhuynh@visa.com Copyright 2006 - The OWASP Foundation Permission is granted to copy,

More information

Electronic Payment Processing

Electronic Payment Processing Five Star Service Guaranteed The most reliable payment processing network in the industry Electronic Payment Processing Your challenges. Our solutions. Your success. One key strategy to your success is

More information

E-Market Policy Accepting Online Payment for Conducting University Business

E-Market Policy Accepting Online Payment for Conducting University Business Accepting Online Payment for Conducting University Business Responsible Office: Bursar s Office Contact: bursar@hartford.edu Effective Date: July 1, 2011 Last Revised: June 20, 2011 Last Reviewed: June

More information

A Compliance Overview for the Payment Card Industry (PCI)

A Compliance Overview for the Payment Card Industry (PCI) A Compliance Overview for the Payment Card Industry (PCI) Many organizations are aware of the Payment Card Industry (PCI) and PCI compliance but are unsure if they are doing everything necessary. This

More information

Tackling Campus-Wide e-commerce

Tackling Campus-Wide e-commerce SUNGARD SUMMIT 2007 sungardsummit.com 1 Tackling Campus-Wide e-commerce Presented by: Troy Boroughs University of Richmond March 22, 2007 A Community of Learning Introduction For years, the University

More information

Merchant Card Processing Best Practices

Merchant Card Processing Best Practices Merchant Card Processing Best Practices Background: The major credit card companies (VISA, MasterCard, Discover, and American Express) have published a uniform set of data security standards that ALL merchants

More information

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY PURPOSE The Payment Card Industry Data Security Standard was established by the credit card industry in response to an increase in identify theft

More information

Visa U.S.A. Cardholder Information Security Program (CISP) List of Compliant Service Providers

Visa U.S.A. Cardholder Information Security Program (CISP) List of Compliant Service Providers As of November 15, 2006 The companies listed below successfully completed a CISP review based on the PCI Data Security Standard. The VALIDATION DATE is the date of last compliance. CISP reviews are valid

More information

Validation of PCI Compliance Requirements NC Office of the State Controller June 23, 2015

Validation of PCI Compliance Requirements NC Office of the State Controller June 23, 2015 Validation of PCI Compliance Requirements NC Office of the State Controller June 23, 2015 Purpose The purpose of this document is to provide instructions to entities that subscribe to merchant cards processing

More information

6-8065 Payment Card Industry Compliance

6-8065 Payment Card Industry Compliance 0 0 0 Yosemite Community College District Policies and Administrative Procedures No. -0 Policy -0 Payment Card Industry Compliance Yosemite Community College District will comply with the Payment Card

More information

CREDIT CARD PROCESSING POLICY AND PROCEDURES

CREDIT CARD PROCESSING POLICY AND PROCEDURES CREDIT CARD PROCESSING POLICY AND PROCEDURES Note: For purposes of this document, debit cards are treated the same as credit cards. Any reference to credit cards includes credit and debit card transactions.

More information

How Do I Understand Credit Card Processing Fees?

How Do I Understand Credit Card Processing Fees? How Do I Understand Credit Card Processing Fees? Credit card processing rates and fees are often misunderstood and confusing, so we are committed to helping you understand the various costs associated

More information

Questions and Answers PCI Compliance (Updated May 23, 2014)

Questions and Answers PCI Compliance (Updated May 23, 2014) Questions and Answers PCI Compliance (Updated ) The Alberta government is working toward PCI compliance, an industry standard created by the credit card industry to improve cardholder data security. The

More information

E-Commerce SOLUTIONS. Generate Online Revenue with E-Commerce Solutions. www.monexgroup.com

E-Commerce SOLUTIONS. Generate Online Revenue with E-Commerce Solutions. www.monexgroup.com E-Commerce SOLUTIONS In this report, MONEXgroup examines various types of online payment processing and E-Commerce Solutions. The tremendous transition towards online shopping stores in Canada has opened

More information

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness CISP BULLETIN Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness November 21, 2006 To support compliance with the Cardholder Information Security Program (CISP), Visa USA

More information

PCI Compliance Just the Facts. Rick Dakin President Rick.dakin@CoalfireSystems.com 303.554.6333 ext. 7001

PCI Compliance Just the Facts. Rick Dakin President Rick.dakin@CoalfireSystems.com 303.554.6333 ext. 7001 PCI Compliance Just the Facts Rick Dakin President Rick.dakin@CoalfireSystems.com 303.554.6333 ext. 7001 Agenda Regulatory Landscape Scary Bedtime Stories What went wrong? PCI Compliance Process o What

More information

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL PAYMENT CARD INDUSTRY COMPLIANCE (PCI) Effective June 1, 2011 Page 1 of 6 (1) Definitions a. Payment Card Industry Data Security Standards (PCI-DSS): A set of standards established by the Payment Card

More information

UTAH STATE UNIVERSITY POLICIES AND PROCEDURES MANUAL

UTAH STATE UNIVERSITY POLICIES AND PROCEDURES MANUAL UTAH STATE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Credit Card Handling and Acceptance Policy Policy Number: C3875 Effective Date: November 8, 2006 Issuing Authority: Office of VP Business and

More information

Introduction to PCI DSS

Introduction to PCI DSS Month-Year Introduction to PCI DSS March 2015 Agenda PCI DSS History What is PCI DSS? / PCI DSS Requirements What is Cardholder Data? What does PCI DSS apply to? Payment Ecosystem How is PCI DSS Enforced?

More information

CREDIT CARD MERCHANT PROCEDURES MANUAL. Effective Date: 5/25/2011

CREDIT CARD MERCHANT PROCEDURES MANUAL. Effective Date: 5/25/2011 CREDIT CARD MERCHANT PROCEDURES MANUAL Effective Date: 5/25/2011 Updated: May 25, 2011 TABLE OF CONTENTS Introduction... 1 Third-Party Vendors... 1 Merchant Account Set-up... 2 Personnel Requirements...

More information

Insurance-Specific Payment Services Requires Insurance Industry Knowledge

Insurance-Specific Payment Services Requires Insurance Industry Knowledge Insurance-Specific Payment Services Requires Insurance Industry Knowledge by Primoris Services Overview Every business has to accept payments in order to collect funds and operate. There are multiple ways

More information

Thoughts on PCI DSS 3.0. D. Timothy Hartzell CISSP, CISM, QSA, PA-QSA Associate Director

Thoughts on PCI DSS 3.0. D. Timothy Hartzell CISSP, CISM, QSA, PA-QSA Associate Director Thoughts on PCI DSS 3.0 D. Timothy Hartzell CISSP, CISM, QSA, PA-QSA Associate Director Agenda 1 2 3 Global Payment Card Statistics and Trends PCI DSS Overview PCI DSS Version 3.0: Important Timelines

More information

University of Dayton Credit / Debit Card Acceptance Policy September 1, 2009

University of Dayton Credit / Debit Card Acceptance Policy September 1, 2009 University of Dayton Credit / Debit Card Acceptance Policy September 1, 2009 Effective Date of this Policy: August 1, 2008 Last Revision: September 1, 2009 Contact for More Information: UDit Internal Auditor

More information

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions PCI/PA-DSS FAQs Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions What is PCI DSS? The Payment Card Industry Data

More information

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE CHEAT SHEET: PCI DSS 3.1 COMPLIANCE WHAT IS PCI DSS? Payment Card Industry Data Security Standard Information security standard for organizations that handle data for debit, credit, prepaid, e-purse, ATM,

More information

University Policy Accepting Credit Cards to Conduct University Business

University Policy Accepting Credit Cards to Conduct University Business BROWN UNIVERSITY University Policy Accepting Credit Cards to Conduct University Business Purpose Brown University requires all departments that are involved with credit card handling to do so in compliance

More information

Achieving Compliance with the PCI Data Security Standard

Achieving Compliance with the PCI Data Security Standard Achieving Compliance with the PCI Data Security Standard June 2006 By Alex Woda, MBA, CISA, QDSP, QPASP This article describes the history of the Payment Card Industry (PCI) data security standards (DSS),

More information

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014 Are You Ready For PCI v 3.0 Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014 Today s Presenter Corbin Del Carlo QSA, PA QSA Director, National Leader PCI Services Practice 847.413.6319

More information

Merchant Services Tool Kit TEXPO 2013

Merchant Services Tool Kit TEXPO 2013 Merchant Services Tool Kit TEXPO 2013 Surcharges Visa Information Website Site Preview and PDF s: www.visa.com/merchantsurcharging Materials Notification of Intent to Surcharge Merchants who choose to

More information

Identifying Security. Payment System. Federal Reserve Bank. Ellen Richey Chief Enterprise Risk Officer Visa Inc. Visa Public

Identifying Security. Payment System. Federal Reserve Bank. Ellen Richey Chief Enterprise Risk Officer Visa Inc. Visa Public Identifying Security Issues in the Retail Payment System Federal Reserve Bank Chicago Ellen Richey Chief Enterprise Risk Officer Visa Inc. June 5, 2008 Agenda 1. The Data Security Landscape 2. Recent Trends

More information

Preface. Author s Biography

Preface. Author s Biography Table of Contents Preface... 3 Author s Biography... 3 Executive Summary... 4 The Payment Card Industry Data Security Standard... 4 Applicability of the PCI DSS... 5 Compliance vs. Validation... 5 Defining

More information

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008 Cyber - Security and Investigations Ingrid Beierly August 18, 2008 Agenda Visa Cyber - Security and Investigations Today s Targets Recent Attack Patterns Hacking Statistics (removed) Top Merchant Vulnerabilities

More information

Saint Louis University Merchant Card Processing Policy & Procedures

Saint Louis University Merchant Card Processing Policy & Procedures Saint Louis University Merchant Card Processing Policy & Procedures Overview: Policies and procedures for processing credit card transactions and properly storing credit card data physically and electronically.

More information

It is important to note, the payment brands and acquirers are responsible for enforcing compliance, not the PCI council.

It is important to note, the payment brands and acquirers are responsible for enforcing compliance, not the PCI council. PCI FAQ And MYTHS FREQUENTLY ASKED QUESTIONS (FAQ): Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process,

More information

Table of Contents. 2 TouchSuite Welcome Kit

Table of Contents. 2 TouchSuite Welcome Kit Welcome Kit Table of Contents Important Account Information... Welcome to TouchSuite Merchant Services... Help Desk Card Enclosed... Your Merchant ID (MID)... 3 3 3 3 Customer Support Numbers... 4 Card

More information

Understanding Payment Card Industry (PCI) Data Security

Understanding Payment Card Industry (PCI) Data Security Understanding Payment Card Industry (PCI) Data Security Office of the State Controller November 2010 State of North Carolina The Enemy Major Security Breaches TJ-Max Heartland Hannaford Foods BJ s Wholesale

More information

Dates VISA MasterCard Discover American Express. support EMV. International ATM liability shift 2

Dates VISA MasterCard Discover American Express. support EMV. International ATM liability shift 2 Network Updates Summer 2013 We are committed to working closely with you on achieving your business goals. As a part of this commitment, we carefully monitor Network changes and summarize them for your

More information

EMV Delivery of Mobile, Parking and Unattended Payments. Elavon

EMV Delivery of Mobile, Parking and Unattended Payments. Elavon EMV Delivery of Mobile, Parking and Unattended Payments Elavon Elavon-At-A-Glance Elavon s primary business model is growth through partnerships; more than 1,500 Financial Institution partners serving

More information

2.1.2 CARDHOLDER DATA SECURITY

2.1.2 CARDHOLDER DATA SECURITY University of Oxford Finance Division FINANCIAL POLICY 2.1.2 CARDHOLDER DATA SECURITY Date: 21 March 2013 Version: 2.1.2 Status: Approved Author: Simon Blee Bridget Midwinter TABLE OF CONTENTS Page EXECUTIVE

More information

PCI-PA-DSS. Solution Kit

PCI-PA-DSS. Solution Kit PCI-PA-DSS Solution Kit Table of Contents Introduction Why a PCI-PA-DSS Solution Kit? PCI Standards Defined PCI DSS PA-DSS PTS Move The Button Getting Started Game Board The Winning Strategy TouchNet U.Commerce

More information

Clark Brands Payment Methods Manual. First Data Locations

Clark Brands Payment Methods Manual. First Data Locations Clark Brands Payment Methods Manual First Data Locations Table of Contents Introduction... 3 Valid Card Types... 3 Authorization Numbers, Merchant ID Numbers and Request for Copy Fax Numbers... 4 Other

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Payment Card Industry Data Security Standard Abhinav Goyal, B.E.(Computer Science) MBA Finance Final Trimester Welingkar Institute of Management ISACA Bangalore chapter 13 th February 2010 Credit Card

More information

International Merchant Application Form

International Merchant Application Form COMPANY DETAILS International Merchant Application Form Page 1 of 7 Company Name: DBA (If Applicable) : Registration Number : Country of Registration: VAT/ Tax ID / File Number: Street Address : City /

More information

Payment Card Industry Data Security Standards.

Payment Card Industry Data Security Standards. Payment Card Industry Data Security Standards. Your guide to protecting cardholder data Helping you manage the risk. Credit Card fraud and data compromises are an increasingly serious problem, costing

More information

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 What is the PCI DSS? And what do the acronyms CISP, SDP, DSOP and DISC stand for? The PCI DSS is a set of comprehensive requirements

More information

Payment Card Industry Data Security Standards

Payment Card Industry Data Security Standards Payment Card Industry Data Security Standards Discussion Objectives Agenda Introduction PCI Overview and History The Protiviti Difference Questions and Discussion 2 2014 Protiviti Inc. CONFIDENTIAL: This

More information

PAI Secure Program Guide

PAI Secure Program Guide PAI Secure Program Guide A complete guide to understanding the Payment Card Industry Data Security Requirements and utilizing the PAI Secure Program. Letter From the CEO Welcome to PAI Secure. As you

More information

Optimizing the Payment Process in SAP

Optimizing the Payment Process in SAP Optimizing the Payment Process in SAP As a company, your goal is to serve your customers effectively, efficiently generating sales and collecting revenue. The nature of the sale and payment can take many

More information

Net Report s PCI DSS Version 1.1 Compliance Suite

Net Report s PCI DSS Version 1.1 Compliance Suite Net Report s PCI DSS Version 1.1 Compliance Suite Real Security Log Management! July 2007 1 Executive Summary The strict requirements of the Payment Card Industry (PCI) Data Security Standard (DSS) are

More information

TruRewards Terms and Conditions

TruRewards Terms and Conditions TruRewards Terms and Conditions TruRewards ("Program") is a promotional incentive program offered by Banner Bank ("Issuer," "we," and "us") residents of the United States. Under the Program, you will earn

More information

VISA EUROPE ACCOUNT INFORMATION SECURITY (AIS) PROGRAMME FREQUENTLY ASKED QUESTIONS (FAQS)

VISA EUROPE ACCOUNT INFORMATION SECURITY (AIS) PROGRAMME FREQUENTLY ASKED QUESTIONS (FAQS) VISA EUROPE ACCOUNT INFORMATION SECURITY (AIS) PROGRAMME FREQUENTLY ASKED QUESTIONS (FAQS) Q1: What is the purpose of the AIS programme? Q2: What exactly is the Payment Card Industry (PCI) Data Security

More information

Five PCI Security Deficiencies of Restaurants

Five PCI Security Deficiencies of Restaurants Whitepaper The Most Common PCI Compliance Mistakes of Brick-and-Mortar Locations By Bradley K. Cyprus- Senior Security Architect, Vendor Safe 2011 7324 Southwest Freeway, Suite 1700, Houston, TX 77074

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.1 April 2015 Section 1: Assessment Information Instructions for Submission

More information

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at www.visa.

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at www.visa. Global Partner Management Notice Subject: Visa Data Security Alert Malicious Software and Internet Protocol Addresses Dated: April 10, 2009 Announcement: The protection of account information is a responsibility

More information