UNIVERSITY CONTROLLER S OFFICE

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "UNIVERSITY CONTROLLER S OFFICE"

Transcription

1 UNIVERSITY CONTROLLER S OFFICE Payment Card Industry (PCI) Security Standards Training Guide (updated for 3.1 requirements) February 2016

2 Disclaimer: The information in this guide is current as of the date of publishing. However, card acceptance, processing, and chargeback procedures are subject to change due to the ever changing demands of the Payment Card Industry. This guide contains information based on the current Payment Card Industry (PCI) Security Standards Council Operating Regulations. If there are any technical differences between the PCI Operating Regulations and this guide, the PCI Operating Regulations will prevail in every instance. The PCI Operating Regulations take precedence over this guide or any updates to its information. For further information about the rules or practices covered in this guide, contact Xxx xxxxx, Associate Controller, University Controller s Office at xxx-xxx-xxxx. Upon Course Completion: When you are finished with all of the chapters in this course, don t forget to complete the Online Quiz. The Quiz will cover the information learned throughout the course, and it serves as your proof of course completion. If you do not successfully complete the Quiz with a score of 100% you will not be given credit for completing the course. If you do not score 100% on your first attempt, do not be discouraged. You will be given as many chances as you need to successfully complete the quiz. If you have any questions or concerns regarding the Quiz or any other element of this course, contact Xxx xxxxx, Associate Controller at xxx-xxx-xxxx. Notice: Throughout this course, the term USF Employee is expanded to include anyone working in a capacity for the University including: - Administration - Staff - Faculty - OPS - Students - Volunteers

3 Course Benefits Above all else, this course serves to provide you with the knowledge and skills necessary to ensure credit card security. It is important to recognize that everyone, not just the credit card companies, benefit from your effective application of credit card security measures: Your Customers Appreciate your ability to reduce the threat of identity theft Trust you to complete transactions without creating duplicate or invalid charges Enjoy peace of mind, knowing that their card is in good hands Your Employer Takes pride in a skilled workforce Values your ability to build customer confidence Needs your help in limiting potential losses, fines & penalties...and You! Show confidence in your ability to safely and efficiently do your job Know that you can make informed decisions under pressure Can recognize key security features on valid cards Are alert to the warning signs of fraud Course Complete You have now completed the reading portion of the PCI Security Program. However, in order to receive credit for this course, you must complete the Quiz. The Quiz will cover the information you have just learned, and it serves as your proof of course completion. If you do not successfully complete the Quiz with a score of 80% or better, you will not be given credit for the course. If you do not score 80% or better on your first attempt, do not be discouraged. You will be given a total of three chances to successfully complete the quiz.

4 Merchant Training Payment Card Acceptance Session 1

5 Learning Objectives There are three parts to Merchant Training. The first section will provide basic terms and definitions to better enable you to understand PCI Compliance. The second section details the Security Policy and PCI DSS Requirements that CSCC must meet to accept Credit Card payments. The final section demonstrate the appropriate way to accept payment cards in order to protect both your business and your cardholders from fraud. The sessions should take approximately 15 minutes each to complete.

6 Key Terms & Definitions Payment Cards Credit Cards, Debit Cards, or Purchasing Cards issued by a Financial Institution. Merchant Account An account, set up through the Bank, which provides the ability to process payment cards as payment for Goods and Services rendered by the Account Holder (CSCC). Card Present Transactions Transactions in which the Cardholder presents the actual card to the Merchant or processing. Usually swiped into a terminal or register. A signature is obtained.

7 Card Not-Present Transactions Transactions in which the cardholder gives his credit card information to the Merchant over the phone or sends their card information in the mail on a designated form. A form may include a signature. Generally, a signature is not obtained in this type of transaction. E-Commerce The ability to process payment cards as payment for Goods or Services, through a Merchant account using the internet. The cardholder initiates the transactions from their own computers. The Merchant does not handle the cardholder data at any time during the transaction. PCI-DSS - The payment card industry (PCI) Data Security Standard (DSS) is a set of comprehensive requirements for enhancing payment card data security.

8 Cardholder Data = Primary Account Number (PAN). Cardholder Name when associated with the PAN. The service code when associated with the PAN. Expiration Date when associated with the PAN. Sensitive Authentication Data = Full Magnetic Stripe Data (Can Never be Stored). CAV2/CVC2/CVVS/CID (Can never be Stored). PIN or PIN Block (Can never be Stored).

9 Quiz 1. PCI stands for Payment Card Industry o True o False 2. DSS stands for Data Security Standards o True o False 3. Payment Cards are: o Credit Cards o Debit Cards o Purchasing Cards o Visa/ MasterCard/Discover/American Express o All of the Above

10 4. E- Commerce is: o Buying and selling on the internet. o The ability to process credit card payments on the internet. o Both A & B o None of the above. 5. Credit Card Data Fields consist of: o Primary Account Number (PAN). o Sensitive Authentication Data. o Magnetic Stripe Data. o Pin o Expiration Date. o All of the Above.

11 PCI COMPLIANCE Security Standards Session 2

12 Who Must Comply? PCI applies to all CSCC locations accepting electronic payments as legal tender. All CSCC employees having access to cardholder information, regardless of size, must comply with the PCI Data Security Standards. As stated, if you have access to credit card information as part of your job responsibilities at CSCC, you are accountable for the security of that information. Cardholder information should be disclosed only for a required business purpose. It is the employee s responsibility to safeguard the associated credit card data that is entrusted to their care.

13 Why We Must Comply? Properly securing cardholder data is the responsibility of EVERY Columbus State Employee. It only takes a few extra seconds to make a big difference. Lack of compliance to the PCI DSS, in a single area of the College, could jeopardize the College s ability to accept payment Cards (Policy 9-12) Your support and cooperation is essential to the College s compliance. 12 Payment Card Industry Security Standards Each Goal Has Detailed Requirements

14 Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data. 2. Do not use vendor-supplied defaults for system passwords and other security parameters. 3. Protect stored cardholder data. 4. Encrypt transmission of cardholder data across open, public networks. Never store sensitive authentication data after authorization. Your terminals have already been programmed by the bank for this purpose. Limit receipt storage amount and retention time to that which is required by business, legal, and/or regulatory purposes.

15 Follow the College s document disposal policy. Make sure all receipts & reports (Both yours and the cardholders) have truncated card numbers only the last 4 digits of the card #. Keep credit card machines out of sight and reach of customers. When applicable, keep your computer screen out of the line of sight of customers so they cannot see card numbers as you enter them. Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software or programs. 6. Develop and maintain secure systems and applications.

16 Implement Strong Access Control Measures 7. Restrict access to cardholder data by business need to know. 8. Assign a unique ID to each person with computer access. 9. Restrict physical access to cardholder data. Need to Know means that access rights are granted to only the least amount of data and privileges needed to perform a job. Limit access to payment card processing equipment and cardholder data to only those individuals whose job requires such access. Each person with computer access should have their own unique ID and Password.

17 DO NOT use vender-supplied default passwords or share your password with others. Follow the College s password guidelines by using a password phrase, upper & lower case letters, numbers, and special characters. Change your passwords on a regular basis. *** DO NOT STORE YOUR PASSWORDS IN A NOTEBOOK, ON POST-IT NOTES, OR ANY OTHER ACCESSIBLE MEANS!***

18 Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data. 11. Regularly test security systems and processes. Maintain an Information Security Policy 12. Maintain a policy that addresses information security for all personnel. A strong security policy sets the tone for the whole company and informs employees (and all relevant system users) what is expected of them.

19 All system users should be made aware of the sensitivity of data and their responsibilities for protecting it. An incident response plan should be implemented. The College has Payment Card Acceptance policies and procedures, and Information security policies which may be reviewed at the end of this lesson.

20 Information Security Policy Columbus State Community College has written policies and procedures effective June 1, 2011 : Program Coordinator / Information Security Officer (ISO) Douglas Rellick

21 Quiz 1. All CSCC employees are responsible for the security of Credit Card information. o True o False 2. For Security Reasons Passwords have to be: Unique and individualized. o The vendor default. o Contain upper & lower case letters, numbers, and special characters. o All of the above. o Both A and B o Both A and C

22 3. To Protect Credit Card Data you must: o Never store sensitive authentication data after authorization. o Follow the College s document disposal policy. o Make sure all receipts & reports have truncated card numbers only the last 4 digits of the card #. o All of the above. 4. Maintain An Information Security Policy o Columbus State s PCI Compliance Policy was effective June 1, o Columbus State Policy # 9-12 is for PCI Compliance. o Columbus State PCI Compliance Policy requires annual Staff Training. o All of the above. o Please continue to part 3 Credit Cards

23 CREDIT CARDS Session 3

24 Card Present Transactions Swiping the card is the most secure method of accepting payment cards. Hold onto the card while the card is authorized and the receipt is signed. Compare signatures on the receipt and on the back of the card. Make sure the embossed name matches the signed name. If the signature panel on the card says Please See ID the card is not valid. Ask for the ID and ask the cardholder to sign the card in front of you. Check the signature and pictures. All receipts must be kept in a secure/locked location for 18 months with Need to Know access. Receipts older than 18 months must be shredded.

25 Card Not-Present Transactions Phone/Mail Order: Enter all the information you are prompted for. By doing so, you will be using security prompts to make sure the person using the card is the cardholder. It is best to keep the customer on the phone while you run the transaction. If that is not possible, you should get the customer s phone number in case the card is declined. Shred any paper that has card information on it especially the CVV/CVV2 code and full card number. If you must keep the full card number, make sure it is stored in a secured, locked location with receipts, with Need to Know access. Never keep the CVV/CVV2 code! (The CVV code is the 3 digit security code on the signature panel).

26 Refunds Refunds must be issued to the same card used in the original transaction. Refunds must be issued using the same mode of processing that was used for the original transaction. The refund amount may only be up to the amount of the original transaction. All refunds should be dual controlled, or in other words, approved by a supervisor.

27 Parts of a Credit Card Visa, MasterCard, Discover

28 NEW EMV Technology

29 Avoiding Fraud Be Vigilant! Taking the few extra seconds to match signatures and look at the card you are accepting can save you time and money later. If the imprinted name on the card does not match the signature on the back of the card or the signed receipt, do not accept the card. DO NOT CALL THE PHONE # ON THE BACK OF THE CARD FOR AUTHORIZATION. An authorization is only valid if it is obtained through the merchant services help desk or your payment processing device. Train all staff that handle payment cards on Acceptance Best Practices and your department procedures. Repeat training often. It s easy for us to forget, or get lazy.

30 Incident Response Plan Despite our best efforts, it is possible for our payment card systems to be breached or compromised. Watch for Multiple completed transactions or multiple attempts to complete transactions by the SAME Cardholder. Cardholders asking for refunds to be posted to a different payment card. Your day to day card swiping equipment looks different than usual, and cannot be confirmed as replacement equipment from your verified vendor. Cardholder documents displaying card numbers, such as faxes, event registration, are not stored securely or disposed of correctly

31 If you suspect a Data Breach Contact your supervisor immediately. Supervisor will contact the Information Security Officer and Cashier and Student Accounting Office IMMEDIATELY. DO NOT disable or turn off your system, unless directed to do so by ISO. Your Department will be restored with the ability to accept payment cards as soon as possible

32 Contact Information College Information Security Web Page: l Douglas Rellick (614) Program Coordinator / Information Security Officer (IT Support Services)

33 Quiz 1. Important steps when handling a credit card: o Hold card while it is authorized and receipt signed. o Compare signature on receipt to back of credit card. o Swiping the card is the most secure method. o All of the above. o Only A & B 2. What type of transactions would be considered Card Not Present o Phone Payments o Web Payments o Mail Payments o All of the above

34 3. What are important items on the front of a Credit Card? o Expiration Date o Compare the embossed number to the printed number. o Hologram o Three Digit Security Code. o All of the Above. o A, B & C Only 4. What are the key ways to avoid Fraud? o Staff Training on security procedures. o Comparing names and signatures of cards and receipts. o Do not call for authorizations, only valid if received thru system process. o All of the above.

35 Glossary Note: All definitions listed in this section are also available in the Course Glossary. Account number The 16-digit account number that appears in print on the front of all valid credit cards. The number is one of the card security features that should be checked by merchants to ensure that a Card-Present transaction is valid. Address Verification Service (AVS) AVS allows USF Merchants that accept card-not-present transactions to compare the billing address (the address to which the card issuer sends its monthly statement for that account) given by a customer with the billing address on the card issuer s master file before shipping an order. AVS helps merchants minimize the risk of accepting fraudulent transactions in a card-notpresent environment by indicating the result of the address comparison. Authorization The process by which a card issuer approves or declines a credit card purchase. Authorization occurs automatically when you swipe the magnetic stripe of a payment card through a card reader. See also: Voice Authorization Center. Call or Call Center response A response to a merchant s authorization request indicating that the card issuer needs more information about the card or cardholder before a transaction can be approved; also called a referral response.

36 Card acceptance procedures The procedures USF Merchants and Employees must follow at the point of sale to ensure a card and cardholder are valid. Card expiration date See Good Thru date. Cardholder The person to whom a credit card is issued. Card-Not-Present A merchant, market, or sales environment in which transactions are completed without a valid credit card or cardholder being present. Card-not-present is used to refer to mail order, telephone order, and Internet merchants and sales environments. Card-Present A merchant, market or sales environment in which transactions can be completed only if both a valid credit card and cardholder are present. Card-Present transactions include traditional retail department and grocery stores, electronics stores, boutiques, etc. cash disbursements, and self-service situations, such as gas stations and grocery stores, where cardholders use unattended payment devices. Card security features The alphanumeric, pictorial, and other design elements that appear on the front and back of all valid credit card and debit cards. Card-Present merchants must check these features when processing a transaction at the point of sale to ensure that a card is valid.

37 Card Verification Value 2 (CVV2) A fraud prevention system used in card-not-present transactions to ensure that the card is valid. The CVV2 is the three-digit value that is printed on the back of credit cards. Card-not-present merchants ask the customer for the CVV2 and submit it as part of their authorization request. For information security purposes, merchants are prohibited from storing CVV2 data. Cardholder Information Security Program (CISP) A program that establishes data security standards, procedures, and tools for all entities merchants, service providers, issuers, and merchant banks that store cardholder account information. CISP compliance is mandatory. Chargeback A transaction that is returned as a financial liability to a merchant bank by a card issuer, usually because of a disputed transaction. The merchant bank may then return or charge back the transaction to the merchant. Code 10 call A call made to the merchant s voice authorization center when the appearance of a card or the actions of a cardholder suggest the possibility of fraud. The term Code 10 is used so calls can be made without arousing suspicion while the cardholder is present. Specially trained operators then provide assistance to point-of-sale staff on how to handle the transaction. Copy request A request by a card issuer to a merchant bank for a copy or facsimile of a sales receipt for a disputed transaction. Depending on where sales receipts are stored, the merchant bank either fulfills the copy request itself or forwards it to the merchant for fulfillment. A copy request is also known as a retrieval request.

38 Credit receipt A receipt that documents a refund or price adjustment a merchant has made or is making to a cardholder s account; also called credit voucher. Disclosure Merchants are required to inform cardholders about their policies for merchandise returns, service cancellations, and refunds. How this information is conveyed, or disclosed, varies for Card-Present and Card-Not-Present merchants, but in general, disclosure must occur before a cardholder signs a receipt to complete the transaction. Firewall A security tool that blocks access from the Internet to files on a merchant s or third-party processor s server and is used to ensure the safety of sensitive cardholder data stored on a server. Good Thru date The date after which a bankcard is no longer valid, embossed on the front of all valid credit cards. The Good Thru date is one of the card security features that should be checked by merchants to ensure that a Card-Present transaction is valid. See also: Card expiration date. High-risk merchant A merchant that is at a high risk for chargebacks due to the nature of its business. High-risk merchants include direct marketers, travel services, outbound telemarketers, inbound teleservices, and betting establishments. Internet Protocol address A unique number that is used to represent individual computers in a network. All computers on the Internet have a unique IP address that is used to route messages to the correct destination.

39 Key-entered transaction A transaction that is manually keyed into a point-of-sale device. Magnetic stripe The magnetic stripe on the back of all credit cards is encoded with account information as specified in the Payment Card Industry Operating Regulations. The stripe is read when a card is swiped through a Point of Sale (POS) terminal. On a valid card, the account number on the magnetic stripe matches the account number on the front of the card. Magnetic-stripe reader The component of a point-of-sale device that electronically reads the information on a payment card s magnetic stripe. Mail order/telephone order (MO/TO) A merchant, market, or sales environment in which mail or telephone sales are the primary or a major source of income. Such transactions are frequently charged to customers bankcard accounts. See also: Card-not-present. Merchant agreement The contract between a merchant and a merchant bank under which the merchant participates in a credit card company s payment system, accepts credit cards for payment of goods and services, and agrees to abide by certain rules governing the acceptance and processing of credit card transactions. Merchant agreements may stipulate merchant liability with regard to chargebacks and may specify time frames within which merchants are to deposit transactions and respond to requests for information. Merchant bank A financial institution that enters into agreements with merchants to accept credit cards as payment for goods and services; also called acquirers or acquiring banks.

40 Merchant Chargeback Monitoring Program (MCMP) A program that alerts merchant banks when one of their merchants has a chargeback-totransaction rate of over one percent. Merchants then work with the bank to reduce their chargeback rates to acceptable levels. Failure to reduce chargebacks can result in fines for a merchant. Payment gateway A system that provides services to Internet merchants for the authorization and clearing of online credit card transactions. Pick-up response This response indicates that the card issuer would like the card to be confiscated from the customer. However, USF Employees should not attempt to pick up credit cards, even when the card issuer requests this action, as this could potentially cause confrontation and safety issues. Point-of-sale terminal (POS terminal) The electronic device used for authorizing and processing bankcard transactions at the point of sale. Printed number A four-digit number that is printed below the first four digits of the printed or embossed account number on valid credit cards. The four-digit printed number should be the same as the first four digits of the account number above it. The printed four-digit number is one of the card security features that merchants should check to ensure that a Card-Present transaction is valid.

41 Representment A chargeback that is rejected and returned to a card issuer by a merchant bank on the merchant s behalf. A chargeback may be re-presented, or redeposited, if the merchant or merchant bank can remedy the problem that led to the chargeback. To be valid, a representment must be in accordance with Payment Card Industry Operating Regulations. Sales receipt The paper or electronic record of a bankcard transaction that a merchant submits to a merchant bank for processing and payment. In most cases, paper drafts are now generated by a merchant s POS terminal. When a merchant fills out a draft manually, it must include an imprint of the front of the card. Skimming The replication of account information encoded on the magnetic stripe of a valid card and its subsequent use for fraudulent transactions in which a valid authorization occurs. The account information is captured from a valid card and then re-encoded on a counterfeit card. The term skimming is also used to refer to any situation in which electronically transmitted or stored account data is replicated and then re-encoded on counterfeit cards or used in some other way for fraudulent transactions. Split tender The use of two forms of payment, or legal tender, for a single purchase. For example, when buying a big-ticket item, a cardholder might pay half by cash or check and then put the other half on his or her credit card. Individual merchants may set their own policies about whether or not to accept split-tender transactions. Third-party processor A non-member organization that performs transaction authorization and processing, account record keeping, and other day-to-day business and administrative functions for issuers and merchant banks.

42 Transaction The act between a cardholder and merchant that results in the sale of goods or services. Unsigned card A seemingly valid credit card that has not been duly signed by the legitimate cardholder. Merchants cannot accept an unsigned card until the cardholder has signed it, and the signature has been checked against a valid, government-issued Photo ID, such as a driver s license or passport. Voice authorization An authorization obtained by telephoning a voice authorization center. Voice authorization center An operator-staffed center that handles telephone authorization requests from merchants who do not have electronic POS terminals or whose electronic terminals are temporarily not working, or for transactions where special assistance is required. Voice authorization centers also handle manual authorization requests and Code 10 calls.

Glossary. Account number

Glossary. Account number Glossary Note: All definitions listed in this section are also available in the Course Glossary. You can access the course Glossary online by clicking the Glossary link in the Materials section of the

More information

General Industry terms

General Industry terms General Industry terms Address Verification: A service provided through which the merchant verifies the Cardholder s address. Primarily used by Mail/Telephone order merchants. Not a guarantee that a transaction

More information

Credit Card Processing Glossary

Credit Card Processing Glossary Address Verification: A service provided through which the merchant verifies the Cardholder s address. Primarily used by Mail/Telephone order merchants. Not a guarantee that a transaction is valid. Agreement:

More information

Information Technology

Information Technology Credit Card Handling Security Standards Overview Information Technology This document is intended to provide guidance to merchants (colleges, departments, organizations or individuals) regarding the processing

More information

Credit/Debit Card Processing Requirements and Best Practices. Adele Honeyman Oregon State Treasury Training Specialist

Credit/Debit Card Processing Requirements and Best Practices. Adele Honeyman Oregon State Treasury Training Specialist Credit/Debit Card Processing Requirements and Best Practices Adele Honeyman Oregon State Treasury Training Specialist 1 What? What do I need to know about excepting credit cards? Who s involved, how it

More information

New Account Reference Guide

New Account Reference Guide New Account Reference Guide Welcome to BBVA Compass Merchant Services Thank you for choosing BBVA Compass as your Merchant Services provider. BBVA Compass is dedicated to providing your business with the

More information

Department PCI Self-Assessment Questionnaire Version 1.1

Department PCI Self-Assessment Questionnaire Version 1.1 Department PCI Self-Assessment Questionnaire Version 1.1 2009 Attestation of Compliance Instructions for Submission This Department PCI Self-Assessment Questionnaire has been developed as an assessment

More information

EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )

EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy ) EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy ) Background Due to increased threat of identity theft, fraudulent credit card activity and other instances where cardholder

More information

Accepting Payment Cards and ecommerce Payments

Accepting Payment Cards and ecommerce Payments Policy V. 4.1.1 Responsible Official: Vice President for Finance and Treasurer Effective Date: September 29, 2010 Accepting Payment Cards and ecommerce Payments Policy Statement The University of Vermont

More information

Standards for Business Processes, Paper and Electronic Processing

Standards for Business Processes, Paper and Electronic Processing Payment Card Acceptance Information and Procedure Guide (for publication on the Treasury Webpages) A companion guide to University policy 6120, Payment Card Acceptance Standards for Business Processes,

More information

PCI General Policy. Effective Date: August 2008. Approval: December 17, 2015. Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS:

PCI General Policy. Effective Date: August 2008. Approval: December 17, 2015. Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS: Effective Date: August 2008 Approval: December 17, 2015 PCI General Policy Maintenance of Policy: Office of Student Accounts PURPOSE: To protect against the exposure and possible theft of account and personal

More information

Dartmouth College Merchant Credit Card Policy for Processors

Dartmouth College Merchant Credit Card Policy for Processors Mission Statement Dartmouth College Merchant Credit Card Policy for Processors Dartmouth College requires all departments that process, store or transmit credit card data remain in compliance with the

More information

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect

More information

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows: What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers

More information

Merchant Guide to the Visa Address Verification Service

Merchant Guide to the Visa Address Verification Service Merchant Guide to the Visa Address Verification Service Merchant Guide to the Visa Address Verification Service TABLE OF CONTENTS Table of Contents Merchant Guide to the Visa Address Verification Service

More information

Card Acceptance Best Practices Playing it Safe at the Point of Sale

Card Acceptance Best Practices Playing it Safe at the Point of Sale White Paper Card Acceptance Best Practices Playing it Safe at the Point of Sale Fraudulent activity costs U.S. businesses billions. And that is just lost revenue. When you consider the associated damage

More information

Credit Card Handling Security Standards

Credit Card Handling Security Standards Credit Card Handling Security Standards Overview This document is intended to provide guidance to merchants (colleges, departments, auxiliary organizations or individuals) regarding the processing of charges

More information

Payment Cardholder Data Handling Procedures (required to accept any credit card payments)

Payment Cardholder Data Handling Procedures (required to accept any credit card payments) Payment Cardholder Data Handling Procedures (required to accept any credit card payments) Introduction: The Procedures that follow will allow the University to be in compliance with the Payment Card Industry

More information

INFORMATION SECURITY POLICY. Policy for Credit Card Acceptance to Conduct College Business

INFORMATION SECURITY POLICY. Policy for Credit Card Acceptance to Conduct College Business DELAWARE COLLEGE OF ART AND DESIGN 600 N MARKET ST WILMINGTON DELAWARE 19801 302.622.8000 INFORMATION SECURITY POLICY including Policy for Credit Card Acceptance to Conduct College Business stuff\policies\security_information_policy_with_credit_card_acceptance.doc

More information

Table of Contents. 2 TouchSuite Welcome Kit

Table of Contents. 2 TouchSuite Welcome Kit Welcome Kit Table of Contents Important Account Information... Welcome to TouchSuite Merchant Services... Help Desk Card Enclosed... Your Merchant ID (MID)... 3 3 3 3 Customer Support Numbers... 4 Card

More information

EASTERN OKLAHOMA STATE COLLEGE ACCEPTING AND HANDLING CREDIT AND DEBIT CARD PAYMENTS POLICIES AND PROCEDURES

EASTERN OKLAHOMA STATE COLLEGE ACCEPTING AND HANDLING CREDIT AND DEBIT CARD PAYMENTS POLICIES AND PROCEDURES EASTERN OKLAHOMA STATE COLLEGE ACCEPTING AND HANDLING CREDIT AND DEBIT CARD PAYMENTS POLICIES AND PROCEDURES This document describes Eastern Oklahoma State College s policy and procedures for the proper

More information

Getting Started. Quick Reference Guide for Payment Processing

Getting Started. Quick Reference Guide for Payment Processing Getting Started Quick Reference Guide for Payment Processing In today s competitive landscape, you have many choices when it comes to selecting your payments provider, and we appreciate your business.

More information

Version 15.3 (October 2009)

Version 15.3 (October 2009) Copyright 2008-2010 Software Technology, Inc. 1621 Cushman Drive Lincoln, NE 68512 (402) 423-1440 www.tabs3.com Portions copyright Microsoft Corporation Tabs3, PracticeMaster, and the pinwheel symbol (

More information

Ti ps. Merchant. for Credit Card Transactions. Processing Tips CARD ONE INTERNATIONAL INC

Ti ps. Merchant. for Credit Card Transactions. Processing Tips CARD ONE INTERNATIONAL INC Merchant Processing Tips Ti ps for Credit Card Transactions CARD ONE INTERNATIONAL INC Card One International Inc - Merchant Processing Tips for Card Transactions Page 1 of 11 Merchant Processing Tips

More information

CREDIT CARD PROCESSING POLICY AND PROCEDURES

CREDIT CARD PROCESSING POLICY AND PROCEDURES CREDIT CARD PROCESSING POLICY AND PROCEDURES Note: For purposes of this document, debit cards are treated the same as credit cards. Any reference to credit cards includes credit and debit card transactions.

More information

Merchant Account Glossary of Terms

Merchant Account Glossary of Terms Merchant Account Glossary of Terms From offshore merchant accounts to the truth behind free merchant accounts, get answers to some of the most common and frequently asked questions. If you cannot find

More information

Dartmouth College Merchant Credit Card Policy for Managers and Supervisors

Dartmouth College Merchant Credit Card Policy for Managers and Supervisors Dartmouth College Merchant Credit Card Policy for Managers and Supervisors Mission Statement Dartmouth College requires all departments that process, store or transmit credit card data remain in compliance

More information

Cash & Banking Procedures

Cash & Banking Procedures Financial Policies and Procedures Cash & Banking Procedures 1 P a g e Contents 1. Banking Procedures 1.1 Receipt of cash and cheques within a department 1.2 Storage/security of cash and cheques within

More information

2.0 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI-DSS)

2.0 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI-DSS) CSU, Chico Credit Card Handling Security Standard Effective Date: July 28, 2015 1.0 INTRODUCTION This standard provides guidance to ensure that credit card acceptance and ecommerce processes comply with

More information

FAU Payment Card Industry (PCI) Training

FAU Payment Card Industry (PCI) Training FAU Payment Card Industry (PCI) Training Welcome to the FAU PCI training website! You will find all the information you need on this site to become PCI certified for FAU. PCI Certification is required

More information

SECTION: SUBJECT: PCI-DSS General Guidelines and Procedures

SECTION: SUBJECT: PCI-DSS General Guidelines and Procedures 1. Introduction 1.1. Purpose and Background 1.2. Central Coordinator Contact 1.3. Payment Card Industry Data Security Standards (PCI-DSS) High Level Overview 2. PCI-DSS Guidelines - Division of Responsibilities

More information

Finance & Accounting and Merchant Services

Finance & Accounting and Merchant Services Finance & Accounting and Merchant Services Cardholder Information Security Program (CISP) Training Guide Disclaimer: The information in this guide is current as of the date of publishing. However, card

More information

Acceptance to Minimize Fraud

Acceptance to Minimize Fraud Best Practices for Credit Card Acceptance to Minimize Fraud By implementing best practices in credit card processing, you decrease the likelihood of fraudulent transactions and chargebacks. In general,

More information

Eagle POS Procedure Guide For Epicor Bankcard Processing

Eagle POS Procedure Guide For Epicor Bankcard Processing Eagle POS Procedure Guide For Epicor Bankcard Processing Table of Contents Introduction... 3 1 Transactions using a Swiped Bankcard... 3 Basic Swiped Credit Card Sale & Return transaction... 3 Sales &

More information

POLICY & PROCEDURE DOCUMENT NUMBER: 3.3101. DIVISION: Finance & Administration. TITLE: Policy & Procedures for Credit Card Merchants

POLICY & PROCEDURE DOCUMENT NUMBER: 3.3101. DIVISION: Finance & Administration. TITLE: Policy & Procedures for Credit Card Merchants POLICY & PROCEDURE DOCUMENT NUMBER: 3.3101 DIVISION: Finance & Administration TITLE: Policy & Procedures for Credit Card Merchants DATE: October 24, 2011 Authorized by: K. Ann Mead, VP for Finance & Administration

More information

McGill Merchant Manual

McGill Merchant Manual McGill Merchant Manual The McGill Merchant Manual is a complementary document to the Merchant (PCI) Policy and Procedures and serves to aid Merchants in ensuring their operations comply with Payment Card

More information

Payment Card Industry Data Security Standards

Payment Card Industry Data Security Standards Payment Card Industry Data Security Standards PCI DSS Rhonda Chorney Manager, Revenue Capital & General Accounting Today s Agenda 1. What is PCI DSS? 2. Where are we today? 3. Why is compliance so important?

More information

This policy applies to all GPC units that process, transmit, or handle cardholder information in a physical or electronic format.

This policy applies to all GPC units that process, transmit, or handle cardholder information in a physical or electronic format. Policy Number: 339 Policy Title: Credit Card Processing Policy, Procedure, & Standards Review Date: 07-23-15 Approval Date: 07-27-15 POLICY: All individuals involved in handling credit and debit card transactions

More information

PROTECT YOUR BUSINESS FROM LOSSES WHILE ACCEPTING CREDIT CARDS

PROTECT YOUR BUSINESS FROM LOSSES WHILE ACCEPTING CREDIT CARDS PROTECT YOUR BUSINESS FROM LOSSES WHILE ACCEPTING CREDIT CARDS TABLE OF CONTENTS Introduction...1 Preventing Fraud in a Card-Present Environment...2 How to Reduce Chargebacks in a Card-Present Environment...4

More information

Avoiding Fraud. Learn to recognize the warning signs for fraud and follow these card acceptance guidelines to reduce your risk.

Avoiding Fraud. Learn to recognize the warning signs for fraud and follow these card acceptance guidelines to reduce your risk. Avoiding Fraud Learn to recognize the warning signs for fraud and follow these card acceptance guidelines to reduce your risk. Intoduction Fraud comes in many forms and hurts merchants of all sizes. Whether

More information

Merchant Card Processing Best Practices

Merchant Card Processing Best Practices Merchant Card Processing Best Practices Background: The major credit card companies (VISA, MasterCard, Discover, and American Express) have published a uniform set of data security standards that ALL merchants

More information

Powering e-commerce Globally. What Can I Do to Minimize E-Commerce Chargebacks?

Powering e-commerce Globally. What Can I Do to Minimize E-Commerce Chargebacks? Powering e-commerce Globally What Can I Do to Minimize E-Commerce Chargebacks? Chargebacks are not going away. And now there are new rules. Selling products and services online and using credit cards for

More information

CREDIT CARD NUMBER HANDLING PROCEDURES POLICY. 2014 October

CREDIT CARD NUMBER HANDLING PROCEDURES POLICY. 2014 October CREDIT CARD NUMBER HANDLING PROCEDURES POLICY 2014 October Royal Roads University Page 1 of 6 21 October 2014 Table of Contents Policy Statement... 3 Rationale... 3 Applicability of the Policy... 3 Definitions...

More information

Saint Louis University Merchant Card Processing Policy & Procedures

Saint Louis University Merchant Card Processing Policy & Procedures Saint Louis University Merchant Card Processing Policy & Procedures Overview: Policies and procedures for processing credit card transactions and properly storing credit card data physically and electronically.

More information

CREDIT CARD PROCESSING GLOSSARY OF TERMS

CREDIT CARD PROCESSING GLOSSARY OF TERMS CREDIT CARD PROCESSING GLOSSARY OF TERMS 3DES A highly secure encryption system that encrypts data 3 times, using 3 64-bit keys, for an overall encryption key length of 192 bits. Also called triple DES.

More information

UNL PAYMENT CARD POLICY AND PROCEDURES. Table of Contents

UNL PAYMENT CARD POLICY AND PROCEDURES. Table of Contents UNL PAYMENT CARD POLICY AND PROCEDURES Table of Contents Payment Card Merchant Security Standards Policy and Procedures... 2 Introduction... 4 Payment Card Industry Data Security Standard... 4 Definitions...

More information

TERMINAL CONTROL MEASURES

TERMINAL CONTROL MEASURES UCR Cashiering & Payment Card Services TERMINAL CONTROL MEASURES Instructions: Upon completion, please sign and return to cashandmerchant@ucr.edu when requesting a stand-alone dial up terminal. The University

More information

How To Spot & Prevent Fraudulent Credit Card Activity

How To Spot & Prevent Fraudulent Credit Card Activity Datalink Bankcard Services How To Spot & Prevent Fraudulent Credit Card Activity White Paper 2013 According to statistics from the U.S. Department of Justice and the Consumer Sentinel Network, credit card

More information

WASHINGTON STATE UNIVERSITY MERCHANT ACCOUNT AGREEMENT FOR UNIVERSITY DEPARTMENTS

WASHINGTON STATE UNIVERSITY MERCHANT ACCOUNT AGREEMENT FOR UNIVERSITY DEPARTMENTS WASHINGTON STATE UNIVERSITY MERCHANT ACCOUNT AGREEMENT FOR UNIVERSITY DEPARTMENTS I. Introduction, Background and Purpose This Merchant Account Agreement (the Merchant Agreement or Agreement ) is entered

More information

PCI Policies 2011. Appalachian State University

PCI Policies 2011. Appalachian State University PCI Policies 2011 Appalachian State University Table of Contents Section 1: State and Contractual Requirements Governing Campus Credit Cards A. Cash Collection Point Approval for Departments B. State Requirements

More information

ACCEPTING CREDIT CARDS AND ELECTRONIC CHECKS TO CONDUCT UNIVERSITY BUSINESS

ACCEPTING CREDIT CARDS AND ELECTRONIC CHECKS TO CONDUCT UNIVERSITY BUSINESS UNIVERSITY OF NORTH DAKOTA FINANCE & OPERATIONS POLICY LIBRARY ACCEPTING CREDIT CARDS AND ELECTRONIC CHECKS TO CONDUCT UNIVERSITY BUSINESS Policy 2.3, Accepting Credit Cards and Electronic Checks to Conduct

More information

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY Page 1 of 6 Summary The Payment Card Industry Data Security Standard (PCI DSS), a set of comprehensive requirements for enhancing payment account

More information

CREDIT CARD POLICY DRAFT

CREDIT CARD POLICY DRAFT APPROVED BY Ronald J. Paprocki I. Policy Statement Any office of the University that processes credit card transactions may do so only in the manner approved by the University Treasury Office and in compliance

More information

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL PAYMENT CARD INDUSTRY COMPLIANCE (PCI) Effective June 1, 2011 Page 1 of 6 (1) Definitions a. Payment Card Industry Data Security Standards (PCI-DSS): A set of standards established by the Payment Card

More information

6-8065 Payment Card Industry Compliance

6-8065 Payment Card Industry Compliance 0 0 0 Yosemite Community College District Policies and Administrative Procedures No. -0 Policy -0 Payment Card Industry Compliance Yosemite Community College District will comply with the Payment Card

More information

Clark Brands Payment Methods Manual. First Data Locations

Clark Brands Payment Methods Manual. First Data Locations Clark Brands Payment Methods Manual First Data Locations Table of Contents Introduction... 3 Valid Card Types... 3 Authorization Numbers, Merchant ID Numbers and Request for Copy Fax Numbers... 4 Other

More information

University Policy Accepting and Handling Payment Cards to Conduct University Business

University Policy Accepting and Handling Payment Cards to Conduct University Business BROWN UNIVERSITY University Policy Accepting and Handling Payment Cards to Conduct University Business Table of Contents Purpose... 2 Scope... 2 Authorization... 2 Establishing a new account... 2 Policy

More information

POLICY SECTION 509: Electronic Financial Transaction Procedures

POLICY SECTION 509: Electronic Financial Transaction Procedures Page 1 POLICY SECTION 509: Electronic Financial Transaction Procedures Source: NDSU President NDSU VP for Finance and Administration NDSU VP for Information Technology A. Purpose / Rationale Many NDSU

More information

Policies and Procedures. Merchant Card Services Office of Treasury Operations

Policies and Procedures. Merchant Card Services Office of Treasury Operations Policies and Procedures Merchant Card Services Office of Treasury Operations 1 Welcome! Table of Contents: Introduction Establishing Payment Card Services Payment Card Acceptance Procedures Payment Card

More information

Merchant Solutions. Protecting your business from card fraud

Merchant Solutions. Protecting your business from card fraud Merchant Solutions Protecting your business from card fraud Fraudsters use a variety of methods to trick unsuspecting merchants. It is crucial that you understand how fraud can impact your business and

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced For use with

More information

Card Acceptance Guide

Card Acceptance Guide Card Acceptance Guide Your Guide to Debit and Credit Acceptance and Processing www.monerisusa.comw w m Important Information Your merchant account representative Merchant Help Desk Telephone authorization

More information

A8.700 TREASURY. This directive applies to all campuses of the University of Hawai i.

A8.700 TREASURY. This directive applies to all campuses of the University of Hawai i. Prepared by Treasury Office. This amends A8.710 dated July 2001. A8.710 April 2005 A8.700 TREASURY P 1 of 5 A8.710 Credit Card Program 1. Purpose To provide uniform procedures for the processing of credit

More information

POLICY NAME : MERCHANT (PCI) POLICY AND PROCEDURES ACCEPTING CREDIT/DEBIT CARD PAYMENTS

POLICY NAME : MERCHANT (PCI) POLICY AND PROCEDURES ACCEPTING CREDIT/DEBIT CARD PAYMENTS Publication Date 2009-08-11 Issued by: Financial Services Chief Information Officer Revision V 1.0 POLICY NAME : MERCHANT (PCI) POLICY AND PROCEDURES ACCEPTING CREDIT/DEBIT CARD PAYMENTS Overview: There

More information

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS 1. Introduction Debit and Credit Card Receipt Standards apply to the administration

More information

4/13/2016. Cash Handling & Deposits Informational Session Presented by Wendall Ho. Contact Information. Staff. Financial Management Office

4/13/2016. Cash Handling & Deposits Informational Session Presented by Wendall Ho. Contact Information. Staff. Financial Management Office Financial Management Office Cash Handling & Deposits Informational Session Presented by Wendall Ho Contact Information Treasury Office 2444 Dole St., Bachman Annex 13 Honolulu, HI 96822 Phone: 956 8527,

More information

Appendix 1 Payment Card Industry Data Security Standards Program

Appendix 1 Payment Card Industry Data Security Standards Program Appendix 1 Payment Card Industry Data Security Standards Program PCI security standards are technical and operational requirements set by the Payment Card Industry Security Standards Council to protect

More information

PCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00

PCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00 PCI PA - DSS Point XSA Implementation Guide Atos Worldline Banksys XENTA SA Version 1.00 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566 287 00 www.point.se Page number 2 (16)

More information

WISCONSIN ACCOUNTING MANUAL Department of Administration State Controller s Office

WISCONSIN ACCOUNTING MANUAL Department of Administration State Controller s Office BACKGROUND State of Wisconsin agencies accepted more than 6 million credit/debit card payments annually through the following payment channels: Point of Sale (State agency location) Point of Sale (Retail-agent

More information

Retrieval & Chargeback Best Practices

Retrieval & Chargeback Best Practices Retrieval & Chargeback Best Practices A Merchant User s Guide to Help Manage Disputes Version Three November, 2010 www.firstdata.com THIS PAGE INTENTIONALLY LEFT BLANK. Developed by: First Data Payment

More information

Failure to follow the following procedures may subject the state to significant losses, including:

Failure to follow the following procedures may subject the state to significant losses, including: SUBJECT: Policy and Procedures PAGE: 1 of 5 INTRODUCTION During fiscal year 2014, State of Wisconsin agencies accepted approximately 6 million credit/debit card payments through the following payment channels:

More information

The Comprehensive, Yet Concise Guide to Credit Card Processing

The Comprehensive, Yet Concise Guide to Credit Card Processing The Comprehensive, Yet Concise Guide to Credit Card Processing Written by David Rodwell CreditCardProcessing.net Terms of Use This ebook was created to provide educational information regarding payment

More information

Fraud Protection, You and Your Bank

Fraud Protection, You and Your Bank Fraud Protection, You and Your Bank Maximize your chances to minimize your losses Presentation for Missouri GFOA April 2011 By: Terry Endres, VP, Government Treasury Solutions Phone: 314-466-6774 Terry.m.endres@baml.com

More information

Frequently Asked Questions

Frequently Asked Questions PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply

More information

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking SUMMARY The Payment Card Industry Data Security Standard (PCI DSS) defines 12 high-level security requirements directed

More information

Viterbo University Credit Card Processing & Data Security Procedures and Policy

Viterbo University Credit Card Processing & Data Security Procedures and Policy The requirements for PCI-DSS compliance are quite numerous and at times extremely complicated due to their interdependent nature and scope. The University has deemed it necessary for those areas currently

More information

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY PURPOSE The Payment Card Industry Data Security Standard was established by the credit card industry in response to an increase in identify theft

More information

Payment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0

Payment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0 Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire C-VT Version 2.0 October 2010 Attestation of Compliance, SAQ C-VT Instructions for Submission

More information

BWA Merchant Services. Credit Card Fraud Protection User Guide

BWA Merchant Services. Credit Card Fraud Protection User Guide 1 BWA Merchant Services Credit Card Fraud Protection User Guide 2 Contents: 1. How to reduce the risk of card present fraud... 3 2. How to reduce the risk of card not present fraud... 5 3. Delivering the

More information

CRM4M Accounting Set Up and Miscellaneous Accounting Guide Rev. 10/17/2008 rb

CRM4M Accounting Set Up and Miscellaneous Accounting Guide Rev. 10/17/2008 rb CRM4M Accounting Set Up and Miscellaneous Accounting Guide Rev. 10/17/2008 rb Topic Page Chart of Accounts 3 Creating a Batch Manually 8 Closing a Batch Manually 11 Cancellation Fees 17 Check Refunds 19

More information

Unit 1: Credit Card Security Presentation. Unit 2: Credit Card Processing Presentation

Unit 1: Credit Card Security Presentation. Unit 2: Credit Card Processing Presentation Name: Dept: Date: Received Training Outline - Quick Reference Guide - DO NOT VOID Job Aid - Departmental Refund with Instructions - Video Notes Unit 1: Security Presentation Initial Unit 2: Presentation

More information

Ball State University Credit/Debit Card Handling Policy and Procedures

Ball State University Credit/Debit Card Handling Policy and Procedures Ball State University Credit/Debit Card Handling Policy and Procedures I. Background Ball State University accepts payments in various forms including cash, checks and electronic fund transfers. University

More information

PCI Training for Retail Jamboree Staff Volunteers. Securing Cardholder Data

PCI Training for Retail Jamboree Staff Volunteers. Securing Cardholder Data PCI Training for Retail Jamboree Staff Volunteers Securing Cardholder Data Securing Cardholder Data Introduction This PowerPoint presentation is designed to educate Retail Jamboree Staff volunteers on

More information

University of Dayton Credit / Debit Card Acceptance Policy September 1, 2009

University of Dayton Credit / Debit Card Acceptance Policy September 1, 2009 University of Dayton Credit / Debit Card Acceptance Policy September 1, 2009 Effective Date of this Policy: August 1, 2008 Last Revision: September 1, 2009 Contact for More Information: UDit Internal Auditor

More information

Best Practices for Internet Merchants

Best Practices for Internet Merchants Best Practices for Internet Merchants The following best practices, taken from various experts, are offered to help you avoid being victimized by Internet fraud. Experience suggests that there are certain

More information

CARD PAYMENT POLICY May 2016

CARD PAYMENT POLICY May 2016 CARD PAYMENT POLICY May 2016 1. Introduction All businesses that handle card payment data are required to comply with industry rules aimed at increasing data security. These are set out in the Payment

More information

Volume PLANETAUTHORIZE PAYMENT GATEWAY. vtiger CRM Payment Module. User Guide

Volume PLANETAUTHORIZE PAYMENT GATEWAY. vtiger CRM Payment Module. User Guide Volume 2 PLANETAUTHORIZE PAYMENT GATEWAY vtiger CRM Payment Module User Guide S A L E M A N A G E R M E R C H A N T S E R V I C E S User Guide and Installation Procedures Information in this document,

More information

Credit Card Processing Overview

Credit Card Processing Overview CardControl 3.0 Credit Card Processing Overview Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new

More information

BUSINESS POLICY. TO: All Members of the University Community 2012:12. CREDIT CARD PROCESSING AND SECURITY POLICY (Supersedes Policy 2009:05)

BUSINESS POLICY. TO: All Members of the University Community 2012:12. CREDIT CARD PROCESSING AND SECURITY POLICY (Supersedes Policy 2009:05) BUSINESS POLICY TO: All Members of the University Community 2012:12 DATE: April 2012 CREDIT CARD PROCESSING AND SECURITY POLICY (Supersedes Policy 2009:05) Contents Section 1 Policy Statement... 2 Section

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Merchants with Only Imprint Machines or Only Standalone, Dial-out Terminals Electronic Cardholder

More information

Office of Finance and Treasury

Office of Finance and Treasury Office of Finance and Treasury How to Accept & Process Credit and Debit Card Transactions Procedure Related Policy Title Credit Card Processing Policy For University Merchant Locations Responsible Executive

More information

Dear Valued Merchant,

Dear Valued Merchant, Dear Valued Merchant, Welcome to Central Payment thank you for becoming our client. We are committed to providing our merchants with outstanding customer service and superior products. It is our company

More information

THE ABC S of CREDIT CARD TERMINOLGY

THE ABC S of CREDIT CARD TERMINOLGY THE ABC S of CREDIT CARD TERMINOLGY ACH Credit A transaction through the ACH network that results in money being placed in the receiver's account at the destination financial institution. Acquiring Bank

More information

Rules for Visa Merchants. Card Acceptance and Chargeback Management Guidelines

Rules for Visa Merchants. Card Acceptance and Chargeback Management Guidelines Rules for Visa Merchants Card Acceptance and Chargeback Management Guidelines Rules for Visa Merchants Card Acceptance and Chargeback Management Guidelines Table of Contents Introduction..............................................................

More information

Online Payment Processing Definitions From Credit Research Foundation (http://www.crfonline.org/)

Online Payment Processing Definitions From Credit Research Foundation (http://www.crfonline.org/) Online Payment Processing Definitions From Credit Research Foundation (http://www.crfonline.org/) The following glossary represents definitions for commonly-used terms in online payment processing. Address

More information

Mitigating Fraud Risk Through Card Data Verification

Mitigating Fraud Risk Through Card Data Verification Risk Management Best Practices 11 September 2014 Mitigating Fraud Risk Through Card Data Verification AP, Canada, CEMEA, LAC, U.S. Issuers, Processors With a number of cardholder payment options (e.g.,

More information

Credit and Debit Card Handling Policy Updated October 1, 2014

Credit and Debit Card Handling Policy Updated October 1, 2014 Credit and Debit Card Handling Policy Updated October 1, 2014 City of Parkville 8880 Clark Ave. Parkville, MO 64152 Hours: 8:00-5:00 p.m. Monday -Friday Phone Number 816-741-7676 Email: cityhall@parkvillemo.gov

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire D Service Providers For use with PCI DSS Version 3.1 Revision 1.1 July 2015 Section 1: Assessment

More information