COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL
|
|
- Ursula Miller
- 2 years ago
- Views:
Transcription
1 PAYMENT CARD INDUSTRY COMPLIANCE (PCI) Effective June 1, 2011 Page 1 of 6 (1) Definitions a. Payment Card Industry Data Security Standards (PCI-DSS): A set of standards established by the Payment Card Industry Security Standards Council to develop a single approach to safeguarding sensitive data. The PCI standard defines a series of best practices for handling, transmitting and storing sensitive data. b. Cardholder Information Security Program (CISP): A Program designed to ensure that all merchants that store, process, or transmit cardholder data, protect it properly by adhering to the Payment Card Industry (PCI) Data Security Standard. c. Cardholder Information: any personally identifiable data associated with a cardholder or a payment card, for example, an account number, expiration date, name, address, social security number, Card Validation Code CVC 2 (MasterCard), Card Verification Value CVV2 (VISA), Card Member ID (Discover) or CID - Card Identification Number (American Express) (e.g., three- or four-digit value printed on the front or back of a payment card). d. Point of Sale Terminal: Electronic retail payment device which (1) reads a customer's bank's name and account number when a bank card or credit card is swiped (passed through a magnetic stripe reader), (2) contacts the bank and (if funds are available) transfers the customer approved amount to the seller's account, and (3) prints a receipt. e. Credit Card: A plastic card issued to concede to the holder, upon presentation to authorized stores or service providers, products or services on credit. f. Debit Card: A plastic card that may be used for purchasing goods and services or for obtaining cash advances for which payment is made from existing funds in a bank account.
2 Page 2 of 6 g. Need to Know : Access to the information must be necessary for the conduct of one's official duties. (2) Procedures a. Administrators of College Departments who need to accept payment cards and/or obtain a physical terminal to either swipe or key transactions through a point of sale terminal must request approval from the Senior Vice President for Business and Administrative Services or his/her designee. b. Department personnel assigned to process payment card transactions must receive training on the process to report and include those transactions in the College s financial system. c. Department personnel who accept payment cards must receive training on understanding the requirements of and compliance with the PCI-DSS standards. d. Department personnel who accept payment cards must store only essential information. The Card Validation Code or the PIN Number must not be stored nor should the full contents of any track from the magnetic stripe (on the back of the card, in a chip, etc.) be stored. e. All media used for payment cards must be destroyed when retired from use. All hardcopy must be shredded using secure cross-shredded method prior to disposal. f. Exceptions to this procedure may be granted only after a written request from the department has been reviewed and approved by the Senior Vice President for Business and Administrative Services or his/her designee.
3 Page 3 of 6 g. The Vice President of Information Technology or his/her designee will authorize access for positions that require specific levels of data access. For employees who do not need to have access to payment card account numbers, the numbers will be masked to protect account information. h. Under no circumstances may payment card information be obtained or transmitted by , through campus mail or wireless networks. Payment card data transmission is permissible by fax. i. Any changes to systems housing account information must only be performed when i. Thorough testing has taken place to ensure adequacies of controls ii. Functionality testing with module custodians and/or functional exports has taken place iii. Change control processes have been followed (3) The following steps must be adhered to for all data storage and destruction: a. Hardcopy containing cardholder data shall be destroyed immediately after processing. b. All electronic media containing cardholder information shall be labeled and identified as confidential. c. An inventory of media containing cardholder information shall be performed monthly. d. Audit logs for system housing cardholder data shall be readily available for a period of 90 days. After 90 days, logs can be archived but must be maintained for one year. e. Electronic backup media containing cardholder data shall be secured/encrypted and stored in a secure environment. Retention and destruction of electronic backup media is defined by Columbus State Community College s (CSCC s) data retention program.
4 Page 4 of 6 (4) Use of third party service providers for the purpose of payment card processing must be reviewed and approved by Senior Vice President for Business and Administrative Services or his/her designee and the Vice President for Information Technology. (5) External service providers must be PCI-DSS compliant and provide current, certified proof of compliance upon request. (6) Each employee with access to cardholder data electronically must have a unique password. (7) In accordance with the College s Information Security Program, cardholder data should not be stored on servers, local hard drives or external (removable) media including floppy discs, CDs, and thumb drives unless encrypted and otherwise in full compliance with PCI-DSS. (8) All Personal Computers/workstations/laptops which process payment card transactions must automatically have their screens locked after no more than fifteen (15) minutes of inactivity. (9) For paper media (e.g. paper receipts, forms, and faxes), cardholder information should not be stored, unless approved for appropriate business purposes and access is limited to individuals with a business need to know. Cardholder data should be blacked out on paper media, and disposed of properly (e.g. shredded) when no longer needed for business purposes. (10) Department administrators need to ensure: a. Only authorized personnel have access to payment card applications and data. b. Payment card account numbers are properly secured and safeguarded.
5 Page 5 of 6 c. Colleague accounts are properly reconciled with any discrepancies brought to the attention of Business Services immediately. To maintain proper segregation of duties and minimize the risk of fraud, the individual administering Colleague is not the same individual that initiates, authorizes and processes the transactions. d. Business Services is notified immediately of any changes in a department s card processing environment; including using the account for a new purpose, adding a new card acceptance technology or channel, or adding or customizing a payment application. (11) The Business Services Department will: a. Provide training to ensure College staff for accepting and processing payment cards in compliance with PCI-DSS standards. b. Work with College department(s) to create and test payment card applications before implementation. c. Work with external vendors to ensure compliance with policies, practices, and procedures for accepting payment cards at the College. d. Verify annually that payment card applications are PCI-DSS compliant and, if applicable, on the Payment Application Best Practice (PABP) list. (12) The Division of Information Technology will: a. Approve installation, modifications, and removal of all network hardware devices throughout the College. b. Identify compliant application software or service providers with the required functionality to meet College business needs. c. Ensure all physical network devices (e.g., routers, switches, wireless access points, and firewall configurations) and/or applications are properly secure. d. Ensure all systems processing payment card transactions are segmented away from non-payment card processing systems. e. Perform approved scans on end user s desktops/laptops to identify potential unsecure payment card information which violates the College s Information Security Standard.
6 Page 6 of 6 f. Perform penetration tests and vulnerability scans on all systems processing payment card transactions and resolve any issues immediately. g. Implement any and all precautions needed to safeguard the College s payment card transactions in accordance with PCI-DSS. h. Complete the PCI-DSS Self Assessment yearly and coordinate with external scan vendor(s) quarterly to ensure PCI-DSS compliance. i. When required, coordinate with approved PCI-DSS QSA vendors to verify PCI-DSS compliance. (13) Contracts with external vendors must include language that requires vendors to demonstrate compliance with PCI-DSS if relevant to the services provided by the vendor. Contracts with external vendors must contain language that requires notification of any changes in PCI compliance status. (14) The Privacy and Security Addendum must be signed by all external vendors that store, transmit, or use cardholder information. (15) Any breaches, actual or suspected, of this procedure or any of the PCI-DSS standards shall be reported immediately to the Senior Vice President for Administrative Services or the Vice President for Information Technology. New Procedures
6-8065 Payment Card Industry Compliance
0 0 0 Yosemite Community College District Policies and Administrative Procedures No. -0 Policy -0 Payment Card Industry Compliance Yosemite Community College District will comply with the Payment Card
ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS:
Boston College Policy ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS: PURPOSE OF POLICY: The purpose of this policy is to establish procedures for accepting payment cards at Boston College
CREDIT CARD PROCESSING & SECURITY POLICY
FINANCE AND TREASURY POLICIES AND PROCEDURES E071 CREDIT CARD PROCESSING & SECURITY POLICY PURPOSE The purpose of this policy is to establish guidelines for processing charges/credits on Credit Cards to
ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS:
Boston College Policy ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS: PURPOSE OF POLICY: The purpose of this policy is to establish procedures for accepting payment cards at Boston College
UTAH STATE UNIVERSITY POLICIES AND PROCEDURES MANUAL
UTAH STATE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Credit Card Handling and Acceptance Policy Policy Number: C3875 Effective Date: November 8, 2006 Issuing Authority: Office of VP Business and
GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY
GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY PURPOSE The Payment Card Industry Data Security Standard was established by the credit card industry in response to an increase in identify theft
Appendix 1 Payment Card Industry Data Security Standards Program
Appendix 1 Payment Card Industry Data Security Standards Program PCI security standards are technical and operational requirements set by the Payment Card Industry Security Standards Council to protect
ACCEPTING CREDIT CARDS AND ELECTRONIC CHECKS TO CONDUCT UNIVERSITY BUSINESS
UNIVERSITY OF NORTH DAKOTA FINANCE & OPERATIONS POLICY LIBRARY ACCEPTING CREDIT CARDS AND ELECTRONIC CHECKS TO CONDUCT UNIVERSITY BUSINESS Policy 2.3, Accepting Credit Cards and Electronic Checks to Conduct
POLICY SECTION 509: Electronic Financial Transaction Procedures
Page 1 POLICY SECTION 509: Electronic Financial Transaction Procedures Source: NDSU President NDSU VP for Finance and Administration NDSU VP for Information Technology A. Purpose / Rationale Many NDSU
TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS
TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS 1. Introduction Debit and Credit Card Receipt Standards apply to the administration
Office of Finance and Treasury
Office of Finance and Treasury How to Accept & Process Credit and Debit Card Transactions Procedure Related Policy Title Credit Card Processing Policy For University Merchant Locations Responsible Executive
Payment Cardholder Data Handling Procedures (required to accept any credit card payments)
Payment Cardholder Data Handling Procedures (required to accept any credit card payments) Introduction: The Procedures that follow will allow the University to be in compliance with the Payment Card Industry
Information Technology
Credit Card Handling Security Standards Overview Information Technology This document is intended to provide guidance to merchants (colleges, departments, organizations or individuals) regarding the processing
2.0 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI-DSS)
CSU, Chico Credit Card Handling Security Standard Effective Date: July 28, 2015 1.0 INTRODUCTION This standard provides guidance to ensure that credit card acceptance and ecommerce processes comply with
SECTION: SUBJECT: PCI-DSS General Guidelines and Procedures
1. Introduction 1.1. Purpose and Background 1.2. Central Coordinator Contact 1.3. Payment Card Industry Data Security Standards (PCI-DSS) High Level Overview 2. PCI-DSS Guidelines - Division of Responsibilities
Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015
Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect
Credit Card Handling Security Standards
Credit Card Handling Security Standards Overview This document is intended to provide guidance to merchants (colleges, departments, auxiliary organizations or individuals) regarding the processing of charges
PCI Policies 2011. Appalachian State University
PCI Policies 2011 Appalachian State University Table of Contents Section 1: State and Contractual Requirements Governing Campus Credit Cards A. Cash Collection Point Approval for Departments B. State Requirements
PCI Data Security and Classification Standards Summary
PCI Data Security and Classification Standards Summary Data security should be a key component of all system policies and practices related to payment acceptance and transaction processing. As customers
Dartmouth College Merchant Credit Card Policy for Managers and Supervisors
Dartmouth College Merchant Credit Card Policy for Managers and Supervisors Mission Statement Dartmouth College requires all departments that process, store or transmit credit card data remain in compliance
. Merchant Accounts are special bank accounts issued by a merchant. . Merchant Level: This classification is based on transaction volume.
Credit Card Procedures and Policies Texas A&M Health Science Center offers university departments the convenience of accepting credit cards in payment for goods and services provided. All University departments
Payment Card Industry (PCI) Policy Manual. Network and Computer Services
Payment Card Industry (PCI) Policy Manual Network and Computer Services Forward This policy manual outlines acceptable use Black Hills State University (BHSU) or University herein, Information Technology
EASTERN OKLAHOMA STATE COLLEGE ACCEPTING AND HANDLING CREDIT AND DEBIT CARD PAYMENTS POLICIES AND PROCEDURES
EASTERN OKLAHOMA STATE COLLEGE ACCEPTING AND HANDLING CREDIT AND DEBIT CARD PAYMENTS POLICIES AND PROCEDURES This document describes Eastern Oklahoma State College s policy and procedures for the proper
CREDIT CARD SECURITY POLICY PCI DSS 2.0
Responsible University Official: University Compliance Officer Responsible Office: Business Office Reviewed Date: 10/29/2012 CREDIT CARD SECURITY POLICY PCI DSS 2.0 Introduction and Scope Introduction
Viterbo University Credit Card Processing & Data Security Procedures and Policy
The requirements for PCI-DSS compliance are quite numerous and at times extremely complicated due to their interdependent nature and scope. The University has deemed it necessary for those areas currently
Accounting and Administrative Manual Section 100: Accounting and Finance
No.: C-13 Page: 1 of 6 POLICY: It is the policy of the University of Alaska that all payment card transactions are to be executed in compliance with standards established by the Payment Card Industry Security
EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )
EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy ) Background Due to increased threat of identity theft, fraudulent credit card activity and other instances where cardholder
Accepting Payment Cards and ecommerce Payments
Policy V. 4.1.1 Responsible Official: Vice President for Finance and Treasurer Effective Date: September 29, 2010 Accepting Payment Cards and ecommerce Payments Policy Statement The University of Vermont
TERMINAL CONTROL MEASURES
UCR Cashiering & Payment Card Services TERMINAL CONTROL MEASURES Instructions: Upon completion, please sign and return to cashandmerchant@ucr.edu when requesting a stand-alone dial up terminal. The University
PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:
What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers
Credit Card Processing Overview
CardControl 3.0 Credit Card Processing Overview Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new
UW Platteville Credit Card Handling Policy
UW Platteville Credit Card Handling Policy Issued: December 2011 Revision History: November 7, 2013; July 11, 2014; November 1, 2014; August 24, 2015 Overview: In order for UW Platteville to accept credit
PCI Training for Retail Jamboree Staff Volunteers. Securing Cardholder Data
PCI Training for Retail Jamboree Staff Volunteers Securing Cardholder Data Securing Cardholder Data Introduction This PowerPoint presentation is designed to educate Retail Jamboree Staff volunteers on
University of Dayton Credit / Debit Card Acceptance Policy September 1, 2009
University of Dayton Credit / Debit Card Acceptance Policy September 1, 2009 Effective Date of this Policy: August 1, 2008 Last Revision: September 1, 2009 Contact for More Information: UDit Internal Auditor
Miami University. Payment Card Data Security Policy
Miami University Payment Card Data Security Policy IT Policy IT Standard IT Guideline IT Procedure IT Informative Issued by: IT Services SCOPE: This policy covers all units within Miami University that
INFORMATION SECURITY POLICY. Policy for Credit Card Acceptance to Conduct College Business
DELAWARE COLLEGE OF ART AND DESIGN 600 N MARKET ST WILMINGTON DELAWARE 19801 302.622.8000 INFORMATION SECURITY POLICY including Policy for Credit Card Acceptance to Conduct College Business stuff\policies\security_information_policy_with_credit_card_acceptance.doc
The Design Society. Information Security Policy
The Design Society Policies and Forms That Conform to PCI DSS SAQ A Version 2.0 June 2014 About this Document This document contains The Design Society information security policies. This document is
Cash & Banking Procedures
Financial Policies and Procedures Cash & Banking Procedures 1 P a g e Contents 1. Banking Procedures 1.1 Receipt of cash and cheques within a department 1.2 Storage/security of cash and cheques within
Dartmouth College Merchant Credit Card Policy for Processors
Mission Statement Dartmouth College Merchant Credit Card Policy for Processors Dartmouth College requires all departments that process, store or transmit credit card data remain in compliance with the
Credit and Debit Card Handling Policy Updated October 1, 2014
Credit and Debit Card Handling Policy Updated October 1, 2014 City of Parkville 8880 Clark Ave. Parkville, MO 64152 Hours: 8:00-5:00 p.m. Monday -Friday Phone Number 816-741-7676 Email: cityhall@parkvillemo.gov
CardControl. Credit Card Processing 101. Overview. Contents
CardControl Credit Card Processing 101 Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new and old
CREDIT CARD PROCESSING POLICY AND PROCEDURES
CREDIT CARD PROCESSING POLICY AND PROCEDURES Note: For purposes of this document, debit cards are treated the same as credit cards. Any reference to credit cards includes credit and debit card transactions.
Department PCI Self-Assessment Questionnaire Version 1.1
Department PCI Self-Assessment Questionnaire Version 1.1 2009 Attestation of Compliance Instructions for Submission This Department PCI Self-Assessment Questionnaire has been developed as an assessment
Vanderbilt University
Vanderbilt University Payment Card Processing and PCI Compliance Policy and Procedures Manual PCI Compliance Office Information Technology Treasury VUMC Finance Table of Contents Policy... 2 I. Purpose...
Becoming PCI Compliant
Becoming PCI Compliant Jason Brown - brownj52@michigan.gov Enterprise Security Architect Enterprise Architecture Department of Technology, Management and Budget State of Michigan @jasonbrown17 History
http://www4.uwm.edu/bfs/depts/acct/creditcardacceptance/credit-card-acceptance.cfm
Section: Accounting Revised Date: 05/31/2011 Procedure: 2.2.23 Credit Card Acceptance Home Page http://www4.uwm.edu/bfs/depts/acct/creditcardacceptance/credit-card-acceptance.cfm Operating Principles:
E-Market Policy Accepting Online Payment for Conducting University Business
Accepting Online Payment for Conducting University Business Responsible Office: Bursar s Office Contact: bursar@hartford.edu Effective Date: July 1, 2011 Last Revised: June 20, 2011 Last Reviewed: June
University Policy Accepting and Handling Payment Cards to Conduct University Business
BROWN UNIVERSITY University Policy Accepting and Handling Payment Cards to Conduct University Business Table of Contents Purpose... 2 Scope... 2 Authorization... 2 Establishing a new account... 2 Policy
Payment Card Industry Data Security Standards Compliance
Payment Card Industry Data Security Standards Compliance Please turn off, or to vibrate, all cell-phones/electronics Expected course length: 1 Hour Questions are welcomed. Who Created It? & What Is It?
05.118 Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013
05.118 Credit Card Acceptance Policy Authority: Vice Chancellor of Business Affairs History: Effective July 1, 2011 Updated February 2013 Source of Authority: Office of State Controller (OSC); Office of
Josiah Wilkinson Internal Security Assessor. Nationwide
Josiah Wilkinson Internal Security Assessor Nationwide Payment Card Industry Overview PCI Governance/Enforcement Agenda PCI Data Security Standard Penalties for Non-Compliance Keys to Compliance Challenges
POLICY & PROCEDURE DOCUMENT NUMBER: 3.3101. DIVISION: Finance & Administration. TITLE: Policy & Procedures for Credit Card Merchants
POLICY & PROCEDURE DOCUMENT NUMBER: 3.3101 DIVISION: Finance & Administration TITLE: Policy & Procedures for Credit Card Merchants DATE: October 24, 2011 Authorized by: K. Ann Mead, VP for Finance & Administration
CREDIT CARD NUMBER HANDLING PROCEDURES POLICY. 2014 October
CREDIT CARD NUMBER HANDLING PROCEDURES POLICY 2014 October Royal Roads University Page 1 of 6 21 October 2014 Table of Contents Policy Statement... 3 Rationale... 3 Applicability of the Policy... 3 Definitions...
Saint Louis University Merchant Card Processing Policy & Procedures
Saint Louis University Merchant Card Processing Policy & Procedures Overview: Policies and procedures for processing credit card transactions and properly storing credit card data physically and electronically.
The following are responsible for the accuracy of the information contained in this document:
AskUGA 1 of 5 Credit/Debit Cards Responsible administrator: Senior Vice President for Finance and Administration Related Procedure: The Credit/Debit Card Processing Procedures Responsible department: Bursar's
b. USNH requires that all campus organizations and departments collecting credit card receipts:
USNH Payment Card Industry Data Security Standard (PCI DSS) Version 3 Administration and Department Policy Draft Revision 3/12/2013 1. Purpose. The purpose of this policy is to assist the University System
PCI Compliance Security Awareness Program For Marine Corps Community Services Contacts: Paul Watson
PCI Compliance Security Awareness Program For Marine Corps Community Services Contacts: Paul Watson Overview What is PCI? MCCS Compliance PCI DSS Technical Requirements MCCS Information Security Policies
Information Security Policy
Information Security Policy Contents Version: 1 Contents... 1 Introduction... 2 Anti-Virus Software... 3 Media Classification... 4 Media Handling... 5 Media Retention... 6 Media Disposal... 7 Service Providers...
Payment Card Industry Data Security Standards
Payment Card Industry Data Security Standards PCI DSS Rhonda Chorney Manager, Revenue Capital & General Accounting Today s Agenda 1. What is PCI DSS? 2. Where are we today? 3. Why is compliance so important?
UNL PAYMENT CARD POLICY AND PROCEDURES. Table of Contents
UNL PAYMENT CARD POLICY AND PROCEDURES Table of Contents Payment Card Merchant Security Standards Policy and Procedures... 2 Introduction... 4 Payment Card Industry Data Security Standard... 4 Definitions...
University of Sunderland Business Assurance PCI Security Policy
University of Sunderland Business Assurance PCI Security Policy Document Classification: Public Policy Reference Central Register IG008 Policy Reference Faculty / Service IG 008 Policy Owner Chief Financial
Standards for Business Processes, Paper and Electronic Processing
Payment Card Acceptance Information and Procedure Guide (for publication on the Treasury Webpages) A companion guide to University policy 6120, Payment Card Acceptance Standards for Business Processes,
This policy applies to all GPC units that process, transmit, or handle cardholder information in a physical or electronic format.
Policy Number: 339 Policy Title: Credit Card Processing Policy, Procedure, & Standards Review Date: 07-23-15 Approval Date: 07-27-15 POLICY: All individuals involved in handling credit and debit card transactions
BUSINESS POLICY. TO: All Members of the University Community 2012:12. CREDIT CARD PROCESSING AND SECURITY POLICY (Supersedes Policy 2009:05)
BUSINESS POLICY TO: All Members of the University Community 2012:12 DATE: April 2012 CREDIT CARD PROCESSING AND SECURITY POLICY (Supersedes Policy 2009:05) Contents Section 1 Policy Statement... 2 Section
Policies and Procedures
Policies and Procedures Provided by PROGuard The following are policies and procedures which need to be enforced to ensure PCI DSS compliance. In order to answer yes to the questions and pass the SAQ,
New York University University Policies
New York University University Policies Title: Payment Card Industry Data Security Standard Policy Effective Date: April 11, 2012 Supersedes: N/A Issuing Authority: Executive Vice President for Finance
A Rackspace White Paper Spring 2010
Achieving PCI DSS Compliance with A White Paper Spring 2010 Summary The Payment Card Industry Data Security Standard (PCI DSS) is a global information security standard defined by the Payment Card Industry
Credit Card Processing and Security Policy
Credit Card Processing and Security Policy Policy Number: Reserved for future use Responsible Official: Vice President of Administration and Finance Responsible Office: Student Account Services Effective
PCI General Policy. Effective Date: August 2008. Approval: December 17, 2015. Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS:
Effective Date: August 2008 Approval: December 17, 2015 PCI General Policy Maintenance of Policy: Office of Student Accounts PURPOSE: To protect against the exposure and possible theft of account and personal
La règlementation VisaCard, MasterCard PCI-DSS
La règlementation VisaCard, MasterCard PCI-DSS Conférence CLUSIF "LES RSSI FACE À L ÉVOLUTION DE LA RÉGLEMENTATION" 7 novembre 07 Serge Saghroune Overview of PCI DSS Payment Card Industry Data Security
SECTION 509: Payment Card and Electronic Funds Transfer (EFT) Procedures
Page 1 SECTION 509: Payment Card and Electronic Funds Transfer (EFT) Procedures SOURCE: NDSU President NDSU VP for Finance and Administration NDSU VP for Information Technology It is the University s responsibility
Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008
Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 What is the PCI DSS? And what do the acronyms CISP, SDP, DSOP and DISC stand for? The PCI DSS is a set of comprehensive requirements
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance Payment Application Connected to Internet, No Electronic Cardholder Data Storage Version
CREDIT CARD MERCHANT POLICY. All campuses served by Louisiana State University (LSU) Office of Accounting Services
Louisiana State University Finance and Administrative Services Operating Procedure FASOP: AS-22 CREDIT CARD MERCHANT POLICY Scope: All campuses served by Louisiana State University (LSU) Office of Accounting
Project Title slide Project: PCI. Are You At Risk?
Blank slide Project Title slide Project: PCI Are You At Risk? Agenda Are You At Risk? Video What is the PCI SSC? Agenda What are the requirements of the PCI DSS? What Steps Can You Take? Available Services
McGill Merchant Manual
McGill Merchant Manual The McGill Merchant Manual is a complementary document to the Merchant (PCI) Policy and Procedures and serves to aid Merchants in ensuring their operations comply with Payment Card
Credit Card Security
Credit Card Security Created 16 Apr 2014 Revised 16 Apr 2014 Reviewed 16 Apr 2014 Purpose This policy is intended to ensure customer personal information, particularly credit card information and primary
Emory University & Emory Healthcare
Emory University & Emory Healthcare Payment Card Processing and Compliance Policy and Procedures Manual Office of Cash and Debt Management Mailstop 1599-001-1AE 1599 Clifton Road, 3 rd Floor Atlanta, GA
PCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00
PCI PA - DSS Point XSA Implementation Guide Atos Worldline Banksys XENTA SA Version 1.00 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566 287 00 www.point.se Page number 2 (16)
What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:
What is the PCI standards council? The Payment Card Industry Standards Council is an institution set-up by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International
FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY
FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY Page 1 of 6 Summary The Payment Card Industry Data Security Standard (PCI DSS), a set of comprehensive requirements for enhancing payment account
UNLV Payment Card Merchant Policy Credit Card Handling Responsibilities and Procedures
UNLV Payment Card Merchant Policy Credit Card Handling Responsibilities and Procedures Background Colleges and universities have traditionally had open networks of information that foster the exchange
A MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS)
A MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS) The mandatory guide for storing, processing or transmitting cardholder information Overview and applicability Any application
PCI-DSS Compliance. Ron Dinwiddie Chief Technology Officer J. Spargo & Associates
PCI-DSS Compliance Ron Dinwiddie Chief Technology Officer J. Spargo & Associates Agenda What is PCI Compliance Why is PCI Important How does this impact me? Becoming PCI Compliant JSA PCI Strategy Risk
WISCONSIN ACCOUNTING MANUAL Department of Administration State Controller s Office
BACKGROUND State of Wisconsin agencies accepted more than 6 million credit/debit card payments annually through the following payment channels: Point of Sale (State agency location) Point of Sale (Retail-agent
Payment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0
Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire C-VT Version 2.0 October 2010 Attestation of Compliance, SAQ C-VT Instructions for Submission
Managed Hosting & Datacentre PCI DSS v2.0 Obligations
Any physical access to devices or data held in an Melbourne datacentre that houses a customer s cardholder data must be controlled and restricted only to approved individuals. PCI DSS Requirements Version
CREDIT CARD MERCHANT PROCEDURES MANUAL. Effective Date: 5/25/2011
CREDIT CARD MERCHANT PROCEDURES MANUAL Effective Date: 5/25/2011 Updated: May 25, 2011 TABLE OF CONTENTS Introduction... 1 Third-Party Vendors... 1 Merchant Account Set-up... 2 Personnel Requirements...
Why Is Compliance with PCI DSS Important?
Why Is Compliance with PCI DSS Important? The members of PCI Security Standards Council (American Express, Discover, JCB, MasterCard, and Visa) continually monitor cases of account data compromise. These
University Policy Accepting Credit Cards to Conduct University Business
BROWN UNIVERSITY University Policy Accepting Credit Cards to Conduct University Business Purpose Brown University requires all departments that are involved with credit card handling to do so in compliance
The University of Georgia Credit/Debit Card Processing Procedures
The University of Georgia Credit/Debit Card Processing Procedures The University of Georgia currently accepts four major credit cards (MasterCard, Visa, Discover and American Express) for payment of services
Minnesota State Colleges and Universities System Procedures Chapter 5 Administration. Guideline 5.23.1.10 Payment Card Industry Technical Requirements
Minnesota State Colleges and Universities System Procedures Chapter 5 Administration Payment Card Industry Technical s Part 1. Purpose. This guideline emphasizes many of the minimum technical requirements
WASHINGTON STATE UNIVERSITY MERCHANT ACCOUNT AGREEMENT FOR UNIVERSITY DEPARTMENTS
WASHINGTON STATE UNIVERSITY MERCHANT ACCOUNT AGREEMENT FOR UNIVERSITY DEPARTMENTS I. Introduction, Background and Purpose This Merchant Account Agreement (the Merchant Agreement or Agreement ) is entered
This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected
This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected officials, administrative officials and business managers.
Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance
Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers Compliant? Bank Name
Andrews University Payment Card Acceptance Policies & Procedures. Prepared by Financial Administration
Andrews University Payment Card Acceptance Policies & Procedures Prepared by Financial Administration July 12, 2011 Part I: Introduction of Policy and Purpose Formatted: Font: 12 pt In order to protect
Failure to follow the following procedures may subject the state to significant losses, including:
SUBJECT: Policy and Procedures PAGE: 1 of 5 INTRODUCTION During fiscal year 2014, State of Wisconsin agencies accepted approximately 6 million credit/debit card payments through the following payment channels:
CARD PAYMENT POLICY May 2016
CARD PAYMENT POLICY May 2016 1. Introduction All businesses that handle card payment data are required to comply with industry rules aimed at increasing data security. These are set out in the Payment