Finance Office. Card Handling Policy
|
|
- Lilian Page
- 8 years ago
- Views:
Transcription
1 Finance Office Card Handling Policy Prepared by: Lyndsay Brown Issued: November
2 Contents Page 1 Introduction 3 2 Responsibility 3 3 The PCI Data Security Standard 3 4 PCI DSS Requirements 4 5 Receiving/ obtaining card data 4 6 Processing card data 5 7 Storing card data 6 2
3 1. Introduction This policy deals with the acceptable use and the controls required over receiving, processing and storing information in respect of all card receipts accepted and refunds made by the University. We have three acceptance channels for card receipts accepted and refunds made by the University: 1. Online Payment systems, 2. Hand held chip and pin card terminals, PDQ s (customer present transactions), and 3. Telephone (customer not present transactions). As the University is a merchant that accepts payment cards, it is required to be compliant with the PCI Data Security Standards. PCI Security Standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The Council is responsible for managing the security standards, while compliance with the PCI Security Standards is enforced by the payment card brands (i.e. MasterCard, Visa). The standards apply to all organisations that receive, process or store cardholder data. This policy should be read in conjunction with the Procedures as published on the University Finance website for: Financial Procedures Cash Handling and Banking Procedures Note: wherever a statement in this policy refers to Card, the statement applies to credit, debit, charge, and procurement/ purchasing cards, unless specifically stated otherwise. 2. Responsibility The management and control of information received in respect of cards at the University applies to all members of University staff in Schools and Learning, Teaching and Infrastructure Services handling credit card information. The following procedures must be adhered to: Restrict access to payment card transactions to only those staff that need access to it, Ensure that staff handling payment card data is aware of its importance and confidentiality, It is strictly prohibited to send card details by , store details via electronic methods over the University network (i.e. Excel spreadsheets, Word documents) or write down card details belonging to the payee. This includes occasions when the systems may be unavailable and in such instances the student/ customer should be contacted when the systems return to live mode, Be on the lookout for ways that payment card data could escape from your department without authority e.g. s, paper and minimise risk by following this Policy, The merchant copy of the payment receipt should be stored in a secure location and destroyed as confidential waste. The Treasury team within the Finance Office maintains a list of all members of staff with authorisation to use a hand held chip and pin terminals (PDQ s). It is the responsibility of each location to inform Treasury of changes in staff. 3
4 3. The PCI Data Security Standard PCI DSS is the global data security standard adopted by the payment card brands for all entities that process, store or transmit cardholder data. It consists of common sense steps that mirror security best practices. 4. PCI DSS Requirements Requirements 1-2 Build and maintain a secure network These sections are not covered by this policy refer to Information Services policies. Requirements 3-4 Protect cardholder data These sections are covered by this policy and primarily state that the University should not store or transmit card and transaction data unnecessarily. Organisations accepting payment cards are expected to protect cardholder data and prevent their unauthorised use. Requirements 5-6 Maintain a vulnerability management programme As for requirements 1-2, these sections are not covered by this policy. Requirements 7-9 Implement robust control measures / Control access to card data These sections are covered by this policy and deal with access to card data, which should be limited to when there is a business requirement and restricted to relevant staff only. Requirements Regularly monitor and test your computer networks As for requirements 1-2, these sections are not covered by this policy refer to Information Services. Requirement 12 Make information security a priority This section is covered by this policy and requires all employees are aware of the importance of card data security. 5. Receiving/ obtaining card data Card data should be received by appropriate methods only: Preferably by directing the cardholder/ payee to the Online Payments Systems asking them to process their payment through the online system. If the student is using University PC s to process the payment they should be directed to use the dedicated virtual terminals at the Base. or if not applicable to the source of income being collected Using face-to-face chip & pin transactions, where the customer is present and able to enter their card details directly into the card terminal. Receiving card payments where the customer is not present, is discouraged, but if it is necessary, the preferred method is to receive the card details by phone and enter them immediately into the card terminal or the administration area of the Online Payment system (Finance only). If you are in a Department where there is no card terminal the payee must be asked to phone Finance on who will process the transaction. It is strictly prohibited to send card details by , store via electronic methods over the University network (i.e. Excel spreadsheets, Word documents) or write down card details 4
5 belonging to the payee. This includes occasions when the systems may be unavailable and in such instances the student/ customer should be contacted when the systems return to live mode. 6. Processing card data Card receipts are accepted and refunds are made by the University via three acceptance channels: 1. Online Payment systems, 2. Hand held chip and pin card terminals, PDQ s (customer present transactions), and 3. Telephone (customer not present transactions). Online Payment Systems The Online Payment system and Online Store is provided by WPM Education (WPM). WPM is classed as a level 1 service provider under the standard and, as such, has an annual independent audit carried out to certify this compliance. WPM has been certified as compliant since March WPM Education solutions prevent card payment data from entering the University s environment by processing the payment data on its own fully PCI DSS compliant servers, transferring only fully encrypted data back and forth to the university or college. This removes the risk from the University as no card payment data is present on the University servers. HOW IT WORKS 1. Payee visits University website and selects to pay a fee, set up recurring billing/ payment plan or add a product or service to the shopping basket. 2. Customer is seamlessly redirected to WPM Education's Secure Payment Pages. 3. The payee enters their payment details into the system. The PCI DSS risk is completely removed from the University as no card details are submitted or stored within the University's network. 4. WPM Education transfers the data to the credit card network and completes the transaction. 5. Result of payment is displayed to the customer. 5
6 As the Online Payment System and Online Store are covered by WPM Education's compliance the use of these systems by the payee is not covered by this policy. Hand held chip and pin terminals (PDQ s) All terminals are provided by FEXCO and are set up using analogue telephone lines. Cardholder data is not transmitted via the University servers. If a new terminal is required please contact Finance Office in the first instance who will liaise with Information Services and Facilities to ensure the correct set up of the terminal. Telephone Transactions taken over the telephone are customer not present transactions. The card details must be entered directly to the administration area of the Online Payment systems or directly to the terminal. Under no circumstance should card details be written down. 7. Storing card data The goal of the PCI Data Security Standard (PCI DSS) is to protect cardholder data wherever it is received, processed or stored. The security controls and processes required by PCI DSS are vital for protecting cardholder account data, including the PAN the primary account number printed on the front of a payment card (16 digit number). The University must never electronically store sensitive authentication data after authorisation. Sensitive data includes data that is printed on a card, card verification codes (CVC s), data stored on a card s magnetic stripe or chip and personal identification numbers entered by the cardholder. The customer and merchant copy of the card terminal receipt rolls will include the partial and full PAN respectively. The customer copy must be returned direct to the customer. The merchant copy of the card terminal receipt roll must be stored securely in a locked location. It is important the merchant copy is placed in the locked location directly after processing of each transaction. Receipts can be stored for a maximum of 6 months before being destroyed as confidential waste. It is the responsibility of the location storing the merchant receipt for ensuring its safekeeping. 6
Finance & Ecommerce Systems
Finance & Ecommerce Systems Prepared by: Colette Elson Issued: November 2013 November 2013 Page 1 Contents Page 1 Introduction 2 Responsibility 3 The PCI Data Security Standard 4 PCI DSS Requirements 5
More information2.1.2 CARDHOLDER DATA SECURITY
University of Oxford Finance Division FINANCIAL POLICY 2.1.2 CARDHOLDER DATA SECURITY Date: 21 March 2013 Version: 2.1.2 Status: Approved Author: Simon Blee Bridget Midwinter TABLE OF CONTENTS Page EXECUTIVE
More informationUniversity of Liverpool
University of Liverpool Card Payment Policy Reference Number Title Version Number 1.0 Document Status Document Classification FIN-001 Card Payment Policy Active Public Effective Date 03 June 2014 Review
More informationPayment Card Industry Data Security Standard PCI DSS
Payment Card Industry Data Security Standard PCI DSS What is PCI DSS? Requirements developed by the five card brands: VISA, Mastercard, AMEX, JCB and Discover. Their aim was to put together a common set
More informationFraud - Preparing Data Card Transactions
Liverpool Hope University PCI DSS Policy Document Control Date Revision/Amendment Details & Reason Author 26 th March 2015 Updates G. Donelan 23 rd June 2015 Audit Committee 7 th July 2015 University Council
More informationPCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:
What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers
More informationUniversity of York Policy on the Management of Debit/ Credit Card Data
University of York Policy on the Management of Debit/ Credit Card Data Version 1.0 25th February 2015 Index 1 Introduction and Policy Statement 1.1 The Payment Card Industry Data Security Standard (PCI
More informationUniversity Policy Accepting Credit Cards to Conduct University Business
BROWN UNIVERSITY University Policy Accepting Credit Cards to Conduct University Business Purpose Brown University requires all departments that are involved with credit card handling to do so in compliance
More informationCash & Banking Procedures
Financial Policies and Procedures Cash & Banking Procedures 1 P a g e Contents 1. Banking Procedures 1.1 Receipt of cash and cheques within a department 1.2 Storage/security of cash and cheques within
More informationPayment Cardholder Data Handling Procedures (required to accept any credit card payments)
Payment Cardholder Data Handling Procedures (required to accept any credit card payments) Introduction: The Procedures that follow will allow the University to be in compliance with the Payment Card Industry
More informationUniversity of Sunderland Business Assurance PCI Security Policy
University of Sunderland Business Assurance PCI Security Policy Document Classification: Public Policy Reference Central Register IG008 Policy Reference Faculty / Service IG 008 Policy Owner Chief Financial
More informationCOLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL
PAYMENT CARD INDUSTRY COMPLIANCE (PCI) Effective June 1, 2011 Page 1 of 6 (1) Definitions a. Payment Card Industry Data Security Standards (PCI-DSS): A set of standards established by the Payment Card
More informationInformation Technology
Credit Card Handling Security Standards Overview Information Technology This document is intended to provide guidance to merchants (colleges, departments, organizations or individuals) regarding the processing
More informationCREDIT CARD PROCESSING & SECURITY POLICY
FINANCE AND TREASURY POLICIES AND PROCEDURES E071 CREDIT CARD PROCESSING & SECURITY POLICY PURPOSE The purpose of this policy is to establish guidelines for processing charges/credits on Credit Cards to
More information6-8065 Payment Card Industry Compliance
0 0 0 Yosemite Community College District Policies and Administrative Procedures No. -0 Policy -0 Payment Card Industry Compliance Yosemite Community College District will comply with the Payment Card
More informationHow To Control Credit Card And Debit Card Payments In Wisconsin
BACKGROUND State of Wisconsin agencies accepted more than 6 million credit/debit card payments annually through the following payment channels: Point of Sale (State agency location) Point of Sale (Retail-agent
More informationAppendix 1 Payment Card Industry Data Security Standards Program
Appendix 1 Payment Card Industry Data Security Standards Program PCI security standards are technical and operational requirements set by the Payment Card Industry Security Standards Council to protect
More informationFailure to follow the following procedures may subject the state to significant losses, including:
SUBJECT: Policy and Procedures PAGE: 1 of 5 INTRODUCTION During fiscal year 2014, State of Wisconsin agencies accepted approximately 6 million credit/debit card payments through the following payment channels:
More informationHow To Complete A Pci Ds Self Assessment Questionnaire
Department PCI Self-Assessment Questionnaire Version 1.1 2009 Attestation of Compliance Instructions for Submission This Department PCI Self-Assessment Questionnaire has been developed as an assessment
More informationCredit Card Handling Security Standards
Credit Card Handling Security Standards Overview This document is intended to provide guidance to merchants (colleges, departments, auxiliary organizations or individuals) regarding the processing of charges
More informationOffice of Finance and Treasury
Office of Finance and Treasury How to Accept & Process Credit and Debit Card Transactions Procedure Related Policy Title Credit Card Processing Policy For University Merchant Locations Responsible Executive
More informationPCI Policies 2011. Appalachian State University
PCI Policies 2011 Appalachian State University Table of Contents Section 1: State and Contractual Requirements Governing Campus Credit Cards A. Cash Collection Point Approval for Departments B. State Requirements
More informationINFORMATION SECURITY POLICY. Policy for Credit Card Acceptance to Conduct College Business
DELAWARE COLLEGE OF ART AND DESIGN 600 N MARKET ST WILMINGTON DELAWARE 19801 302.622.8000 INFORMATION SECURITY POLICY including Policy for Credit Card Acceptance to Conduct College Business stuff\policies\security_information_policy_with_credit_card_acceptance.doc
More informationUniversity Policy Accepting and Handling Payment Cards to Conduct University Business
BROWN UNIVERSITY University Policy Accepting and Handling Payment Cards to Conduct University Business Table of Contents Purpose... 2 Scope... 2 Authorization... 2 Establishing a new account... 2 Policy
More informationCredit Card Processing Overview
CardControl 3.0 Credit Card Processing Overview Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new
More informationCREDIT CARD NUMBER HANDLING PROCEDURES POLICY. 2014 October
CREDIT CARD NUMBER HANDLING PROCEDURES POLICY 2014 October Royal Roads University Page 1 of 6 21 October 2014 Table of Contents Policy Statement... 3 Rationale... 3 Applicability of the Policy... 3 Definitions...
More informationSection 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015
Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect
More informationTERMINAL CONTROL MEASURES
UCR Cashiering & Payment Card Services TERMINAL CONTROL MEASURES Instructions: Upon completion, please sign and return to cashandmerchant@ucr.edu when requesting a stand-alone dial up terminal. The University
More informationA MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS)
A MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS) The mandatory guide for storing, processing or transmitting cardholder information Overview and applicability Any application
More informationPLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01
PLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01 Information updated: 21 October 2012 SAFEGUARDING CARDHOLDER
More informationTREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS
TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS 1. Introduction Debit and Credit Card Receipt Standards apply to the administration
More informationMerchant guide to PCI DSS
Merchant guide to PCI DSS Contents What is PCI DSS and why was it introduced?... 3 Who needs to become PCI DSS compliant?... 3 BOIPA Simple PCI DSS - 3 step approach to helping businesses... 3 What does
More informationCardControl. Credit Card Processing 101. Overview. Contents
CardControl Credit Card Processing 101 Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new and old
More informationPCI Compliance Information Packet for Volunteers - Credit Card Processing for Product Sales and Online Camp / Event Registration
PCI Compliance Information Packet for Volunteers - Credit Card Processing for Product Sales and Online Camp / Event Registration Table of Contents Introduction to Credit Card Processing for Product Sales
More informationACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS:
Boston College Policy ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS: PURPOSE OF POLICY: The purpose of this policy is to establish procedures for accepting payment cards at Boston College
More informationROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY. Processing Electronic Card Payments
ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY Processing Electronic Card Payments Introduction and Policy Aim The Payment Card Industry Data Security Standard (PCI-DSS) is a worldwide information
More informationMerchant Card Processing Best Practices
Merchant Card Processing Best Practices Background: The major credit card companies (VISA, MasterCard, Discover, and American Express) have published a uniform set of data security standards that ALL merchants
More informationPOLICY NAME : MERCHANT (PCI) POLICY AND PROCEDURES ACCEPTING CREDIT/DEBIT CARD PAYMENTS
Publication Date 2009-08-11 Issued by: Financial Services Chief Information Officer Revision V 1.0 POLICY NAME : MERCHANT (PCI) POLICY AND PROCEDURES ACCEPTING CREDIT/DEBIT CARD PAYMENTS Overview: There
More informationPayment Card Industry Data Security Standards
Payment Card Industry Data Security Standards PCI DSS Rhonda Chorney Manager, Revenue Capital & General Accounting Today s Agenda 1. What is PCI DSS? 2. Where are we today? 3. Why is compliance so important?
More informationA Rackspace White Paper Spring 2010
Achieving PCI DSS Compliance with A White Paper Spring 2010 Summary The Payment Card Industry Data Security Standard (PCI DSS) is a global information security standard defined by the Payment Card Industry
More informationPCI Compliance Security Awareness Program For Marine Corps Community Services Contacts: Paul Watson
PCI Compliance Security Awareness Program For Marine Corps Community Services Contacts: Paul Watson Overview What is PCI? MCCS Compliance PCI DSS Technical Requirements MCCS Information Security Policies
More informationRealex Payments Integration Guide - Ecommerce Remote Integration. Version: v1.1
Realex Payments Integration Guide - Ecommerce Remote Integration Version: v1.1 Document Information Document Name: Realex Payments Integration Guide Ecommerce Remote Integration Document Version: 1.1 Release
More informationCREDIT CARD SECURITY POLICY PCI DSS 2.0
Responsible University Official: University Compliance Officer Responsible Office: Business Office Reviewed Date: 10/29/2012 CREDIT CARD SECURITY POLICY PCI DSS 2.0 Introduction and Scope Introduction
More informationNeed to be PCI DSS compliant and reduce the risk of fraud?
Need to be PCI DSS compliant and reduce the risk of fraud? NCR Security lessens your PCI compliance burden and protects the integrity of your network An NCR White Paper Experience a new world of interaction
More informationThe following are responsible for the accuracy of the information contained in this document:
AskUGA 1 of 5 Credit/Debit Cards Responsible administrator: Senior Vice President for Finance and Administration Related Procedure: The Credit/Debit Card Processing Procedures Responsible department: Bursar's
More informationYou will already have read and understood the following documentation, however do go back to any of these if you are unsure of what they cover:
Pay Payment Card Industry Data Security Standards (PCI DSS) Quick Reference Guide Overview You should have already been trained, and possibly refreshed, in PCI DSS requirements, and how the standards relate
More information2.0 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI-DSS)
CSU, Chico Credit Card Handling Security Standard Effective Date: July 28, 2015 1.0 INTRODUCTION This standard provides guidance to ensure that credit card acceptance and ecommerce processes comply with
More informationNew York University University Policies
New York University University Policies Title: Payment Card Industry Data Security Standard Policy Effective Date: April 11, 2012 Supersedes: N/A Issuing Authority: Executive Vice President for Finance
More informationAccounting and Administrative Manual Section 100: Accounting and Finance
No.: C-13 Page: 1 of 6 POLICY: It is the policy of the University of Alaska that all payment card transactions are to be executed in compliance with standards established by the Payment Card Industry Security
More informationCredit and Debit Card Transaction Procedures. University of Bath
Credit and Debit Card Transaction Procedures University of Bath Table of Contents Introduction Ethics and Acceptable Use Policies Credit and Debit Card Transactions Protection of Stored Data Protection
More information3. Internet Credit Card Processing System generates a daily batch release report 4. Reporting Deposits to the University Depository
Internal Credit/Debit Card Processing Policies and Procedures for University of Tennessee Merchants Merchant: DBA Effective: Date Reviewed: Date Revised: Date 1. General Statement 2. Point-of-Sale Processing
More informationWorldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)
Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS) What is PCI DSS? The 12 Requirements Becoming compliant with SaferPayments Understanding the jargon SaferPayments Be smart.
More informationPolicies and Procedures. Merchant Card Services Office of Treasury Operations
Policies and Procedures Merchant Card Services Office of Treasury Operations 1 Welcome! Table of Contents: Introduction Establishing Payment Card Services Payment Card Acceptance Procedures Payment Card
More informationPCI General Policy. Effective Date: August 2008. Approval: December 17, 2015. Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS:
Effective Date: August 2008 Approval: December 17, 2015 PCI General Policy Maintenance of Policy: Office of Student Accounts PURPOSE: To protect against the exposure and possible theft of account and personal
More informationInformation Sheet. PCI DSS Overview
The payment card industry (PCI) protects cardholder data through technical and operations standard set by its Council. Compliance with PCI standards is mandatory. It is enforced by the major payment card
More informationPuzzled about PCI compliance? Proactive ways to navigate through the standard for compliance
Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance March 29, 2012 1:00 p.m. ET If you experience any technical difficulties, please contact 888.228.0988 or support@learnlive.com
More informationSaint Louis University Merchant Card Processing Policy & Procedures
Saint Louis University Merchant Card Processing Policy & Procedures Overview: Policies and procedures for processing credit card transactions and properly storing credit card data physically and electronically.
More informationThis policy applies to all GPC units that process, transmit, or handle cardholder information in a physical or electronic format.
Policy Number: 339 Policy Title: Credit Card Processing Policy, Procedure, & Standards Review Date: 07-23-15 Approval Date: 07-27-15 POLICY: All individuals involved in handling credit and debit card transactions
More informationPCI DSS Compliance Services January 2016
PCI DSS Compliance Services January 2016 20160104-Galitt-PCI DSS Compliance Services.pptx Agenda 1. Introduction 2. Overview of the PCI DSS standard 3. PCI DSS compliance approach Copyright Galitt 2 Introduction
More informationWhite Paper On. PCI DSS Compliance And Voice Recording Implications
White Paper On PCI DSS Compliance And Voice Recording Implications PCI DSS within the UK is becoming a hot topic of conversation, with many contradictions and confusions being issued by suppliers and professionals
More informationGRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY
GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY PURPOSE The Payment Card Industry Data Security Standard was established by the credit card industry in response to an increase in identify theft
More informationPOLICY SECTION 509: Electronic Financial Transaction Procedures
Page 1 POLICY SECTION 509: Electronic Financial Transaction Procedures Source: NDSU President NDSU VP for Finance and Administration NDSU VP for Information Technology A. Purpose / Rationale Many NDSU
More informationSteps for staying PCI DSS compliant Visa Account Information Security Guide October 2009
Steps for staying PCI DSS compliant Visa Account Information Security Guide October 2009 The guide describes how you can make sure your business does not store sensitive cardholder data Contents 1 Contents
More informationElavon Payment Gateway - Redirect Integration Guide
Elavon Payment Gateway - Redirect Integration Guide Version: v1.1 Table of Contents 1 About This Guide 3 1.1 Purpose 3 1.2 Audience 3 1.3 Prerequisites 3 1.4 Related Documents 3 2 Elavon Payment Gateway
More informationPCI DSS Gap Analysis Briefing
PCI DSS Gap Analysis Briefing The University of Chicago October 1, 2012 Walter Conway, QSA 403 Labs, LLC Agenda The PCI DSS ecosystem - Key players, roles - Cardholder data - Merchant levels and SAQs UofC
More informationUCSD Credit Card Processing Policy & Procedure
UCSD Credit Card Processing Policy & Procedure The Payment Process UCSD accepts Visa, MasterCard, American Express and Discover credit cards. We perform credit transactions only, no debit sales with cash
More informationPCI Data Security Standards. Presented by Pat Bergamo for the NJTC February 6, 2014
PCI Data Security Standards Presented by Pat Bergamo for the NJTC February 6, 2014 Introduction 3/3/2014 2 Your Speaker Patrick Bergamo, CISSP Director of Information Security & Delivery Delta Corporate
More informationWhite paper. How to take your contact centre out of scope for PCI DSS. Reducing cost and risk in credit card transactions for contact centres
White paper How to take your contact centre out of scope for PCI DSS Executive summary With 77 per cent of UK companies admitting to a security breach (Source: The Ponemon Institute, 2009), and up to 97
More informationCAL POLY POMONA FOUNDATION. Policy for Accepting Payment (Credit) Card and Ecommerce Payments
CAL POLY POMONA FOUNDATION Policy for Accepting Payment (Credit) Card and Ecommerce Payments 1 PURPOSE The purpose of this policy is to establish business processes and procedures for accepting payment
More informationSAN DIEGO STATE UNIVERSITY RESEARCH FOUNDATION CREDIT CARD PROCESSING & SECURITY POLICY MERCHANT SERVICES POLICIES & PROCEDURES
SAN DIEGO STATE UNIVERSITY RESEARCH FOUNDATION CREDIT CARD PROCESSING & SECURITY POLICY MERCHANT SERVICES POLICIES & PROCEDURES POLICY STATEMENT Introduction Some San Diego State University Research Foundation
More informationP R O G R E S S I V E S O L U T I O N S
PCI DSS: PCI DSS is a set of technical and operational mandates designed to ensure that all organizations that process, store or transmit credit card information maintain a secure environment and safeguard
More informationViterbo University Credit Card Processing & Data Security Procedures and Policy
The requirements for PCI-DSS compliance are quite numerous and at times extremely complicated due to their interdependent nature and scope. The University has deemed it necessary for those areas currently
More informationPCI DSS and SSC what are these?
PCI DSS and SSC what are these? What does PCI DSS mean? PCI DSS is the English acronym for Payment Card Industry Data Security Standard. What is the PCI DSS programme? The bank card data, which are the
More informationWestern Australian Auditor General s Report. Information Systems Audit Report
Western Australian Auditor General s Report Information Systems Audit Report Report 10 June 2012 Auditor General s Overview The Information Systems Audit Report is tabled each year by my Office. It summarises
More informationFraud Protection, You and Your Bank
Fraud Protection, You and Your Bank Maximize your chances to minimize your losses Presentation for Missouri GFOA April 2011 By: Terry Endres, VP, Government Treasury Solutions Phone: 314-466-6774 Terry.m.endres@baml.com
More informationPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced Version 3.0 February
More informationCREDIT CARD PROCESSING POLICY AND PROCEDURES
CREDIT CARD PROCESSING POLICY AND PROCEDURES Note: For purposes of this document, debit cards are treated the same as credit cards. Any reference to credit cards includes credit and debit card transactions.
More informationCredit Card Processing and Security Policy
Credit Card Processing and Security Policy Policy Number: Reserved for future use Responsible Official: Vice President of Administration and Finance Responsible Office: Student Account Services Effective
More informationCREDIT CARD MERCHANT POLICY. All campuses served by Louisiana State University (LSU) Office of Accounting Services
Louisiana State University Finance and Administrative Services Operating Procedure FASOP: AS-22 CREDIT CARD MERCHANT POLICY Scope: All campuses served by Louisiana State University (LSU) Office of Accounting
More informationCredit and Debit Card Handling Policy Updated October 1, 2014
Credit and Debit Card Handling Policy Updated October 1, 2014 City of Parkville 8880 Clark Ave. Parkville, MO 64152 Hours: 8:00-5:00 p.m. Monday -Friday Phone Number 816-741-7676 Email: cityhall@parkvillemo.gov
More informationSafe and Sound Processing Telephone Payments Securely. A white paper from Barclaycard and Visa Europe leading the way in secure payments April 2015
Safe and Sound Processing Telephone Payments Securely A white paper from Barclaycard and Visa Europe leading the way in secure payments April 2015 Executive summary The following information and guidance
More informationAndrews University Payment Card Acceptance Policies & Procedures. Prepared by Financial Administration
Andrews University Payment Card Acceptance Policies & Procedures Prepared by Financial Administration July 12, 2011 Part I: Introduction of Policy and Purpose Formatted: Font: 12 pt In order to protect
More informationworldpay.com Understanding the 12 requirements of PCI DSS SaferPayments Be smart. Be compliant. Be protected.
worldpay.com Understanding the 12 requirements of PCI DSS SaferPayments Be smart. Be compliant. Be protected. The 12 requirements of the Payment Card Industry Data Security Standard (PCI DSS) by type Build
More informationSECTION: SUBJECT: PCI-DSS General Guidelines and Procedures
1. Introduction 1.1. Purpose and Background 1.2. Central Coordinator Contact 1.3. Payment Card Industry Data Security Standards (PCI-DSS) High Level Overview 2. PCI-DSS Guidelines - Division of Responsibilities
More informationWhat are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:
What is the PCI standards council? The Payment Card Industry Standards Council is an institution set-up by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International
More informationPayment Card Industry Data Security Standard (PCI DSS)
Payment Card Industry Data Security Standard (PCI DSS) What is PCI SSC? A 12 year old independent industry standards body providing oversight of the development and management of Payment Card Industry
More informationPCI DSS Compliance. 2015 Information Pack for Merchants
PCI DSS Compliance 2015 Information Pack for Merchants This pack contains general information regarding PCI DSS compliance and does not take into account your business' particular requirements. ANZ recommends
More informationACQUIRER OR ACQUIRING BANK A financial institution (often a bank) where a merchant has an account to process transactions and card payments
A TO Z JARGON BUSTER A ACQUIRER OR ACQUIRING BANK A financial institution (often a bank) where a merchant has an account to process transactions and card payments ATM Automated Teller Machine. Unattended,
More informationPCI Training for Retail Jamboree Staff Volunteers. Securing Cardholder Data
PCI Training for Retail Jamboree Staff Volunteers Securing Cardholder Data Securing Cardholder Data Introduction This PowerPoint presentation is designed to educate Retail Jamboree Staff volunteers on
More informationFrequently Asked Questions
PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply
More informationBecoming PCI Compliant
Becoming PCI Compliant Jason Brown - brownj52@michigan.gov Enterprise Security Architect Enterprise Architecture Department of Technology, Management and Budget State of Michigan @jasonbrown17 History
More informationDartmouth College Merchant Credit Card Policy for Managers and Supervisors
Dartmouth College Merchant Credit Card Policy for Managers and Supervisors Mission Statement Dartmouth College requires all departments that process, store or transmit credit card data remain in compliance
More informationpolicy D Reaffirmation of existing policy
Name of Policy: Credit Cards Policy Number: 3364-40-24 Approving Officer: President.TOLE'DO l t.?-2 Responsible Agent: Treasurer Scope: All credit card Merchants at The University rg] New policy proposal
More informationHow To Protect Your Credit Card Information From Being Stolen
Visa Account Information Security Tool Kit Welcome to the Visa Account Information Security Program 2 Contents 1. Securing cardholder data is everyone s concern 4 2. Visa Account Information Security (AIS)
More informationAccepting Payment Cards and ecommerce Payments
Policy V. 4.1.1 Responsible Official: Vice President for Finance and Treasurer Effective Date: September 29, 2010 Accepting Payment Cards and ecommerce Payments Policy Statement The University of Vermont
More informationPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance Payment Application Connected to Internet, No Electronic Cardholder Data Storage Version
More informationPayment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0
Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire C-VT Version 2.0 October 2010 Attestation of Compliance, SAQ C-VT Instructions for Submission
More information3D Secure safe on-line shopping with your payment card
3D Secure safe on-line shopping with your payment card 3D Secure standard represents a modern method of securing your online shopping experience, when you decide to pay by debit or credit card. Paying
More informationGlobal Iris Integration Guide ecommerce Remote Integration
Global Iris Integration Guide ecommerce Remote Integration February 2013 Table Of Contents 1 About This Guide... 3 1.1 Purpose... 3 1.2 Audience... 3 1.3 Prerequisites... 3 1.4 Related Documents... 3 2
More information