You will already have read and understood the following documentation, however do go back to any of these if you are unsure of what they cover:
|
|
- Jasper Watkins
- 8 years ago
- Views:
Transcription
1 Pay Payment Card Industry Data Security Standards (PCI DSS) Quick Reference Guide Overview You should have already been trained, and possibly refreshed, in PCI DSS requirements, and how the standards relate to your employment duties at UWE. This guide will remind you of your responsibilities, and what is required of you operationally during your daily duties, to ensure the safety of cardholder data. You will already have read and understood the following documentation, however do go back to any of these if you are unsure of what they cover: UWE PCI DSS policy (and other policies linked into the document such as IT Security Policy); UWE Incident response Plan (section 11 of the PCI DSS Policy) details of what action should be taken in the event of a card data breach; what information needs to be reported, and who to report it to; UWE PDQ Management policy - for Managers responsible for Income Collection in their area. Reminder: What is PCI DSS? PCI DSS is a global standard of best practice that was designed by card payment brands, to increase security and decrease fraud relating to cardholder data. MasterCard or Visa can, and will, impose substantial financial penalties for non-compliance, with further financial penalties for any actual data breach incidents that arise. If there is a continued breach of data security, as a final resort, the University s permission to process card data may be removed. Reminder: How does PCI DSS relate to what I do? The following table summarises the key requirements for each payment method, which if properly followed, will greatly reduce the risk of cardholder data being stolen. Some of the scenarios might not be relevant or appropriate to you, however if you are unsure how to apply PCI DSS to your processes, please seek advice from your manager. Remember, the best defence against cardholder data theft is not to store it if we do not have it, it cannot be stolen from us.
2 Pay Payment method Do... Don t... Online Encourage students / customers to make payments online themselves where possible, and if not possible, offer an alternative payment method. DO NOT WRITE DOWN CARD DETAILS Face-to-face using a card terminal (PDQ cardholder present) PDQ terminal security However, in exceptional circumstances, card payments can be processed online if the student/customer cannot/will not pay online, by a trained member of staff working in the Income Office. Ensure that you are aware of how to detect a fraudulent key-logging device being installed to your computer (see Appendix 1), as this will enable cardholder data to be stolen. Once you have entered the amount, the customer should put their card in the terminal for chip and pin transactions, or pass their card over the terminal for contactless transactions. If your terminal prints the full Primary Account Number (PAN 16-digit card number) on the merchant (UWE) copy of the receipt, you must bring this to your manager s attention or contact the PCI DSS team immediately. Always keep the device in view during business hours, and locked away with restricted access outside of business hours. Managers are responsible for ensuring that PDQ s are properly and securely managed and controlled. DO NOT READ OUT CARD DETAILS Staff should not need to handle the customer s card.
3 PDQ terminal checks Always co-operate with the annual device audit undertaken by the Income Office Manager. Regularly inspect the device to detect tampering (see Appendix 1) or substitution (by checking the serial number or other device characteristics), as this will enable cardholder data to be stolen. Telephone (cardholder not present) Ensure that adequate controls exist for visitors of your restricted area where card payments are processed (if applicable e.g. Conference Centre); Ensure that all students and staff wear UWE identification lanyards; Ensure that all external visitors are authorised to enter, and escorted at all times; Ensure that all external visitors are identified and given a visitor badge, which is returned when they leave; Ensure that an external visitor log is maintained. Telephone payments are discouraged; students/customers are encouraged to pay online themselves. However, in exceptional circumstances, card payments can be processed by telephone if the payer cannot/will not pay online. If a telephone payment is taken, you must enter the details straight into the University s online software. If the software is not available for any reason, you should arrange to call the customer back when it is available, and then enter the details directly into the software during the call. Ensure you are aware of how to detect fraudulent key-logging device being installed on your computer. DO NOT READ OUT CARD DETAILS. DO NOT WRITE DOWN CARD DETAILS DO NOT RECORD TELEPHONE CALLS Calls where card payments are taken must never be recorded
4 Telephone (cardholder not present) cont d.. Card details received by post (application forms) Card details received by Card details received by fax or messaging technologie s (i.e. instant messaging and chat) Application forms may contain cardholder data, which must be securely locked away, with restricted access, until needed. Payment transactions must be processed as soon as possible, and within 5 working days of receiving the application form. After the payment has been processed, the application form should be hand delivered to the Income Office within 2 working days. The Income Office must immediately crossshred the card details section of the applications form, and securely store the rest of the form. Card details received by must be immediately and permanently deleted without being processed by permanently deleting it from Recover Deleted Items after it has been originally deleted. Card details received by fax must be crossshredded without being processed. Card details received by message must be deleted without being processed. If you receive cardholder details in any of these methods, the student / customer directly and advise them to pay online, or in person. DO NOT READ OUT CARD DETAILS When processing a card payment via telephone in a busy working area, never read the customer s card details back to them, in case you are overheard. You can confirm part of the number (e.g. the last 4 digits) if necessary. Never ask a customer to their card details to you. If a customer s you card details, you must not process them, or forward them onto another member of staff. Never ask a customer to provide cardholder details by any of these methods. Card details received by fax ore messaging must not be processed.
5 Physical storage and disposal of card data Electronic storage of card data Dealing with declined card transaction What should I do if I suspect someone has gained unauthorised access to card data? Cardholder data should only be retained and securely stored (locked away with restricted access), if there is a business need to do so If you are unsure if card details should be kept, check with your line manager. If you have any card data stored electronically, you must contact the PCI DSS team immediately (e.g. data stored in files, efax, recorded telephone calls) If you collect CCTV, you must ensure that it cannot capture card data. Advise the customer immediately if a card transaction is declined and offer an alternative payment option. If processed via a PDQ device, give the customer the customer copy receipt stating that the payment was declined and securely store the merchant copy. If processed online, advise the customer that they must contact their card issuer and offer an alternative payment option. If there has been a break in to an area where cardholder data is processed, or you believe a terminal has been tampered with, you must follow the PCI DSS policy section 11 - Incident Response Plan. Stop using that terminal/pc immediately and disconnect the network or telephone line - ensure that you keep the device under your watchful eye until told otherwise. Immediately record known or suspected incident details and your Line Manager, Income Office Manager, Data Protection Compliance Officer data data.protection@uwe.ac.uk and PCI DSS Team Finance.systems@uwe.ac.uk NEVER TAKE COPIES OF CARDHOLDER DATA E.g. on paper, spreadsheets, USB drives, or network shares. Card data must never be stored electronically if it is on our networks, there is the potential for unauthorised access. This includes data stored in files on your computer or network; electronic images, such as efax; recorded telephone calls. Do not take a note of the card details and try to re-process at a later date. Do not change anything on the terminal/pc. Do not unplug the terminal/pc. Do not continue to use the terminal/pc.
6 Pay Appendix 1 How to detect fraudulent tampering of your PDQ terminal and/or computer What is skimming? Skimming is a method used by criminals to capture data from the magnetic stripe on the back of a card. How does skimming work? Typically, someone in a workplace uses a small, manual skimmer to steal information from a card s magnetic stripe. That information is sold to criminals, put onto a counterfeit card and used to make fraudulent purchases. While making it look like they are performing maintenance, criminals can open the PDQ terminal and install the skimmer. In some circumstances, they remove the existing PDQ terminal and replace it with one already modified. They can also install a device on one of the PDQ terminal s communication cables, capturing the card information during its transmission. You should be vigilant of any potential skimming activity and take actions to prevent this criminal activity in your workplace. What does a skimming device look like? Skimming devices, or skimmers, come in many shapes and sizes, and are small and portable, with a slot where the card can be swiped and skimmed. Many of these devices are hand held but some can be installed inside the PDQ card terminal, or on one of its cables or connections. Manual Skimmer captures data Stored on the magnetic stripe of the card. Compact Manual Skimmer smaller version of the manual skimmer, can be concealed more easily. What is key logging? Key logging is where a device (key logger) is plugged into your computer s USB port by criminals, to record key strokes to capture data typed in. Hardware Key logger connected to your computer s USB port records keystrokes and stores the data.
Payment Card Industry Data Security Standard PCI DSS
Payment Card Industry Data Security Standard PCI DSS What is PCI DSS? Requirements developed by the five card brands: VISA, Mastercard, AMEX, JCB and Discover. Their aim was to put together a common set
More informationSection 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015
Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect
More informationProtecting the POS Answers to Your Frequently Asked Questions
Protecting the POS Answers to Your Frequently Asked Questions PROTECTING THE POS What is skimming? Skimming is the transfer of electronic data from one magnetic stripe to another for fraudulent purposes.
More informationCREDIT CARD PAYMENTS ARE NOT ACCEPTED FOR STUDENT TUITION PAYMENTS
Basic Credit Card Processing Procedures The following is intended to provide basic procedures that departments or units can use as a starting point to develop specific procedures for their department or
More informationMerchant Payment Card Processing Guidelines
Merchant Payment Card Processing Guidelines The following is intended to provide guidance that departments or units can use to help develop specific procedures for their department or unit. If you have
More informationb. USNH requires that all campus organizations and departments collecting credit card receipts:
USNH Payment Card Industry Data Security Standard (PCI DSS) Version 3 Administration and Department Policy Draft Revision 3/12/2013 1. Purpose. The purpose of this policy is to assist the University System
More informationUniversity of York Policy on the Management of Debit/ Credit Card Data
University of York Policy on the Management of Debit/ Credit Card Data Version 1.0 25th February 2015 Index 1 Introduction and Policy Statement 1.1 The Payment Card Industry Data Security Standard (PCI
More informationFinance Office. Card Handling Policy
Finance Office Card Handling Policy Prepared by: Lyndsay Brown Issued: November 2012 1 Contents Page 1 Introduction 3 2 Responsibility 3 3 The PCI Data Security Standard 3 4 PCI DSS Requirements 4 5 Receiving/
More informationPCI Training for Retail Jamboree Staff Volunteers. Securing Cardholder Data
PCI Training for Retail Jamboree Staff Volunteers Securing Cardholder Data Securing Cardholder Data Introduction This PowerPoint presentation is designed to educate Retail Jamboree Staff volunteers on
More informationPurpose: To comply with the Payment Card Industry Data Security Standards (PCI DSS)
Procedure Credit Card Handling and Security for Departments/Divisions and Elected/Appointed Offices Last Update: January 19, 2016 References: Credit Card Payments Policy Purpose: To comply with the Payment
More informationCredit Card Processing and Security Policy
Credit Card Processing and Security Policy Policy Number: Reserved for future use Responsible Official: Vice President of Administration and Finance Responsible Office: Student Account Services Effective
More informationFinance & Ecommerce Systems
Finance & Ecommerce Systems Prepared by: Colette Elson Issued: November 2013 November 2013 Page 1 Contents Page 1 Introduction 2 Responsibility 3 The PCI Data Security Standard 4 PCI DSS Requirements 5
More informationPCI General Policy. Effective Date: August 2008. Approval: December 17, 2015. Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS:
Effective Date: August 2008 Approval: December 17, 2015 PCI General Policy Maintenance of Policy: Office of Student Accounts PURPOSE: To protect against the exposure and possible theft of account and personal
More informationCash & Banking Procedures
Financial Policies and Procedures Cash & Banking Procedures 1 P a g e Contents 1. Banking Procedures 1.1 Receipt of cash and cheques within a department 1.2 Storage/security of cash and cheques within
More informationUCSD Credit Card Processing Policy & Procedure
UCSD Credit Card Processing Policy & Procedure The Payment Process UCSD accepts Visa, MasterCard, American Express and Discover credit cards. We perform credit transactions only, no debit sales with cash
More informationHuddersfield New College Further Education Corporation
Huddersfield New College Further Education Corporation Card Payments Policy (including information security and refunds) 1.0 Policy Statement Huddersfield New College Finance Office handles sensitive cardholder
More informationPayment Cardholder Data Handling Procedures (required to accept any credit card payments)
Payment Cardholder Data Handling Procedures (required to accept any credit card payments) Introduction: The Procedures that follow will allow the University to be in compliance with the Payment Card Industry
More informationInformation Technology
Credit Card Handling Security Standards Overview Information Technology This document is intended to provide guidance to merchants (colleges, departments, organizations or individuals) regarding the processing
More informationTERMINAL CONTROL MEASURES
UCR Cashiering & Payment Card Services TERMINAL CONTROL MEASURES Instructions: Upon completion, please sign and return to cashandmerchant@ucr.edu when requesting a stand-alone dial up terminal. The University
More informationSaint Louis University Merchant Card Processing Policy & Procedures
Saint Louis University Merchant Card Processing Policy & Procedures Overview: Policies and procedures for processing credit card transactions and properly storing credit card data physically and electronically.
More informationUniversity Policy Accepting and Handling Payment Cards to Conduct University Business
BROWN UNIVERSITY University Policy Accepting and Handling Payment Cards to Conduct University Business Table of Contents Purpose... 2 Scope... 2 Authorization... 2 Establishing a new account... 2 Policy
More informationEMV and Small Merchants:
September 2014 EMV and Small Merchants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service
More informationFraud Minimisation Guide ANZ Merchant Business Solutions
Fraud Minimisation Guide ANZ Merchant Business Solutions INTRODUCTION Fraud can occur in and is a risk for any business that accepts credit cards and it can have a significant financial impact on your
More informationPCI DSS Security Awareness Training for University of Tennessee Credit Card Merchants. UT System Administration Information Security Office
PCI DSS Security Awareness Training for University of Tennessee Credit Card Merchants UT System Administration Information Security Office Agenda Overview of PCI DSS Compliance versus Non-Compliance PCI
More informationThe Merchant. Skimming is No Laughing Matter. A hand held skimming device. These devices can easily be purchased online.
1 February 2010 Volume 2, Issue 1 The Merchant Serving Florida State University s Payment Card Community Individual Highlights: Skimming Scam 1 Skimming at Work 2 Safe at Home 3 Read your Statement 4 Useful
More informationHeartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development
A Heartland Payment Systems White Paper 2014 Heartland Secure. By: Michael English Executive Director, Product Development 2014 Heartland Payment Systems. All trademarks, service marks and trade names
More informationPAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI) Affordable ~ Clean ~ Safe ~ Simple ~ Flexible
PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI) Affordable ~ Clean ~ Safe ~ Simple ~ Flexible 2 PCI Compliance What does PCI stand for? Payment Card Industry Data Security Standard Data Security Standards
More informationViterbo University Credit Card Processing & Data Security Procedures and Policy
The requirements for PCI-DSS compliance are quite numerous and at times extremely complicated due to their interdependent nature and scope. The University has deemed it necessary for those areas currently
More informationEMV EMV TABLE OF CONTENTS
2 TABLE OF CONTENTS Intro... 2 Are You Ready?... 3 What Is?... 4 Why?... 5 What Does Mean To Your Business?... 6 Checklist... 8 3 U.S. Merchants 60% are expected to convert to -enabled devices by 2015.
More informationPAYMENT SECURITY. Best Practices
PAYMENT SECURITY Best Practices At VeriFone, the protection of cardholder information is a top priority. To ensure merchants have secure payment solutions for their customers, and to help protect merchants
More informationVisa global Compromised Account
Visa global Compromised Account RECOVERY PROGRAM WHAT EVERY MERCHANT SHOULD KNOW ABOUT GCAR WHAT EVERY MERCHANT SHOULD KNOW ABOUT GCAR WHAT The Visa Global Compromised Account Recovery (GCAR) program offers
More informationUniversity of Liverpool
University of Liverpool Card Payment Policy Reference Number Title Version Number 1.0 Document Status Document Classification FIN-001 Card Payment Policy Active Public Effective Date 03 June 2014 Review
More informationBe Safe, Smart and Secure: Simple Ways to Protect Your Identity and Your Money
Be Safe, Smart and Secure: Simple Ways to Protect Your Identity and Your Money Cards protect you and your money Electronic payment cards are one of the safest and most secure ways to purchase goods and
More informationBUSINESS POLICY. TO: All Members of the University Community 2012:12. CREDIT CARD PROCESSING AND SECURITY POLICY (Supersedes Policy 2009:05)
BUSINESS POLICY TO: All Members of the University Community 2012:12 DATE: April 2012 CREDIT CARD PROCESSING AND SECURITY POLICY (Supersedes Policy 2009:05) Contents Section 1 Policy Statement... 2 Section
More informationAIB Merchant Services AIB Merchant Services Quick Reference Guide Ingenico
AIB Merchant Services AIB Merchant Services Quick Reference Guide Ingenico AIB Merchant Services AIBMS Quick Reference Guide This quick reference guide has been designed to answer the most common queries
More informationCREDIT CARD SECURITY POLICY PCI DSS 2.0
Responsible University Official: University Compliance Officer Responsible Office: Business Office Reviewed Date: 10/29/2012 CREDIT CARD SECURITY POLICY PCI DSS 2.0 Introduction and Scope Introduction
More informationROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY. Processing Electronic Card Payments
ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY Processing Electronic Card Payments Introduction and Policy Aim The Payment Card Industry Data Security Standard (PCI-DSS) is a worldwide information
More informationManaged Hosting & Datacentre PCI DSS v2.0 Obligations
Any physical access to devices or data held in an Melbourne datacentre that houses a customer s cardholder data must be controlled and restricted only to approved individuals. PCI DSS Requirements Version
More informationLSE PCI-DSS Cardholder Data Environments Information Security Policy
LSE PCI-DSS Cardholder Data Environments Information Security Policy Written By: Jethro Perkins, Information Security Manager Reviewed By: Ali Lindsley, PCI-DSS Project Manager Endorsed By: PCI DSS project
More informationEMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems
October 2014 EMV and Restaurants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service marks
More informationTREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS
TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS 1. Introduction Debit and Credit Card Receipt Standards apply to the administration
More informationPayment Card Industry Data Security Standard (PCI DSS)
Payment Card Industry Data Security Standard (PCI DSS) What is PCI SSC? A 12 year old independent industry standards body providing oversight of the development and management of Payment Card Industry
More informationEAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )
EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy ) Background Due to increased threat of identity theft, fraudulent credit card activity and other instances where cardholder
More informationPIN Pad Security Best Practices v2. PIN Pad Security Best Practices
PIN Pad Security Best Practices Introduction The payment industry and card associations adopted PED and PCI PED requirements because of concerns that sophisticated criminal organizations may have the resources
More informationLangara College PCI Awareness Training
Langara College PCI Awareness Training Have you heard of PCI? Due to the increase of credit card fraud and identity theft, major credit card companies like Visa, MasterCard and Amex have formed a security
More informationREGULATIONS FOR SALES PAID BY CARD SALES IN SHOP (Card Present) (May 2015)
REGULATIONS FOR SALES PAID BY CARD SALES IN SHOP (Card Present) (May 2015) These regulations, the "Shop Regulations", apply to sales paid by Card through the use of a Terminal. The Shop Regulations comprise
More informationPolicies and Procedures. Merchant Card Services Office of Treasury Operations
Policies and Procedures Merchant Card Services Office of Treasury Operations 1 Welcome! Table of Contents: Introduction Establishing Payment Card Services Payment Card Acceptance Procedures Payment Card
More informationPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Merchants with Only Imprint Machines or Only Standalone, Dial-out Terminals Electronic Cardholder
More informationHow to Help Prevent Fraud
TD Canada Trust How to Help Prevent Fraud Merchant Services tips to help protect your business Fraud Awareness All credit cards issued in Canada are designed with special security features to help deter
More information. Merchant Accounts are special bank accounts issued by a merchant. . Merchant Level: This classification is based on transaction volume.
Credit Card Procedures and Policies Texas A&M Health Science Center offers university departments the convenience of accepting credit cards in payment for goods and services provided. All University departments
More informationPolicy for Protecting Customer Data
Policy for Protecting Customer Data Store Name Store Owner/Manager Protecting our customer and employee information is very important to our store image and on-going business. We believe all of our employees
More informationFailure to follow the following procedures may subject the state to significant losses, including:
SUBJECT: Policy and Procedures PAGE: 1 of 5 INTRODUCTION During fiscal year 2014, State of Wisconsin agencies accepted approximately 6 million credit/debit card payments through the following payment channels:
More informationMerchant Services. How to help protect your business
Please immediately report any suspicious activity involving credit card or debit card use to TD Merchant Services at 1-800-6-116 For more information, visit www.tdmerchantservices.com Merchant Services
More informationAUSTRALIAN PAYMENTS FRAUD DETAILS AND DATA
Australian Payments Clearing Association AUSTRALIAN PAYMENTS FRAUD DETAILS AND DATA 214 Australian Payments Clearing Association Limited ABN 12 55 136 519 CONTENTS OVERVIEW 1 SECTION 1 Fraud rates 4 SECTION
More information2.1.2 CARDHOLDER DATA SECURITY
University of Oxford Finance Division FINANCIAL POLICY 2.1.2 CARDHOLDER DATA SECURITY Date: 21 March 2013 Version: 2.1.2 Status: Approved Author: Simon Blee Bridget Midwinter TABLE OF CONTENTS Page EXECUTIVE
More informationMobile PayWay. User guide
Mobile PayWay User guide The following help desks and authorisation centres are available to you 24 hours a day, 7 days a week. St.George Electronic Banking Service Centre Service and Sales Support Help
More informationPAYMENT CARD INDUSTRY (PCI) COMPLIANCE WORKBOOK. PCI SAQ TYPE B Level 4. Virtual Terminals
COAST GUARD MORALE WELL-BEING AND RECREATION (MWR) PROGRAM PAYMENT CARD INDUSTRY (PCI) COMPLIANCE WORKBOOK PCI SAQ TYPE B Level 4 Virtual Terminals 31 December 2014 COPYRIGHT NOTICE Copyright 2008-2014
More informationFraud - Preparing Data Card Transactions
Liverpool Hope University PCI DSS Policy Document Control Date Revision/Amendment Details & Reason Author 26 th March 2015 Updates G. Donelan 23 rd June 2015 Audit Committee 7 th July 2015 University Council
More informationActorcard Prepaid Visa Card Terms & Conditions
Actorcard Prepaid Visa Card Terms & Conditions These Terms & Conditions apply to your Actorcard prepaid Visa debit card. Please read them carefully. In these Terms & Conditions: "Account" means the prepaid
More informationHow To Control Credit Card And Debit Card Payments In Wisconsin
BACKGROUND State of Wisconsin agencies accepted more than 6 million credit/debit card payments annually through the following payment channels: Point of Sale (State agency location) Point of Sale (Retail-agent
More informationCREDIT CARD PROCESSING & SECURITY POLICY
FINANCE AND TREASURY POLICIES AND PROCEDURES E071 CREDIT CARD PROCESSING & SECURITY POLICY PURPOSE The purpose of this policy is to establish guidelines for processing charges/credits on Credit Cards to
More informationUniversity of Sunderland Business Assurance PCI Security Policy
University of Sunderland Business Assurance PCI Security Policy Document Classification: Public Policy Reference Central Register IG008 Policy Reference Faculty / Service IG 008 Policy Owner Chief Financial
More informationEASTERN OKLAHOMA STATE COLLEGE ACCEPTING AND HANDLING CREDIT AND DEBIT CARD PAYMENTS POLICIES AND PROCEDURES
EASTERN OKLAHOMA STATE COLLEGE ACCEPTING AND HANDLING CREDIT AND DEBIT CARD PAYMENTS POLICIES AND PROCEDURES This document describes Eastern Oklahoma State College s policy and procedures for the proper
More informationFORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY
FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY Page 1 of 6 Summary The Payment Card Industry Data Security Standard (PCI DSS), a set of comprehensive requirements for enhancing payment account
More informationUniversity Policy Accepting Credit Cards to Conduct University Business
BROWN UNIVERSITY University Policy Accepting Credit Cards to Conduct University Business Purpose Brown University requires all departments that are involved with credit card handling to do so in compliance
More informationPCI DSS SECURITY AWARENESS
PCI DSS SECURITY AWARENESS Annual Education Module James Madison University University Business Office Compliance Specialist TRAINING AUDIENCE The following training module should be completed by all University
More informationCOLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL
PAYMENT CARD INDUSTRY COMPLIANCE (PCI) Effective June 1, 2011 Page 1 of 6 (1) Definitions a. Payment Card Industry Data Security Standards (PCI-DSS): A set of standards established by the Payment Card
More informationPCI Compliance Security Awareness Program For Marine Corps Community Services Contacts: Paul Watson
PCI Compliance Security Awareness Program For Marine Corps Community Services Contacts: Paul Watson Overview What is PCI? MCCS Compliance PCI DSS Technical Requirements MCCS Information Security Policies
More informationWhy Data Security is Critical to Your Brand
Why Data Security is Critical to Your Brand Why security is critical to your brand Cybercriminals do not discriminate based on industry or business size. Security is expensive. At least, it is if you wait
More informationAppendix 1 Payment Card Industry Data Security Standards Program
Appendix 1 Payment Card Industry Data Security Standards Program PCI security standards are technical and operational requirements set by the Payment Card Industry Security Standards Council to protect
More informationPCI and EMV Compliance Checkup
PCI and EMV Compliance Checkup ATM Security Jim Pettitt Director, ATM Security Diebold Incorporated Agenda ATM threats today Top of mind risk PCI Impact on Security U.S. EMV Migration Conclusions / recommendations
More informationFraud Protection, You and Your Bank
Fraud Protection, You and Your Bank Maximize your chances to minimize your losses Presentation for Missouri GFOA April 2011 By: Terry Endres, VP, Government Treasury Solutions Phone: 314-466-6774 Terry.m.endres@baml.com
More informationUniversity of Virginia Credit Card Requirements
University of Virginia Credit Card Requirements The University of Virginia recognizes that e-commerce is critical for the efficient operation of the University, and in particular for collecting revenue.
More informationPCI Compliance Overview
PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)
More informationMobile PayWay User guide
Mobile PayWay User guide Phone numbers Westpac Merchant Business Solutions Help Desk Service, Sales and Support Card reader difficulties Westpac Key Auth Service Cardholder Behaving Suspiciously Note:
More informationPCI Data Security. Information Services & Cash Management. Contents
PCI Data Security Information Services & Cash Management This self-directed learning module contains information you are expected to know to protect yourself, our patients, and our guests. Target Audience:
More informationSECTION: SUBJECT: PCI-DSS General Guidelines and Procedures
1. Introduction 1.1. Purpose and Background 1.2. Central Coordinator Contact 1.3. Payment Card Industry Data Security Standards (PCI-DSS) High Level Overview 2. PCI-DSS Guidelines - Division of Responsibilities
More informationPCI Policies 2011. Appalachian State University
PCI Policies 2011 Appalachian State University Table of Contents Section 1: State and Contractual Requirements Governing Campus Credit Cards A. Cash Collection Point Approval for Departments B. State Requirements
More informationAccounting and Administrative Manual Section 100: Accounting and Finance
No.: C-13 Page: 1 of 6 POLICY: It is the policy of the University of Alaska that all payment card transactions are to be executed in compliance with standards established by the Payment Card Industry Security
More informationAppendix 1 - Credit Card Security Incident Response Plan
Appendix 1 - Credit Card Security Incident Response Plan 1 Contents Revisions/Approvals... i Purpose... 2 Scope/Applicability... 2 Authority... 2 Security Incident Response Team... 2 Procedures... 3 Incident
More informationCredit Card Handling Security Standards
Credit Card Handling Security Standards Overview This document is intended to provide guidance to merchants (colleges, departments, auxiliary organizations or individuals) regarding the processing of charges
More informationEmerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER
Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER SHAZAM, Senior Vice President Agenda The Ugly Fraud The Bad EMV? The Good Tokenization and Other Emerging Payment Options
More informationPCI (Payment Card Industry) Compliance For Healthcare Offices By Ron Barnett
PCI (Payment Card Industry) Compliance For Healthcare Offices By Ron Barnett Dr. Svenson thought he was doing both his patients and his practice a big favor when he started setting up monthly payment arrangements
More informationFrequently asked questions - Visa paywave
Frequently asked questions - Visa paywave What is Visa paywave? Visa paywave is a new contactless method of payment - the latest evolution in Visa payments. It is a simple, secure and quick payment method
More informationSage ERP MAS I White Paper. Payment Processing Trends, Tips, and Tricks: What You Need to Know
I White Paper What You Need to Know Over the past few years, credit and debit card acceptance has come on the scene as a required payment option. Similarly, the number of customers using credit and debit
More informationPayment Card Industry (PCI) Policy Manual. Network and Computer Services
Payment Card Industry (PCI) Policy Manual Network and Computer Services Forward This policy manual outlines acceptable use Black Hills State University (BHSU) or University herein, Information Technology
More informationMinnesota State Colleges and Universities System Procedures Chapter 5 Administration. Guideline 5.23.1.10 Payment Card Industry Technical Requirements
Minnesota State Colleges and Universities System Procedures Chapter 5 Administration Payment Card Industry Technical s Part 1. Purpose. This guideline emphasizes many of the minimum technical requirements
More informationFrequently Asked Questions
PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply
More informationSales Rep Frequently Asked Questions
V 02.21.13 Sales Rep Frequently Asked Questions OMEGA Processing Data Protection Program February 2013 - Updated In response to a national rise in data breaches and system compromises, OMEGA Processing
More informationGRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY
GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY PURPOSE The Payment Card Industry Data Security Standard was established by the credit card industry in response to an increase in identify theft
More informationNew York University University Policies
New York University University Policies Title: Payment Card Industry Data Security Standard Policy Effective Date: April 11, 2012 Supersedes: N/A Issuing Authority: Executive Vice President for Finance
More informationVisa Tips for Restaurant Staff
Visa Tips for Restaurant Staff Helpful Information and Best Practices for Handling Visa Transactions For U.S. Only When it comes to restaurants, most customers are looking for the same basic things...
More informationMcGill Merchant Manual
McGill Merchant Manual The McGill Merchant Manual is a complementary document to the Merchant (PCI) Policy and Procedures and serves to aid Merchants in ensuring their operations comply with Payment Card
More informationAIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009
AIS Webinar Payment Application Security Hap Huynh Business Leader Visa Inc. 1 April 2009 1 Agenda Security Environment Payment Application Security Overview Questions and Comments Payment Application
More informationCREDIT CARD PROCESSING POLICY AND PROCEDURES
CREDIT CARD PROCESSING POLICY AND PROCEDURES Note: For purposes of this document, debit cards are treated the same as credit cards. Any reference to credit cards includes credit and debit card transactions.
More informationWhat Merchants Need to Know About EMV
Effective November 1, 2014 1. What is EMV? EMV is the global standard for card present payment processing technology and it s coming to the U.S. EMV uses an embedded chip in the card that holds all the
More informationHow To Use Payclip On A Credit Card On A Payclip
TM PayClip User Guide The easy way to accept Visa and MasterCard credit and debit card payments on the spot. Getting started made easy This User Guide gives you all the information you need on how to use
More informationUniversity of Dayton Credit / Debit Card Acceptance Policy September 1, 2009
University of Dayton Credit / Debit Card Acceptance Policy September 1, 2009 Effective Date of this Policy: August 1, 2008 Last Revision: September 1, 2009 Contact for More Information: UDit Internal Auditor
More informationPayment Card Acceptance Administrative Policy
Administrative Procedure Approved By: Brandon Gilliland, Associate Vice President for Finance & Controller Effective Date: October 1, 2014 History: Approval Date: September 25, 2014 Revisions: Type: Administrative
More information