Agent Registration. Program Guide. (For use in Asia Pacific, Central Europe, Middle East, Africa)

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Agent Registration. Program Guide. (For use in Asia Pacific, Central Europe, Middle East, Africa)"

Transcription

1 Agent Registration Program Guide (For use in Asia Pacific, Central Europe, Middle East, Africa) Version 1 April 2014

2 Contents 1 INTRODUCTION ABOUT THIS GUIDE WHO NEEDS TO BE REGISTERED? WHY IS IT NECESSARY TO REGISTER THE AGENT? IMPLICATIONS FOR VISA CLIENT BANKS REGISTRATION PROCESS REGISTRATION PROCESS WHEN TO REGISTER? HOW TO ACCESS THE VMM SYSTEM? REGISTRATION FEES REGISTRATION NON-COMPLIANCE OTHER COMPLIANCE REQUIREMENTS VISA COMPLIANCE PROGRAMS FREQUENTLY ASKED QUESTIONS REFERENCES VISA GLOBAL REGISTRY OF SERVICE PROVIDER WEBSITE FOR GLOBAL VISA ONLINE ACCESS APPLICATION FOR PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI DSS) VISA RISK MANAGEMENT WEBSITE CONTACT GLOSSARY Visa Public 2

3 1 Introduction 1.1 About This Guide Agents can be an effective resource for Visa clients to use when managing their acquiring and issuing programs. This document explains the Agent registration requirements for Visa clients and their agents. The Agent Registration Program is a Visa-mandated program enacted to ensure that Visa clients are in compliance with Visa International Operating Regulations ( VIOR ) and policies regarding their use of Agents. Visa clients are required to perform due diligence reviews to ensure that they understand the Agent s business model, financial conditions, background and Payment Card Industry Data Security Standard (PCI DSS) compliance status (where applicable). Visa s Agent registration program is intended to help the clients and agents: understand their accountabilities and responsibilities to the Visa payment system; ensure their compliance with the Visa International Operating Regulations (VIOR) and regional operating regulation. These guidelines for Agent Registration should serve as a reference for Visa clients and agents when outsourcing Visa payment-related services to Agents within and outside the Asia-Pacific (AP) and Central Europe, Middle East, Africa (CEMEA) regions. Agent registration is required for all entities that provide Visa payment-related services, directly or indirectly, to a Visa client (or on behalf of their merchants). Information contained in the latest version of this guide will replace previous versions. The guide is intended for use by Visa clients. Visa Public 3

4 1.2 Who needs to be registered? Generally, an Agent is an entity engaged to provide Visa payment-related services, directly or indirectly, to a Visa client. An Agent can be a VisaNet Processor (VNP), Third Party, or both. A VisaNet Processor (VNP) is a Visa client or Visa-approved non-visa client that is directly connected to VisaNet and provides Authorization, Clearing, Settlement, or payment-related processing services for merchants or other Visa clients. A Third Party Agent (TPA) is an entity, not defined as a VisaNet Processor, that provides payment-related services, directly or indirectly, to a Visa client and/or stores, transmits, or processes cardholder data. Third parties include: Independent Sales Organization (ISO) Encryption Support Organization (ESO) Third Party Servicer (TPS) Third Party Servicer PIN (TPS-PIN) Merchant Servicer (MS) Corporate Franchise Servicer (CFS) Payment Facilitator (PF) High Risk Internet Payment Service Provider (HRIPSP) Distribution Channel Vendor (DCV) Instant Card Personalization Issuance Agent (ICPIA) Dynamic Currency Conversion (DCC) 3-D Secure Access Control Server (ACS) A TPA does not include: Exemption: Co-brand partners Vendors listed on the list of Visa Approved Vendors (available from Visa Online) A TPA is exempted from the registration requirement and any associated fees if it provides services only on behalf of its affiliates (includes parents and subsidiaries) and those affiliates are Visa clients that own and control at least 25 percent of the TPA. Visa Public 4

5 1.3 Why is it necessary to register the agent? Compliance with VIOR Under the Visa International Operating Regulations (VIOR), the Visa client has an obligation to register agents with Visa. Agent Relationship The Agent Registration database provides Visa and Visa clients with records of agent relationships. This will help ensure that any obligations and liabilities as required by the VIOR relating to activities performed by the agents are recognized and are clearly associated to a Visa client. Risk Controls and Brand Protection It is the client s responsibility and liability to monitor the practices of its agents. Visa clients are responsible that their agents comply with the relevant standards and requirements, as specified in the VIOR and in the Third Party Agent Due Diligence Risk Standards (a copy can be downloaded from the TPA website). This reduces the risk to Visa, Visa clients, and Visa cardholders from brand damage and financial losses due to agent compromises, operational errors, contractual issues, or other non-compliance with VIOR. 1.4 Implications for Visa Client Banks Visa client banks must ensure that their agents are PCI DSS compliant and adhere to all Visa operating rules. If their agents have directly registered with Visa under the program, Visa will collect the annual PCI DSS attestations directly from the agents. For agents that have not registered directly with Visa, Visa clients will have to submit to Visa the required attestation documents on their behalf. Issuers and acquirers also remain responsible to perform due diligence prior to engaging any agent and execute a written contract with each agent that performs cardholder or merchant solicitations and/or stores, processes, or transmit cardholder or transaction data on behalf of the bank. If the agent is contracted by the acquirers merchant, the acquirer remains responsible to conduct the appropriate due diligence and ensure that the merchant and their agents comply with the relevant Visa and industry requirements. Visa Public 5

6 2 Registration Process 2.1 Registration Process A Visa client using a VisaNet Processor or Third Party Agent must: Step 1: Step 2: Complete due diligence of the VisaNet Processor or Third Party Agent Register the agent via the Visa Membership Management (VMM) system, a web-based workflow tool, which will replace the paper-based agent registration process, including the Exhibit 5E form. Client will receive an automated acknowledgement once the registration is completed. Visa s acknowledgement of the registration does not imply that Visa approves or endorses the relationship with the agent, or that the agent complies with Visa requirements. Acceptance or rejection of any application shall be in Visa s sole discretion. Visa reserves the right to reject any application for any or no reason. 2.2 When to register? BEFORE: Visa clients are required to properly register their VisaNet Processor or Third Party Agent with Visa before the entity provides Visa paymentrelated services for the client. AFTER: Visa clients are required to notify Visa when: Designating additional services for the agent. Terminating the contract with the agent Change of status of the agent, e.g. Change of Ownership and Name of entity (due to acquisition, merger, etc.) Change of Address (due to relocation, addition or closure of additional site within the same country) Visa Public 6

7 Change of Visa payment-related services Visa clients are required to notify Visa of any change of status within 5 business days of the change. 2.3 How to access the VMM System? Visa client must first be enrolled with a Visa Online (VOL) Login ID Visit the following link for access to Global Visa Online: o You will need to register as a user of VMM as a Submitter or an Officer: o o Submitter an employee of the institution that generally is not an Officer. A Submitter is granted access in the system, to create (but not approve) cases in the system. The submitter submits the case to the Officer for approval before it is forwarded to Visa. Officer an employee of the institution who is granted access in the system, to submit and approve changes, additions and terminations. Generally, the Officer is the one who will forward the case to Visa. Every institution must designate at least one Officer. The submitter role is not compulsory. Visa Public 7

8 3 Registration Fees Effective 1 July 2013, Visa clients will be billed a registration fee for agents who prior to 1 July 2013, are not registered with Visa. Effective 1 July 2014, Visa clients will be billed an annual renewal fee. The chart below demonstrates the fees by TPA type: TPA Type Fees ISO/PF/HRIPSP $5,000 ESO/TPS/DCC/MS and all other TPAs $500 Clients in Japan and Korea will not be affected by this pricing. For listing of third party agents in Japan and Korea, contact Visa will bill Principal clients for third party agents registered by the credit unions, associate members or any other underlying financial institutions they sponsored. Visa Public 8

9 4 Registration Non-Compliance A Visa client may be subjected to fines starting at US$10,000 for the first violation in the following situations: Using a Third Party Agent or VisaNet Processor that has not been registered Using a Third Party Agent or VisaNet Processor that fails to comply with the VIOR. The schedule of fines is specified in the VIOR. Visa Public 9

10 5 Other Compliance Requirements 5.1 Visa Compliance Programs Depending on the Visa payment-related services the agent provides, Visa may require the agent to comply with one or more of Visa s compliance programs. The table below outlines the applicable Visa program and compliance standards per payment-related service. The compliance standards can be downloaded from Global Visa Online. Payment-related Service Process Verified by Visa passwords Any Agent that that stores, processes and/or transmits: - Visa Account Numbers - CVV, CVV2, icvv2 - Other cardholder data Processes PINs for Visa Transactions Instant Card Issuance personalization Warehousing, packaging, distribution of prepaid cards (Distribution Channel Vendors) Visa Program Compliance Access Control Server (ACS) Account Information Security Program (AIS) PIN Security Program Instant Card Issuance Program (ICIP) Approved Vendor Program (optional) 1 Applicable Security Standards PCI Data Security Standards 3-D Secure Security Requirements - Enrollment and Access Control Servers PCI Data Security Standards PCI PIN Security Standards Visa Global Instant Card Personalization Issuance Security Standards Visa Global Physical Security Validation Requirements for Data Preparation, Encryption Support and Fulfillment Card Vendors After registration, a Visa program manager will contact the Visa client to discuss compliance validation of the Agent. The Visa client is expected to complete the necessary due diligence of the Agent to ensure the Agent complies with the VIOR and the applicable security standards prior to Agent registration with Visa. 1 It is up to the Visa client and the Agent if they want the Agent to be enrolled and reviewed annually via the Visa Approved Vendor Program. Approved Vendor Program participation is not mandatory. Visa Public 10

11 6 Frequently Asked Questions Q: What is the Agent Registration Program? A: The Agent Registration Program is a Visa-mandated program enacted to ensure that Visa clients are in compliance with Visa Inc. Operating Regulations ( Visa rules ) and policies regarding their use of Agents. Q: What is a Third Party Agent or TPA? A: A Third Party Agent (also referred to as TPA ) is an entity, not directly connected to VisaNet, that provides payment-related services, directly or indirectly, to a Visa client (or their merchants) and/or stores, processes or transmits Visa account numbers. TPAs perform multiple functions on the issuing and acquiring side of a Visa client s business. Each function performed by the TPA must be registered by each Visa client that is utilizing those services. TPA functions that require registration are listed under item 1.3 of this guideline. Depending on the function the TPA performs, the TPA may be required to be approved under one or many of Visa s compliance programs. Visa clients will be notified by the individual program owner for further follow-up. Q: Why do I need to register agents? A: Visa wants to ensure that clients attest to having completed the required due diligence reviews, and that they are engaged with agents in a manner that is compliant with the VIOR. Q: Who needs to be registered? A: Agent registration is required for all entities performing solicitation activities and/or storing, processing or transmitting Visa account numbers for Visa clients (or on behalf of their merchants). Clients must register all agents regardless of whether the agent has registered directly with Visa via the Visa Global Registry of Service Provider program. Visa client may be assessed a fine per Agent for not registering an Agent. Q: Who can register agents? A: Only Visa clients can register agents (including any agents their merchants are utilizing). Visa Public 11

12 Q: How does a Visa client register an agent? A: Effective January 2012, Visa clients can register their agents via the VMM system, a web-based workflow tool, which will replace the current paper-based agent registration process, including the Exhibit 5E form. Q: How do I access VMM? A: 1. You must first be enrolled with a Visa Online (VOL) login ID. 2. Click the following link for access to Global Visa Online: o 3. You will need to register as a user of VMM as a Submitter or an Officer: o o Submitter an employee of the institution that generally is not an Officer. A Submitter is granted access in the system, to create (but not approve) cases in the system. The submitter submits the case to the Officer for approval before it is forwarded to Visa. Officer an employee of the institution who is granted access in the system, to submit and approve changes, additions and terminations. Generally, the Officer is the one who will forward the case to Visa. Every institution must designate at least one Officer. The submitter role is not compulsory. Q: Can I continue to use the current paper-based registration process, including the Exhibit 5E form? A: All clients are required to register agents using VMM. Registration request submitted using the Exhibit 5E form will be rejected, and clients will need to resubmit their registration using VMM. There is an exception for clients using another client VisaNet Processor acting as service provider to continue use of Exhibit 5E form to register the relationship. Q: How do I know my registration is accepted? A: Upon completion of the registration, a confirmation letter will arrive via to the Officer of the institution. Visa Public 12

13 Q: What is the Visa client s responsibility in relation to agents? A: Visa clients are responsible for their agents; therefore, a Visa client must perform its own due diligence and weigh the operational and financial risks of utilizing the Agent. Visa clients are responsible for ensuring that their agents comply with PCI DSS (where applicable) and Visa International Operating Regulations. Visa clients may be subject to fines and penalties for any agent found to be out of compliance with the PCI DSS or VIOR. Q: Prior to registering an agent, what due diligence must a Visa client perform? A: Visa provides a minimum due diligence standard that all Visa clients must perform prior to registering an agent. Visa s minimum standard includes basic background, financial and operational reviews. However, each Visa client is encouraged to increase the scope of review based on the agent business type, services performed, relative program risk, Visa account data held or processed and the individual Visa client s internal risk appetite and requirements. Q: Can a Visa client register an agent before the agent validates PCI DSS compliance? A: Yes, if the Visa client registers an agent prior to the agent validating compliance, the Agent must be contracted with an approved Qualified Security Assessor (QSA), or commit to completing a Self-Assessment Questionnaire (SAQ) and have an expected date of compliance. A list of QSAs can be found at Q: What does an agent have to do to get registered? A: To start the registration process, agents should contact their contracted Visa client. If the agent has a contract with a Visa client s merchant, the agent can pursue two avenues: 1) they can directly contact the merchant s Visa client (usually identified by asking the merchant for their acquiring/merchant bank contact information); or 2) Visa can facilitate the registration by contacting the merchant s Visa client on behalf of the agent. Also, the agent has the option to be listed in the Visa Global Registry of Service Providers if they are PCI DSS compliant and registered by at least one Visa client. The Registry is a listing of agents that provide payment-related services to Visa client banks and the merchants. It serves as a source of reference for Visa client banks and merchants when selecting agents for outsourcing Visa payment-related services. For more information, please visit Visa Public 13

14 7 References 7.1 Visa Global Registry of Service Provider Website For Global Visa Online access application For Payment Card Industry Data Security Standards (PCI DSS) Visa Risk Management website Contact For Agent Registration queries, please contact us at Visa Public 14

15 Glossary 3-D Secure Access Control Services (ACS) Account Number Acquirer Agent Application processing services ATM/POS terminal deployment services ATM/POS terminal maintenance services ATM transaction Processing services Attestation of Compliance (AOC) Authorization Provider of a software protocol that enables secure processing of Verified by Visa transactions over the Internet and other networks. The 16-digit number that appears on the front of all valid Visa cards. The number is one of the card security features that should be checked by merchants to ensure that a cardpresent transaction is valid. A member that signs a merchant or disburses currency to a Cardholder in a Cash Disbursement, and directly or indirectly enters the resulting Transaction Receipt into Interchange. An entity that acts as a VisaNet Processor (VNP), Third Party, or both. A Third Party that processes applications for Visa cards on behalf of the issuer. A Third Party that installs ATMs or POS terminals. A Third Party that performs maintenance of ATMs or POS terminals, both hardware and software. A Third Party that processes Visa transactions originating through ATMs. This document, which is maintained by the PCI SSC, denotes who the QSA was that completed the ROC and includes the services that are provided by the entity being reviewed. An office of the entity being reviewed signs this to confirm the accuracy of the ROC. A process where an issuer, a VisaNet Processor, or Stand- In Processing approves a Transaction. This includes: Domestic Authorization International Authorization Offline Authorization Visa Public 15

16 Authorization Center Cardholder Data Chargeback/exception item processing services Customer Service Data warehouse/capture services Distribution Channel Vendor Encryption Support Organization (ESO) Independent Sales Organization (ISO) Facilities established by members in-house or by third party processors to respond to merchants or other members requests for authorizations for transactions or cash disbursements. Data encoded in the card magnetic stripe such as cardholder name, card expiry date, CVV, etc. A Third Party that processes transactions that an Issuer returns to an Acquirer. A Third Party that provides support for cardholder or merchant queries. A Third Party that is a data warehouse that stores or processes cardholder data. An entity responsible for packaging, storage and shipping of pre-manufactured, commercially ready Visa Products (e.g. warehouses, wholesalers, card packagers, logistic companies). Pre-manufactured, commercially ready refers to non-personalized Visa products that have already been manufactured, encoded, and embossed/printed and are ready for sale or distribution to Cardholders. An entity that maintains a business relationship with a Plus/Interlink client that includes: Loading or injecting encryption keys into ATMs, terminals or PIN Pads and kiosks. Loading software into a terminal or ATM which will accept Visa branded cards. Merchant help desk support, including reprogramming of terminal software. Entities using vendor supplied Remote Key Distribution techniques must ensure that such vendors are registered with Visa as ESOs. An organization that has a direct relationship with issuing and/or acquiring clients. Clients contract with ISOs to provide specific services such as merchant solicitation, cardholder solicitation, customer service and card application processing ISOs act on behalf of Visa clients to deploy and/or service qualified ATMs, solicits other entities Visa Public 16

17 (i.e. merchant, corporate members, government entities etc.) to sell, activate or load prepaid cards. Issuer Instant Card Personalization A member that issues Visa Cards, Visa Electron Cards, or Proprietary Cards bearing the Plus Symbol, and whose name appears on the Card as the issuer (or, for Cards that do not identify the issuer, the member that enters into the contractual relationship with the Cardholder). The ability to instantly personalize Visa cards as the customer waits or to respond immediately to the request for an emergency replacement of a cardholder s lost or stolen card. Instant Card Issuance services Key management Loyalty program management A Third Party that performs instant card personalization and issuance for the issuer. The generation, transmission, storage, loading, safeguarding, use, and replacement of keys in a cryptography system. A Third Party that provides management services for a Visa Clients loyalty program and has access to cardholder data. Mail Order/ Telephone Order Merchant (MO/TO) Managed Services Merchant Merchant Agreement Business where the primary or a major source of income comes from merchandise or services sold by mail to telephone. Such transactions are frequently charged to customers payment card accounts. Services that are provided or facilitated by the CFS agent over centralized or hosted network environments to the franchisees such as property management systems, inventory control systems, menu distribution systems, etc A principal or entity entering into a card acceptance agreement with a Visa member financial institution. A contract between a merchant and an acquirer containing their respective rights, duties, and obligations for participation in the acquirer s Visa or Visa Electron Program. Visa Public 17

18 Merchant Servicer (MS) Merchant Training Services Payment Gateway Payment Facilitator (previously known as Payment Service Provider) An organization that stores, processes, or transmits Visa account numbers on behalf of the member s merchant. A Merchant Servicer has a contract with a client s merchant (although not necessarily with the client) and provides specific merchant services (e.g. online shopping carts, payment gateways, hosting facilities, data storage, and authorization and/or clearing and settlement messages). A Third Party who provides terminal, fraud, or card acceptance training for merchants. A system that provides electronic commerce services to merchants for the Authorization and Clearing of Electronic Commerce Transactions. An entity that stores, processes or transmits cardholder data and contracts with an Acquirer to provide payment services to a Sponsored Merchant. Includes all commerce type aggregation, including face-toface in addition to e-commerce merchant aggregation. Personal Identification Number (PIN) PIN transaction processing at POS Terminal Prepaid Card Prepaid solicitation, sales, activation, and/or loading Remittance Processing Risk reporting/control services Settlement A personal identification alpha or numeric code that identifies a cardholder in an Authorization Request originating at a terminal with Authorization-Only or Data Capture-Only Capability. A Third Party that processes Visa transactions containing PINs originating from Point-of-Sale (POS) terminals A card used to access funds in a Prepaid Account or a card where monetary value is stored on a Chip. A Third Party that distributes prepaid Visa cards to merchants or end sellers, provides prepaid activation or load services. A Third Party who processes money transfer transactions between one individual to another. A Third Party who provides transaction screening to identify risks or fraudulent transactions and has access to cardholder data. The reporting and transfer of Settlement Amounts owed by Visa Public 18

19 one Client to another, or to Visa, as a result of Clearing. Statement Processing and/or printing A Third Party who processes cardholder data for the purposes of printing cardholder statements or actually prints the statements. Solicitation A Third Party that solicits for new cardholders or merchants. Switching A Third Party that processes Visa transactions and routes the transactions from the merchant to the issuer of the card. Third Party A Third Party is a non-visa client that is not directly connected to VisaNet and provides payment-related services, directly or indirectly, to a Visa client. V.I.P. System VisaNet Integrated Payment System. The Online processing component of VisaNet. Visa Client An organization which is a client of Visa and which issues cards and/or signs merchants. VisaNet The systems and services, including the V.I.P. System, Visa Authorization, European Customized Services, and BASE II, through which Visa delivers Online Financial Processing, Authorization, Clearing, and Settlement services to members. VisaNet Processor (VNP) An entity that is directly connected to VisaNet and provides authorization, clearing, or settlement services to merchants and/or clients. Visa Public 19

Agent Registration. Program Guidelines. (For use in Asia Pacific, Central Europe, Middle East and Africa)

Agent Registration. Program Guidelines. (For use in Asia Pacific, Central Europe, Middle East and Africa) (For use in Asia Pacific, Central Europe, Middle East and Africa) January 2012 Contents 1 INTRODUCTION... 3 1.1 BACKGROUND... 3 1.2 PURPOSE OF DOCUMENT... 4 1.3 WHO NEEDS TO BE REGISTERED?... 5 1.4 WHY

More information

THIRD PARTY AGENT REGISTRATION PROGRAM

THIRD PARTY AGENT REGISTRATION PROGRAM THIRD PARTY AGENT REGISTRATION PROGRAM Frequently Asked Questions For the U.S., Canada and Latin America & Caribbean Regions General Information Q. What is the Third Party Agent Registration Program? A.

More information

Guide to Visa Inc. Agents

Guide to Visa Inc. Agents Guide to Visa Inc. Agents AGENT VisaNet Processor Third Party Agent Client Acquiring VNP PF HRIPSP DCC ESO Client VNP acting as Service Provider ISO DCV Third Party VNP ISO-Merchant ICPIA ISO-Cardholder

More information

Third Party Agent Registration Program Frequently Asked Questions

Third Party Agent Registration Program Frequently Asked Questions Third Party Agent Registration Program Frequently Asked Questions U.S., Canada and Latin America & Caribbean Regions General Information What is the Third Party Agent Registration Program? The Third Party

More information

Registry of Service Providers

Registry of Service Providers Registry of Service Providers Program Guide Contents 1 2 1.1 What is the Registry of Service Providers? 2 1.2 Who can register? 3 1.3 Why register with Visa? 3 1.4 Implications for Visa Clients 4 2 5 2.1

More information

Guide to Visa Inc. Agents

Guide to Visa Inc. Agents Guide to Visa Inc. Agents AGENT VisaNet Processor Third Party Agent PF DCC Client Acquiring VNP HRIPF ESO Client VNP acting as Service Provider ISO-Merchant ISO DCV ICPIA Third Party VNP ISO-Cardholder

More information

Third Party Agent (TPA) Registration Program - TPA Types and Functional Descriptions

Third Party Agent (TPA) Registration Program - TPA Types and Functional Descriptions Third Party Agent (TPA) Registration Program - TPA Types and Functional Descriptions Independent Sales Organizations (ISO) ISO Merchant (ISO M) Conducts merchant account or transaction processing solicitation,

More information

Third Party Agent Registration and PCI DSS Compliance Validation Guide

Third Party Agent Registration and PCI DSS Compliance Validation Guide Visa Europe Third Party Agent Registration and PCI DSS Compliance Validation Guide May 2016 Version 1.3 Visa Europe 2015 Contents 1 Introduction... 4 1.1 Definitions of Agents... 4 2 Registration Process...

More information

Registration and PCI DSS compliance validation

Registration and PCI DSS compliance validation Visa Europe A Guide for Third Party Agents Registration and PCI DSS compliance validation October 2015 Version 1.1 Visa Europe 2015 Contents 1 Introduction... 4 1.1 Definitions of Agents... 4 2 Registration

More information

Frequently Asked Questions

Frequently Asked Questions PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply

More information

PCI Compliance Overview

PCI Compliance Overview PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)

More information

University Policy Accepting Credit Cards to Conduct University Business

University Policy Accepting Credit Cards to Conduct University Business BROWN UNIVERSITY University Policy Accepting Credit Cards to Conduct University Business Purpose Brown University requires all departments that are involved with credit card handling to do so in compliance

More information

Your Compliance Classification Level and What it Means

Your Compliance Classification Level and What it Means General Information What are the Payment Card Industry (PCI) Data Security Standards? The PCI Data Security Standards represents a common set of industry tools and measurements to help ensure the safe

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire D Service Providers For use with PCI DSS Version 3.1 Revision 1.1 July 2015 Section 1: Assessment

More information

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS 1. Introduction Debit and Credit Card Receipt Standards apply to the administration

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced Version 3.0 February

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Standard Attestation of Compliance for Self-Assessment Questionnaire D Service Providers Version 3.1 April 2015 Section 1: Assessment Information Instructions for Submission

More information

Frequently Asked Questions

Frequently Asked Questions I ccount Information System (IS) Program Frequently sked Questions Q What is IS? ccount Information Security, or IS, is a Risk Management program by Visa aimed to protect account and/or transaction information

More information

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History

More information

Visa MasterCard Registration Procedures

Visa MasterCard Registration Procedures Effective May Visa Term Definition Registration Requirements Forms Initial Registration Annual Renewal An organization or individual, which is not a Member, whose *Enhanced /Service Provider bankcard-related

More information

A Compliance Overview for the Payment Card Industry (PCI)

A Compliance Overview for the Payment Card Industry (PCI) A Compliance Overview for the Payment Card Industry (PCI) Many organizations are aware of the Payment Card Industry (PCI) and PCI compliance but are unsure if they are doing everything necessary. This

More information

Global PCI DSS Framework. Emöke Bitter Business Leader, Risk Management 26 February 2009

Global PCI DSS Framework. Emöke Bitter Business Leader, Risk Management 26 February 2009 Global PCI DSS Framework Emöke Bitter Business Leader, Risk Management 26 February 2009 Agenda Introduction Merchants Service Providers Registry of Service Providers Payment Applications Resources Information

More information

Visa Account Information Security Tool Kit. Welcome to the Visa Account Information Security Program

Visa Account Information Security Tool Kit. Welcome to the Visa Account Information Security Program Visa Account Information Security Tool Kit Welcome to the Visa Account Information Security Program 2 Contents 1. Securing cardholder data is everyone s concern 4 2. Visa Account Information Security (AIS)

More information

Visa PIN Security Program Webinar May 2015. Alan Low PIN Risk Representative AP and CEMEA. Visa Public

Visa PIN Security Program Webinar May 2015. Alan Low PIN Risk Representative AP and CEMEA. Visa Public Visa PIN Security Program Webinar May 2015 Alan Low PIN Risk Representative AP and CEMEA Disclaimer The information or recommendations contained herein are provided "AS IS" and are intended to be information

More information

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission

More information

University Policy Accepting and Handling Payment Cards to Conduct University Business

University Policy Accepting and Handling Payment Cards to Conduct University Business BROWN UNIVERSITY University Policy Accepting and Handling Payment Cards to Conduct University Business Table of Contents Purpose... 2 Scope... 2 Authorization... 2 Establishing a new account... 2 Policy

More information

Attestation of Compliance for Onsite Assessments Service Providers

Attestation of Compliance for Onsite Assessments Service Providers Attestation of Compliance Service Providers Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 2.0 October 2010 Instructions for

More information

Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance

Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers Compliant? Bank Name

More information

Account Information Security. Merchant Guide

Account Information Security. Merchant Guide Account Information Security Merchant Guide At Visa, protecting our cardholders is at the core of everything we do. One of the many reasons people trust our brand is that we make buying and selling safer

More information

Merchant Service Group, LLC Compliance Q & A

Merchant Service Group, LLC Compliance Q & A GENERAL ISO INFORMATION 1. What name(s) can an ISO use when selling? * ISO can only solicit using their corporate or DBA name that has been registered and approved with the Associations. * All additional

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other SAQ-Eligible Merchants and Service Providers Version 2.0 October 2010 Document

More information

PCI DSS Compliance. 2015 Information Pack for Merchants

PCI DSS Compliance. 2015 Information Pack for Merchants PCI DSS Compliance 2015 Information Pack for Merchants This pack contains general information regarding PCI DSS compliance and does not take into account your business' particular requirements. ANZ recommends

More information

Payment Card Industry Data Security Standards

Payment Card Industry Data Security Standards Payment Card Industry Data Security Standards The payment card industry data security standard PCI DSS Visa and MasterCard have developed the Payment Card Industry Data Security Standard or PCI DSS as

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Merchants with Only Imprint Machines or Only Standalone, Dial-out Terminals Electronic Cardholder

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Instructions and Guidelines Version 1.1 February 2008 Table of Contents About this Document... 1 PCI Data Security Standard

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission

More information

D. DFA: Mississippi Department of Finance and Administration.

D. DFA: Mississippi Department of Finance and Administration. MISSISSIPPI DEPARTMENT OF FINANCE AND ADMINISTRATION ADMINISTRATIVE RULE PAYMENTS BY CREDIT CARD, CHARGE CARD, DEBIT CARDS OR OTHER FORMS OF ELECTRONIC PAYMENT OF AMOUNTS OWED TO STATE AGENCIES The Department

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.1 April 2015 Section 1: Assessment Information Instructions for Submission

More information

Frequently Asked Questions

Frequently Asked Questions Contents CISP Program Overview... 2 1. To whom does CISP apply?...2 2. What does VISA define as "cardholder data"?...2 3. What if a merchant or service provider does not store Visa cardholder data?...2

More information

Payment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0

Payment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0 Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire C-VT Version 2.0 October 2010 Attestation of Compliance, SAQ C-VT Instructions for Submission

More information

mobile payment acceptance Solutions Visa security best practices version 3.0

mobile payment acceptance Solutions Visa security best practices version 3.0 mobile payment acceptance Visa security best practices version 3.0 Visa Security Best Practices for, Version 3.0 Since Visa s first release of this best practices document in 2011, we have seen a rapid

More information

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 What is the PCI DSS? And what do the acronyms CISP, SDP, DSOP and DISC stand for? The PCI DSS is a set of comprehensive requirements

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission

More information

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating Given recent payment data breaches, clients are increasingly demanding robust security and fraud solutions; and Financial institutions continue to outsource and leverage technology providers given their

More information

FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program

FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program MERCHANTS Can Level 1 merchants currently use internal auditors to perform an onsite assessment? Yes. However, after June 30,

More information

This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected

This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected officials, administrative officials and business managers.

More information

VISA EUROPE ACCOUNT INFORMATION SECURITY (AIS) PROGRAMME FREQUENTLY ASKED QUESTIONS (FAQS)

VISA EUROPE ACCOUNT INFORMATION SECURITY (AIS) PROGRAMME FREQUENTLY ASKED QUESTIONS (FAQS) VISA EUROPE ACCOUNT INFORMATION SECURITY (AIS) PROGRAMME FREQUENTLY ASKED QUESTIONS (FAQS) Q1: What is the purpose of the AIS programme? Q2: What exactly is the Payment Card Industry (PCI) Data Security

More information

AIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009

AIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009 AIS Webinar Payment Application Security Hap Huynh Business Leader Visa Inc. 1 April 2009 1 Agenda Security Environment Payment Application Security Overview Questions and Comments Payment Application

More information

Securing The Data. Payment System Forum Bank Negara Malaysia. 27 th November 2014. Murugesh Krishnan Head of Risk, South & Southeast Asia

Securing The Data. Payment System Forum Bank Negara Malaysia. 27 th November 2014. Murugesh Krishnan Head of Risk, South & Southeast Asia Securing The Data Payment System Forum Bank Negara Malaysia 27 th November 2014 Murugesh Krishnan Head of Risk, South & Southeast Asia Disclaimer Case studies, statistics, research and recommendations

More information

Introduction to PCI DSS Compliance. May 18, 2009 1:15 p.m. 2:15 p.m.

Introduction to PCI DSS Compliance. May 18, 2009 1:15 p.m. 2:15 p.m. Introduction to PCI DSS Compliance May 18, 2009 1:15 p.m. 2:15 p.m. Disclaimer The opinions of the contributors expressed herein do not necessarily state or reflect those of the National Association of

More information

Third Party Risk Management Basics. Webinar. 26 February 2015

Third Party Risk Management Basics. Webinar. 26 February 2015 Third Party Risk Management Basics Webinar 26 February 2015 Stan Hui Payment System Security Oscar Munoz Third Party Risk Roxanne Baumann Third Party Risk Disclaimer The information or recommendations

More information

Attestation of Compliance for Onsite Assessments Service Providers

Attestation of Compliance for Onsite Assessments Service Providers Attestation of Compliance Service Providers Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 2.0 October 2010 Instructions for

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission

More information

PCI Compliance: How to ensure customer cardholder data is handled with care

PCI Compliance: How to ensure customer cardholder data is handled with care PCI Compliance: How to ensure customer cardholder data is handled with care Choosing a safe payment process for your business Contents Contents 2 Executive Summary 3 PCI compliance and accreditation 4

More information

Q: What is PCI? Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)? Q: What are the PCI compliance deadlines?

Q: What is PCI? Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)? Q: What are the PCI compliance deadlines? Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain

More information

PROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN

PROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN PCI Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information

More information

AISA Sydney 15 th April 2009

AISA Sydney 15 th April 2009 AISA Sydney 15 th April 2009 Where PCI stands today: Who needs to do What, by When Presented by: David Light Sense of Security Pty Ltd Agenda Overview of PCI DSS Compliance requirements What & When Risks

More information

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

WHITE PAPER. PCI Basics: What it Takes to Be Compliant WHITE PAPER PCI Basics: What it Takes to Be Compliant Introduction A long-running worldwide advertising campaign by Visa states that the card is accepted everywhere you want to be. Unfortunately, and through

More information

GLOSSARY OF MOST COMMONLY USED TERMS IN THE MERCHANT SERVICES INDUSTRY

GLOSSARY OF MOST COMMONLY USED TERMS IN THE MERCHANT SERVICES INDUSTRY GLOSSARY OF MOST COMMONLY USED TERMS IN THE MERCHANT SERVICES INDUSTRY Acquiring Bank The bank or financial institution that accepts credit and/or debit card payments for products or services on behalf

More information

It is important to note, the payment brands and acquirers are responsible for enforcing compliance, not the PCI council.

It is important to note, the payment brands and acquirers are responsible for enforcing compliance, not the PCI council. PCI FAQ And MYTHS FREQUENTLY ASKED QUESTIONS (FAQ): Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process,

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Payment Card Industry Data Security Standard Abhinav Goyal, B.E.(Computer Science) MBA Finance Final Trimester Welingkar Institute of Management ISACA Bangalore chapter 13 th February 2010 Credit Card

More information

* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.

* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level. Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain

More information

UW Platteville Credit Card Handling Policy

UW Platteville Credit Card Handling Policy UW Platteville Credit Card Handling Policy Issued: December 2011 Revision History: November 7, 2013; July 11, 2014; November 1, 2014; August 24, 2015 Overview: In order for UW Platteville to accept credit

More information

Attestation of Compliance for Onsite Assessments Service Providers

Attestation of Compliance for Onsite Assessments Service Providers Attestation of Compliance Service Providers Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 2.0 October 2010 Instructions for

More information

Attestation of Compliance for Onsite Assessments Service Providers

Attestation of Compliance for Onsite Assessments Service Providers Attestation of Compliance Service Providers Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 2.0 October 2010 Instructions for

More information

Why Is Compliance with PCI DSS Important?

Why Is Compliance with PCI DSS Important? Why Is Compliance with PCI DSS Important? The members of PCI Security Standards Council (American Express, Discover, JCB, MasterCard, and Visa) continually monitor cases of account data compromise. These

More information

FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program

FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program MERCHANTS Can Level 1 merchants currently use internal auditors to perform an onsite assessment? Yes. However, after June 30,

More information

Information Technology

Information Technology Credit Card Handling Security Standards Overview Information Technology This document is intended to provide guidance to merchants (colleges, departments, organizations or individuals) regarding the processing

More information

Office of Finance and Treasury

Office of Finance and Treasury Office of Finance and Treasury How to Accept & Process Credit and Debit Card Transactions Procedure Related Policy Title Credit Card Processing Policy For University Merchant Locations Responsible Executive

More information

What To Do if Compromised. Visa USA Fraud Investigations and Incident Management Procedures

What To Do if Compromised. Visa USA Fraud Investigations and Incident Management Procedures What To Do if Compromised Visa USA Fraud Investigations and Incident Management Procedures Table of Contents Introduction......................................................... 1 Security Breach Reporting............................................

More information

PCI Compliance at The University of South Carolina. Failure is not an option. Rick Lambert PMP University of South Carolina ricklambert@sc.

PCI Compliance at The University of South Carolina. Failure is not an option. Rick Lambert PMP University of South Carolina ricklambert@sc. PCI Compliance at The University of South Carolina Failure is not an option Rick Lambert PMP University of South Carolina ricklambert@sc.edu Payment Card Industry Data Security Standard (PCI DSS) Who Must

More information

To ensure independence, PSC does not represent, resell or receive commissions from any third party hardware, software or solutions vendors.

To ensure independence, PSC does not represent, resell or receive commissions from any third party hardware, software or solutions vendors. About PSC With offices in the USA, Canada, UK and Australia, PSC is a leading PCI, PA DSS, and P2PE assessor, PCI Forensics Company and Approved Scanning Vendor. PSC is one of an elite few companies qualified

More information

Visa Prepaid Issuer Risk Program Standards Guide

Visa Prepaid Issuer Risk Program Standards Guide Visa Prepaid Issuer Risk Program Standards Guide Visa Supplemental Requirements 24 April 2015 Visa Public Important Information on Confidentiality and Copyright 2007-2015 Visa. All Rights Reserved. Notice:

More information

Steps for staying PCI DSS compliant Visa Account Information Security Guide October 2009

Steps for staying PCI DSS compliant Visa Account Information Security Guide October 2009 Steps for staying PCI DSS compliant Visa Account Information Security Guide October 2009 The guide describes how you can make sure your business does not store sensitive cardholder data Contents 1 Contents

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission

More information

1/18/10. Walt Conway. PCI DSS in Context. Some History The Digital Dozen Key Players Cardholder Data Outsourcing Conclusions. PCI in Higher Education

1/18/10. Walt Conway. PCI DSS in Context. Some History The Digital Dozen Key Players Cardholder Data Outsourcing Conclusions. PCI in Higher Education PCI in Higher Education Walter Conway, QSA 403 Labs, LLC Walt Conway PCI consultant, blogger, trainer, speaker, author Former Visa VP Help schools become PCI compliant Represent Higher Education at PCI

More information

Credit Card Processing Overview

Credit Card Processing Overview CardControl 3.0 Credit Card Processing Overview Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission

More information

What To Do if Compromised. Visa USA Fraud Investigations and Incident Management Procedures

What To Do if Compromised. Visa USA Fraud Investigations and Incident Management Procedures What To Do if Compromised Visa USA Fraud Investigations and Incident Management Procedures Table of Contents Introduction......................................................... 1 Identifying and Detecting

More information

Section 1: Assessment Information

Section 1: Assessment Information Section 1: Assessment Information Instructions for Submission This document must be completed as a declaration of the results of the service provider s self-assessment with the Payment Card Industry Data

More information

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS) Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS) What is PCI DSS? The 12 Requirements Becoming compliant with SaferPayments Understanding the jargon SaferPayments Be smart.

More information

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions PCI/PA-DSS FAQs Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions What is PCI DSS? The Payment Card Industry Data

More information

Payment Security teleconference

Payment Security teleconference Payment Security teleconference PCI DSS Compliance Validation Options 27 th March 2014 Michael Christodoulides and Louise Hunt All information correct at time of presentation Introduction Barclaycard has

More information

POLICY & PROCEDURE DOCUMENT NUMBER: 3.3101. DIVISION: Finance & Administration. TITLE: Policy & Procedures for Credit Card Merchants

POLICY & PROCEDURE DOCUMENT NUMBER: 3.3101. DIVISION: Finance & Administration. TITLE: Policy & Procedures for Credit Card Merchants POLICY & PROCEDURE DOCUMENT NUMBER: 3.3101 DIVISION: Finance & Administration TITLE: Policy & Procedures for Credit Card Merchants DATE: October 24, 2011 Authorized by: K. Ann Mead, VP for Finance & Administration

More information

Project Title slide Project: PCI. Are You At Risk?

Project Title slide Project: PCI. Are You At Risk? Blank slide Project Title slide Project: PCI Are You At Risk? Agenda Are You At Risk? Video What is the PCI SSC? Agenda What are the requirements of the PCI DSS? What Steps Can You Take? Available Services

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.1 April 2015 Section 1: Assessment Information Instructions for Submission

More information

Important Info for Youth Sports Associations

Important Info for Youth Sports Associations Important Info for Youth Sports Associations What the Heck is PCI DSS and Why Should I Care? Joe Posey Terrapin Financial Services Your Club is an ecommerce Business You accept online registration over

More information

PCI DSS and SSC what are these?

PCI DSS and SSC what are these? PCI DSS and SSC what are these? What does PCI DSS mean? PCI DSS is the English acronym for Payment Card Industry Data Security Standard. What is the PCI DSS programme? The bank card data, which are the

More information

PCI General Policy. Effective Date: August 2008. Approval: December 17, 2015. Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS:

PCI General Policy. Effective Date: August 2008. Approval: December 17, 2015. Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS: Effective Date: August 2008 Approval: December 17, 2015 PCI General Policy Maintenance of Policy: Office of Student Accounts PURPOSE: To protect against the exposure and possible theft of account and personal

More information

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW David Kittle Chief Information Officer Chris Ditmarsch Network & Security Administrator Smoker Friendly International / The Cigarette Store Corp

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.1 April 2015 Section 1: Assessment Information Instructions for Submission

More information

PCI Compliance. What is New in Payment Card Industry Compliance Standards. October 2015. cliftonlarsonallen.com. 2015 CliftonLarsonAllen LLP

PCI Compliance. What is New in Payment Card Industry Compliance Standards. October 2015. cliftonlarsonallen.com. 2015 CliftonLarsonAllen LLP cliftonlarsonallen.com PCI Compliance What is New in Payment Card Industry Compliance Standards October 2015 Overview PCI DSS In the beginning Each major card brand had its own separate criteria for implementing

More information

PCI Compliance. How to Meet Payment Card Industry Compliance Standards. May 2015. cliftonlarsonallen.com. 2015 CliftonLarsonAllen LLP

PCI Compliance. How to Meet Payment Card Industry Compliance Standards. May 2015. cliftonlarsonallen.com. 2015 CliftonLarsonAllen LLP 2015 CliftonLarsonAllen LLP PCI Compliance How to Meet Payment Card Industry Compliance Standards May 2015 cliftonlarsonallen.com Overview PCI DSS In the beginning Each major card brand had its own separate

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Instructions and Guidelines Version 2.0 October 2010 Document Changes Date Version Description October 1, 2008 1.2 October

More information

PAI Secure Program Guide

PAI Secure Program Guide PAI Secure Program Guide A complete guide to understanding the Payment Card Industry Data Security Requirements and utilizing the PAI Secure Program. Letter From the CEO Welcome to PAI Secure. As you

More information

Merchant guide to PCI DSS

Merchant guide to PCI DSS Merchant guide to PCI DSS Contents What is PCI DSS and why was it introduced?... 3 Who needs to become PCI DSS compliant?... 3 BOIPA Simple PCI DSS - 3 step approach to helping businesses... 3 What does

More information

The Comprehensive, Yet Concise Guide to Credit Card Processing

The Comprehensive, Yet Concise Guide to Credit Card Processing The Comprehensive, Yet Concise Guide to Credit Card Processing Written by David Rodwell CreditCardProcessing.net Terms of Use This ebook was created to provide educational information regarding payment

More information