SAN DIEGO STATE UNIVERSITY RESEARCH FOUNDATION CREDIT CARD PROCESSING & SECURITY POLICY MERCHANT SERVICES POLICIES & PROCEDURES
|
|
- Claud Cox
- 5 years ago
- Views:
Transcription
1 SAN DIEGO STATE UNIVERSITY RESEARCH FOUNDATION CREDIT CARD PROCESSING & SECURITY POLICY MERCHANT SERVICES POLICIES & PROCEDURES POLICY STATEMENT Introduction Some San Diego State University Research Foundation (SDSURF) projects accept donations or payments for goods or services such as application and registration fees and have been set-up with credit card merchant accounts. Projects accept payments through point of sale (POS) terminals or have agreements with third-party processors to provide payment gateway services that allow customers to make purchases on-line via the internet. The ability to accept credit card payments comes with risk and the responsibility to protect sensitive cardholder data. SDSURF projects that participate in card processing activities (merchants) are required to follow strict procedures to protect customers credit card data. The credit card companies (including Visa, MasterCard, Discoverer, and American Express) have developed standards that all credit card merchants must follow called Payment Card Industry Data Security Standards (PCI DSS). In addition, all projects utilizing merchant accounts must also adhere to the ICSUAM Credit Card Payment Policy, San Diego State University Information Security Plan and the San Diego State University Research Foundation Merchant Services Policies and Procedures. Failure of merchants to comply with these standards and guidelines and otherwise adequately protect sensitive cardholder information will result in the suspension of merchant privileges. In addition, fines may be imposed by the affected credit card company, ranging from $5,000- $50,000 per violation, per month out of compliance, per credit card company. Program Requirements All projects shall adhere to appropriate standards for credit card merchant services including training, outsourcing agreements with third-party providers, data and system security, PCI compliance, cost responsibility, and fiscal responsibility. The following program requirements are intended to ensure credit card payments made to SDSURF projects are processed in a secure manner, in compliance with industry PCI DSS standards, applicable federal and state legislation and CSU, SDSU and SDSURF policies and procedures. 1. All card processing activities of SDSURF projects will be conducted through merchant accounts obtained through the Merchant Account Acquisition Procedure. Merchant accounts will be issued only to particular SDSURF funds for a specific use. Accounts operated by parties other than the approved entity or for a purpose other than that approved may be rescinded without notice. 2. In no case should cardholder data be processed, stored or transmitted using any device on SDSU or SDSURF networks without explicit prior approval from the appropriate SDSU and SDSURF authorities. 1 P a g e
2 Scope 3. Transactions must be completed on approved, secure, fully hosted third party payment processing services. Projects will not use the services of any bank, corporation, entity or person other than the third party that SDSURF has contracted with for authorization or processing of credit card transactions, unless otherwise approved by the SDSURF CFO or Director of Finance & Accounting. 4. All service providers must be approved by SDSURF in advance and must be certified PCI DSS compliant and certified by Visa and MasterCard to accept credit card transactions securely over the internet. 5. All application providers must be approved by SDSURF and/or SDSU in advance and must be certified as PPA-DSS (Payment Application Data Security Standards) compliant. 6. All third parties with access to cardholder data shall be required to contractually acknowledge responsibility for the security of cardholder data in their possession and be contractually required to adhere to PCI DSS compliance, including an annual validation of compliance through methods authorized by a PCI certified Quality Security Assessor. See Appendix A for sample contract language. 7. All card processing activities and payment technologies used by SDSURF projects must comply with the Payment Card Industry Data Security Standards (PCI DSS) and Payment Application Data Security Standards (PA-DSS). No activity or technology may obstruct compliance with the PCI DSS. All projects processing credit card transactions will participate in an annual PCI risk assessment. 8. All projects that receive or expect to receive credit card payments must also comply with the San Diego State University Information Security Policy and the SDSURF Merchant Services Policies & Procedures. 9. Projects may accept only those credit card brands authorized by SDSURF and agree to operate in accordance with the contract(s) SDSURF holds with its Service Provider(s) and Card Issuers. Project PIs/Project Directors are responsible for ensuring that all transactions are in compliance with third party operating guides and credit card processing contracts regarding security and privacy. 10. Exceptions to this policy may be granted only after a written request from the project has been reviewed and approved by the CFO or Director of Finance & Accounting. This policy applies to all faculty, staff, students, organizations and individuals who, on behalf of SDSURF projects, handle electronic or paper documents associated with credit or debit card receipt transactions or accept payments in the form of credit or debit cards. The scope includes any credit or debit card activities conducted at all locations. PROCEDURES This manual explains policies, procedures, and best practices relative to the use of merchant card services. This manual informs everyone involved in payment card processes of their responsibility to establish and maintain proper internal controls ensuring responsible payment processing. Everyone involved with use, administration, and oversight of payment card transactions and processing is responsible for ensuring that periodic updates to this manual are reviewed. 2 P a g e
3 Merchant Responsibilities: PIs/Project Directors who accept credit card payments to their foundation funds are responsible for safeguarding the confidentiality of sensitive data and personal information relating to the sale or purchase of goods and services and for ensuring compliance with information privacy legislation and with University and Research Foundation policies on information privacy. Safeguards and responsibilities include, but are not limited to the following: Protection of cardholder data Do not store credit card information (full account number, type, expiration date, track data, etc.) on any computer or electronic device (desktop, laptop, database, spreadsheet, images, USB drive, disk, network, pda, etc.). Do not transmit cardholder data via . Credit card information should not be faxed. Procedures for faxing payments must be reviewed and approved by the Director of Finance and Accounting or CFO and the appropriate campus authority. Store only essential information. Avoid the retention of paper records containing complete credit card numbers. If, for business reasons, you must store full card numbers then do so for no longer than is required by the credit card companies. Mark these records as Confidential. Transmissions of sensitive cardholder data must be encrypted through the use of SSL. Securely dispose of sensitive cardholder data when it is no longer needed. Do not store the full contents of any track from the magnetic stripe, the card-validation code (the three digit value printed on the signature panel of a card) or personal identification number, PIN, information in any manner. Mask all but the last four digits of the account number when displaying cardholder data. Restricted access to cardholder data Restrict access to card account numbers to users on a need-to-know basis. Access must be limited to employees of SDSU or SDSURF who have a signed Confidentiality Agreement on file with the appropriate Human Resources department. Maintain an updated list of employees who have access to credit card information. The list should contain the following columns: Last Name, First Name, RedID, Position/Title, Cardholder Data Accessible, and Format. Include a brief justification linking access to the sensitive information to the employee s job. Protect cardholder data from unauthorized access. Physically secure paper records containing full or partial credit card numbers in locked cabinets or offices with adequate key control. Wherever possible, storage areas should be protected against destruction or potential damage from physical hazards, like fire or flood. Equipment and media containing cardholder data must be physically protected against unauthorized access. 3 P a g e
4 4 P a g e Cardholder data must be deleted or destroyed before it is physically disposed (e.g. by shredding paper, and degaussing media.) Proper procedures for the distribution and disposal of any media containing cardholder data must be followed. Point of Sale (POS) Terminal Protections from Tampering and Substitution San Diego State University Research Foundation and projects processing credit card transactions through swipe terminals are required to maintain an up-to-date inventory of all point of sale (POS) swipe terminals that capture payment card data. The projects will be responsible of protecting card present processing terminals from tampering or substitution. All point of sale (POS) terminals must be tracked and monitored on an ongoing basis to look for tampering or substitution (e.g., altered seals or screws, wiring, holes in the device, materials used to mask damage from tampering). A list must be maintained of all POS terminals that capture payment card data, for which the list is to include the following: Make, model, unique identifier, and location of device. Ensure that the list of terminals is updated when terminals are added, relocated, decommissioned. Physically secure all terminals that capture payment card data. Wireless credit card processing terminals must be stored securely in a locked area when not in use. Cashiers must perform a daily visual inspection of terminals that capture payment card data. PIs/ Project Directors for programs approved as merchants shall ensure that all employees responsible for systems and procedures related to credit card transactions processed through POS terminals have completed an annual training on POS equipment tampering prevention and awareness. Verify the identity of any third-party claiming to be repair or maintenance personnel prior to granting them access to modify or troubleshoot devices. Not install, replace or return devices without verification. Be aware of suspicious behavior around devices. Report suspicious behavior and indications of device tampering or substitution to appropriate personnel. Training Responsibilities & Security Awareness PIs/Project Directors for programs approved as merchants shall ensure that all employees responsible for systems or procedures related to credit card transactions and cardholder data have completed mandated Security Awareness Training annually. To enroll in training, contact the Merchant Services Coordinator at PIs/Project Directors are responsible for providing necessary training to employees to ensure staff members adhere to policies and procedures related to credit card merchant services and information security.
5 Data and System Security Cardholder data must not be processed or stored on any SDSU/SDSURF system without explicit approval. All systems must be secured and managed in compliance with the SDSU Information Security Plan. Cost Responsibility The project is responsible for all fees associated with use of a merchant account, including but not limited to equipment fees, supply costs, processing fees, dedicated phone lines and all costs related to maintaining PCI-DSS compliance. The project is also responsible for any fines and penalties resulting from noncompliance with PCI DSS standards, federal and state legislation, and University and Research Foundation policies. Fees will be assessed to the FOAP designated on the Merchant Site Request Form. Fiscal Responsibility Projects that provide credit card merchant services are responsible for adhering to internal control standards for the safeguarding of receipts and data, the proper deposit and posting of receipts, and the reconciliation of receipts. PCI DSS Compliance The PI/Project Director is responsible for compliance with PCI DSS standards. At least annually, the PI/Project Director must complete the appropriate PCI Security Standards Council Self-Assessment Questionnaire (SAQ) in its entirety, including the Attestation of Compliance. Completed forms should be submitted to the Merchant Services Coordinator, MC If users are redirected to a third-party processing site from a project website then PCI DSS requires quarterly vulnerability scans by a PCI SSC Approved Scanning Vendor (ASV) for all externally facing IP addresses. Evidence of a passing scan from the ASV must be attached to the PCI Security Standards Council Self-Assessment Questionnaire (SAQ). Scans will be coordinated by the SDSU Technology Security Officer. Loss or Theft of Account Information Incident Response A merchant must immediately report to SDSURF and University the suspected or confirmed loss or theft of any material or records that contain cardholder data. Failure to immediately notify the proper authorities will put the merchant at risk of steep penalties for each incident. Merchants are subject to fines by each of the impacted credit card brands. In the event that transaction data is accessed or retrieved by any unauthorized entity, notify the SDSURF CFO, Director of Finance & Accounting or Merchant Services Coordinator immediately. SDSURF will notify the merchant bank, card processor and SDSU ITSO to coordinate the incident response program. Merchant Approval Upon written approval and agreement with and adherence to published policies and procedures, San Diego State University Research Foundation (SDSURF) projects may accept VISA, MasterCard, Discoverer or American Express, and debit cards with a VISA or MasterCard logo as a form of payment for goods and services. 5 P a g e
6 All projects interested in accepting credit card payments to Research Foundation funds, either via the web or in person using a terminal, must complete the Merchant Account Survey/Request Form and submit to the Merchant Services Coordinator in Finance & Accounting. The requestor must be a PI/Project Director with budget and signature authority on funds administered by SDSURF. The Chief Financial Officer or Director of Finance & Accounting shall review and approve all credit card processing activities associated with SDSURF funds. Merchants must contact Finance & Accounting in the event that they will be making any changes to their method of processing after the merchant has been initially set up. Examples include changing from terminal based processing to processing through PC software, through a website, terminals built into cash registers, touch tone phone authorization, or processing through a lock box. Finance & Accounting must approve all such changes. Merchant Account Set-Up Requests Card Swipe/Point of Sale (POS) Terminals Payment Processing Service SDSURF has an agreement with Elavon to provide merchant card payment processing services. All SDSURF projects should utilize Elavon. Projects may request an exemption from this requirement by providing a business case justifying an alternate vendor or process to the Merchant Services Coordinator in Finance & Accounting, MC Projects shall not enter into an outsourcing agreement with a third-party provider, including software applications for credit card processing, until the business case is approved has been approved by the Director of Finance & Accounting or Chief Financial Officer. Point of Sale Swipe Terminals For non internet transactions, a point of sale (POS) swipe terminal with printer and a dedicated phone line are required. Each merchant is responsible for the installation and cost of their dedicated phone line. The purchase price, programming fees and supply costs for terminals is billed directly to the merchant through their Elavon monthly invoice and charged to the RF fund identified on the Merchant Site Request Form. All POS terminals must be PCI DSS compliant and be pre-approved by Elavon and SDSURF. Prior to replacing a POS terminal, contact the Merchant Services Coordinator to ensure that a qualified terminal is purchased. Point of Sale Computer Terminal (Virtual Terminal) Elavon endorses the use of Virtual Merchant for terminal POS services. The use of the application and configuration and maintenance of terminals must be compliant with the PCI Data Security Standard and its use must be approved by SDSURF and Elavon. 1. Complete a Merchant Account Survey/Request Form. 2. Submit completed form to the Merchant Services Coordinator, SDSURF Finance & Accounting, MC The request form will be reviewed and the appropriate services determined. 4. Once approved, the information will be forwarded to Elavon, who will process the request and issue a merchant id number. 6 P a g e
7 5. Elavon will mail a new merchant welcome kit and contact the merchant directly to walk designated project personnel through the process of setting up the terminal and coordinating training. 6. PI/Project Director must demonstrate PCI DSS compliance by completing the appropriate PCI DSS SAQ and sign the attestation to validation prior to acceptance of any payment transactions. Merchant Account Set-Up Requests Internet Transactions On occasion, there may be a valid business case for a project to accept credit card payments via the internet. At no time should projects process, store or transmit credit card data on any network. Instead, transactions must be completed on approved, secure, fully hosted third party payment processing service. The cardholder data must be entered directly in the Service Provider s site. Customers must be re-directed from a project website using a link to an approved 3 rd party service provider site. Projects shall not enter into an outsourcing agreement with a third-party provider, including software applications for credit card processing, until the business case is approved. Third party processors must PCI DSS compliant, approved by Visa and MasterCard to accept credit card transaction securely over the internet, pre-approved by Elavon and Union Bank, and approved by SDSURF. All third parties with access to cardholder data shall be required to acknowledge responsibility for the security of cardholder data in their possession and be contractually required to adhere to PCI DSS compliance, including an annual validation of compliance through methods authorized by a PCI certified Quality Security Assessor. If an internet application will be utilized, approval from the appropriate network administrator will also be required. 1. Complete a Merchant Account Survey/Request Form. 2. Submit completed form to the Merchant Services Coordinator, SDSURF Finance & Accounting, MC The request form will be reviewed and the appropriate services determined. 4. Once approved, the information will be forwarded to Elavon, who will process the request and issue a merchant id number. 5. Elavon will mail a new merchant welcome kit and contact the merchant directly to walk designated project personnel through the process of setting up the connection to the payment gateway service and coordinating training. 6. PI/Project Director must demonstrate PCI DSS compliance by completing the appropriate PCI DSS SAQ, obtain a certificate of validation of a clean network scan, and sign the attestation to validation prior to acceptance of any payment transactions. One-Time/Infrequent Events On occasion, projects may be interested in accepting payments for one-time or infrequent events, such as conference registration or fundraising events. In these cases, it is not practical to set the project up with a merchant account. However, SDSURF maintains a merchant account that can be utilized by authorized projects on a temporary, as-needed basis. A wireless terminal will be temporarily provided to the project for payment processing. 7 P a g e
8 1. Complete a Merchant Account Survey/Request Form. 2. Submit completed form to the Merchant Services Coordinator, SDSURF Finance & Accounting, MC The request form will be reviewed and the appropriate services determined. 4. Attend training 5. Check out wireless POS terminal 6. Check in wireless POS terminal, batch receipts and cash receipts 7. PI/Project Director must demonstrate PCI DSS compliance by completing the appropriate PCI DSS SAQ, obtain a certificate of validation of a clean network scan, and sign the attestation to validation prior to acceptance of any payment transactions. Mail Order, Telephone Order Transactions Credit card transactions must include the following: cardholder name, card number and expiration date, description of merchandise or services provided, transaction date, and authorized signature. The project assumes all risks associated with accepting mail order, telephone order, and delayed delivery, including, but not limited to, fraudulent sales transactions. As stated in the PCI standards, credit card numbers, expiration dates and any other cardholder information must be housed in a secure and limited access environment. Do not store credit card information in e- mail, on local desktop/laptop computers or shared network devices. Credit card numbers should be destroyed after the completion of services provided. Processing Payments All face-to-face transactions should have the payment card present and obtain a signature. Compare signatures and check for ID where possible and feasible. Always verify that the card is valid and signed. Verify the expiration date. Charge cards shall be accepted for no more than the amount of purchase. The customer receives the copy of the sales draft that has only four (4) digits on the credit card number. The department retains the other copy and must securely store these drafts. Credit card numbers should not be sent via or fax. Credit card numbers should not be entered on a computer or electronic device other than the POS terminal. If transmitting transactions using a terminal, settle the transactions daily. This settlement process is called batching out. Merchants should not, under any circumstances, pay any card refund or adjustment to a cardholder in cash. Merchants are required, in good faith, to maintain a fair policy for the exchange and return of merchandise and for resolving disputes over merchandise and/or services purchased with a payment card. If a transaction is for non-returnable, non-refundable 8 P a g e
9 merchandise, this must be indicated on all copies of the sales draft before the cardholder signs it. A copy of your return policy must be displayed in public view. Merchants are prohibited from engaging in mail/telephone order transactions unless it was indicated on the original application/sales agreement that you accepted or planned to accept such transactions or you have received subsequent written approval to do so from Finance & Accounting. Cash Receipts Settlement for merchant card services is done through Union Bank. Projects should close out batches of charges daily and prepare a SDSURF Cash Receipt form for the amount of the batch. Cash receipts should be delivered in a timely manner to the cashier s office for processing. All cash receipts for batches processed in a month are due to the cashier s office no later than the second business day of the following month. Note: No cardholder data should be attached to the cash receipts. Batch receipts should be attached to the cash receipt. Batch receipts that include card numbers should have all but the last four digits masked. Chargebacks and Disputes Merchants shall review and resolve any disputes between the customer and their credit card merchant account in a timely manner. Reconciliation Procedures All merchant services are settled through Union Bank and deposited in an account designated for merchant card services (Bank 15). Detailed statements are available on-line via Elavon s Merchant Connect tool for most merchant accounts. Summary (batch settlement) are available on-line at month end via Union Bank. In cases where the project has contracted with a thirdparty vendor other than Elavon (KPBS Global Payments, etc.), a lump sum ACH payment is received by Union Bank, detailed statements are not available. The merchant account bank statement is reconciled with cash receipts on a monthly basis. 9 P a g e
10 DEFINITIONS: Cardholder The customer to whom a credit card or debit card has been issued or the individual authorized to use the card. Cardholder data All personally identifiable data about the cardholder gathered as a direct result of a credit or debit card transaction (e.g. account number, expiration date, etc.). Cardholder data is any personally identifiable data associated with a cardholder. This could be an account number, expiration data, name, address, social security number, Card Validation Code, or CID Card Identification Number. Card-validation code The three-digit value printed on the signature panel of a payment card used to verify card-not-present transactions. On a MasterCard payment card this is called CVC2. On a Visa payment card this is called CVV2. Credit or Debit Card Receipt Transactions Any collection of cardholder data to be used in a financial transaction whether by facsimile, paper, card presentation or electronic means. Credit Card Processor A third party vendor who processes credit card transactions, routes payments to a merchant s account, charges discount and adjustment fees and generates statements. Database A structured electronic format for organizing and maintaining information that can be easily retrieved. Simple examples of databases are tables or spreadsheets. Electronic Commerce (ecommerce) is the termed used to define business transactions conducted using an electronic medium. Encryption The process of converting information into a form unintelligible to anyone except the holders of a specific cryptographic key. Use of encryption protects information from unauthorized disclosure between the encryption process and the decryption process. Firewall Hardware and/or software that protect the resources of one network from users from other networks. Typically, an enterprise with an intranet that allows it workers access to the wider Internet must have a firewall to prevent outsiders from accessing its own private data resources. Magnetic Stripe Data (Track Data) Data encoded in the magnetic stripe used for authorization during a card present transaction. Magnetic stripe or magstripe data contains the cardholder name, account number, encrypted PIN, and other discretionary data. Merchant Any Project/Organization that participates in card processing activities. Merchant Account An account established by contractual agreement between a merchant/business and a bank or payment gateway. Merchant Card Coordinator (Lerma Alejandro) Position that serves as the interface between the merchant bank and merchants. Provides support, training, and general services to merchants in all areas relating to payment card processing (e.g. reconciliations, disputes, compliance). Network A network is defined as two or more computers connected to each other so they can share resources. Online Credit Card Acceptance Credit card payments are submitted via the web using a third party vendor s software and passed onto the credit card processor for real-time authorization. 10 P a g e
11 The third party vendor security accepts and stores credit card information in compliance with the credit card company s security requirements. Payment Card credit cards, debit cards, ATM cards, and any other card or device, other than cash or checks, issued by a bank or credit union, which is normally presented by a person for the purpose of making a payment. Payment Application Software vendors, who develop applications that store, process or transmit cardholder data as part of authorization or settlement. Payment Gateway A service provided by a billing processor, which allows credit card information to be collected and passed over the internet. A payment gateway can be thought of as a digital equivalent to a credit card processing terminal. Some payment gateways establish or resell merchant accounts. --- A service provided by a billing processor, which allows credit card information to be collected and passed over the internet. A payment gateway can be thought of as a digital equivalent to a credit card processing terminal. Some payment gateways establish or resell merchant accounts. A category of agent or service provider that stores, processes, and/or transmits cardholder data as part of a payment transaction. Primary Account Number (PAN) The payment card number (credit or debit) that identifies the issuer and the particular cardholder account. PCI Purchasing Card Industry Standard is the result of collaboration between the four major credit card brands to develop a single approach to safeguarding sensitive data. The PCI standard defines a series of best practices for handling, transmitting and storing sensitive data. PCI DSS The PCI Standard is the result of collaboration between the four major credit card brands to develop a single approach to safeguarding sensitive data. The PCI standard defines a series of best practices for handling, transmitting and storing sensitive data. PCI DSS Standards The Payment Card Industry (PCI) Data Security Standard was created by major credit card companies to safeguard customer information. Visa, MasterCard, American Express and other credit card associations mandate that merchants and service providers meet certain minimum standards of security when they store, process and transmit cardholder data. Privileged Access Access to more than one card number at a time, as opposed to access to a single card number for purposes of completing a transaction (Thus, the term describes positions such as database administrators of systems that house cardholder data, but not cashiers handling one card at a time.) Service Providers The third parties SDSU/SDSURF has contracted with who are involved in the processing of credit card transactions. This includes the credit card processor and online credit card acceptor. Organizations that process, store, or transmit cardholder data on behalf of members, merchants, or other service providers. System Administrator / Data Custodian An individual who performs network/system administration duties and/or technical support of network/systems that are accessed by other people, systems, or services. Wireless Technology Includes any technology used to transmit data without a physical connection. 11 P a g e
12 Appendix A Sample Contract Language SDSURF Clause Contractor is currently certified to be in compliance with the PCI Security Standards Council s Payment Card Industry Data Security Standards, including the current published version by a qualified security assessor (QSA) and approved scanning vendor (ASV), as applicable. Any changes in Contractor s certification require prompt written notification to the client. Contractor agrees to continue to meet all PCI DSS requirements and to validate compliance annually according to the credit card industry rules, which include but are not limited to the Payment Card Industry Data Security Standards. Contractor will also provide written evidence of this compliance to the SDSU Research Foundation annually. If applicable, Contractor agrees that its electronic check processing functionality will comply with the appropriate NACHA- the Electronic Payment Association provisions. Applications purchased from a third party that will be used by a Merchant to store process or transmit sensitive cardholder data must be Payment Application Best Practices (PABP) certified. This certification ensures that the application is compatible with Payment Card Industry Data Security Standard requirements. Information about PABP validation is available from Visa. 12 P a g e
BUSINESS POLICY. TO: All Members of the University Community 2012:12. CREDIT CARD PROCESSING AND SECURITY POLICY (Supersedes Policy 2009:05)
BUSINESS POLICY TO: All Members of the University Community 2012:12 DATE: April 2012 CREDIT CARD PROCESSING AND SECURITY POLICY (Supersedes Policy 2009:05) Contents Section 1 Policy Statement... 2 Section
Credit Card Processing and Security Policy
Credit Card Processing and Security Policy Policy Number: Reserved for future use Responsible Official: Vice President of Administration and Finance Responsible Office: Student Account Services Effective
Appendix 1 Payment Card Industry Data Security Standards Program
Appendix 1 Payment Card Industry Data Security Standards Program PCI security standards are technical and operational requirements set by the Payment Card Industry Security Standards Council to protect
TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS
TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS 1. Introduction Debit and Credit Card Receipt Standards apply to the administration
University Policy Accepting and Handling Payment Cards to Conduct University Business
BROWN UNIVERSITY University Policy Accepting and Handling Payment Cards to Conduct University Business Table of Contents Purpose... 2 Scope... 2 Authorization... 2 Establishing a new account... 2 Policy
Information Technology
Credit Card Handling Security Standards Overview Information Technology This document is intended to provide guidance to merchants (colleges, departments, organizations or individuals) regarding the processing
POLICY SECTION 509: Electronic Financial Transaction Procedures
Page 1 POLICY SECTION 509: Electronic Financial Transaction Procedures Source: NDSU President NDSU VP for Finance and Administration NDSU VP for Information Technology A. Purpose / Rationale Many NDSU
2.0 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI-DSS)
CSU, Chico Credit Card Handling Security Standard Effective Date: July 28, 2015 1.0 INTRODUCTION This standard provides guidance to ensure that credit card acceptance and ecommerce processes comply with
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Merchants with Only Imprint Machines or Only Standalone, Dial-out Terminals Electronic Cardholder
6-8065 Payment Card Industry Compliance
0 0 0 Yosemite Community College District Policies and Administrative Procedures No. -0 Policy -0 Payment Card Industry Compliance Yosemite Community College District will comply with the Payment Card
Saint Louis University Merchant Card Processing Policy & Procedures
Saint Louis University Merchant Card Processing Policy & Procedures Overview: Policies and procedures for processing credit card transactions and properly storing credit card data physically and electronically.
Accepting Payment Cards and ecommerce Payments
Policy V. 4.1.1 Responsible Official: Vice President for Finance and Treasurer Effective Date: September 29, 2010 Accepting Payment Cards and ecommerce Payments Policy Statement The University of Vermont
University of Dayton Credit / Debit Card Acceptance Policy September 1, 2009
University of Dayton Credit / Debit Card Acceptance Policy September 1, 2009 Effective Date of this Policy: August 1, 2008 Last Revision: September 1, 2009 Contact for More Information: UDit Internal Auditor
Payment Cardholder Data Handling Procedures (required to accept any credit card payments)
Payment Cardholder Data Handling Procedures (required to accept any credit card payments) Introduction: The Procedures that follow will allow the University to be in compliance with the Payment Card Industry
PCI Policies 2011. Appalachian State University
PCI Policies 2011 Appalachian State University Table of Contents Section 1: State and Contractual Requirements Governing Campus Credit Cards A. Cash Collection Point Approval for Departments B. State Requirements
CREDIT CARD PROCESSING POLICY AND PROCEDURES
CREDIT CARD PROCESSING POLICY AND PROCEDURES Note: For purposes of this document, debit cards are treated the same as credit cards. Any reference to credit cards includes credit and debit card transactions.
Credit Card Handling Security Standards
Credit Card Handling Security Standards Overview This document is intended to provide guidance to merchants (colleges, departments, auxiliary organizations or individuals) regarding the processing of charges
This policy applies to all GPC units that process, transmit, or handle cardholder information in a physical or electronic format.
Policy Number: 339 Policy Title: Credit Card Processing Policy, Procedure, & Standards Review Date: 07-23-15 Approval Date: 07-27-15 POLICY: All individuals involved in handling credit and debit card transactions
GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY
GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY PURPOSE The Payment Card Industry Data Security Standard was established by the credit card industry in response to an increase in identify theft
TERMINAL CONTROL MEASURES
UCR Cashiering & Payment Card Services TERMINAL CONTROL MEASURES Instructions: Upon completion, please sign and return to cashandmerchant@ucr.edu when requesting a stand-alone dial up terminal. The University
COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL
PAYMENT CARD INDUSTRY COMPLIANCE (PCI) Effective June 1, 2011 Page 1 of 6 (1) Definitions a. Payment Card Industry Data Security Standards (PCI-DSS): A set of standards established by the Payment Card
WASHINGTON STATE UNIVERSITY MERCHANT ACCOUNT AGREEMENT FOR UNIVERSITY DEPARTMENTS
WASHINGTON STATE UNIVERSITY MERCHANT ACCOUNT AGREEMENT FOR UNIVERSITY DEPARTMENTS I. Introduction, Background and Purpose This Merchant Account Agreement (the Merchant Agreement or Agreement ) is entered
ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS:
Boston College Policy ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS: PURPOSE OF POLICY: The purpose of this policy is to establish procedures for accepting payment cards at Boston College
INFORMATION SECURITY POLICY. Policy for Credit Card Acceptance to Conduct College Business
DELAWARE COLLEGE OF ART AND DESIGN 600 N MARKET ST WILMINGTON DELAWARE 19801 302.622.8000 INFORMATION SECURITY POLICY including Policy for Credit Card Acceptance to Conduct College Business stuff\policies\security_information_policy_with_credit_card_acceptance.doc
CREDIT CARD MERCHANT POLICY. All campuses served by Louisiana State University (LSU) Office of Accounting Services
Louisiana State University Finance and Administrative Services Operating Procedure FASOP: AS-22 CREDIT CARD MERCHANT POLICY Scope: All campuses served by Louisiana State University (LSU) Office of Accounting
University Policy Accepting Credit Cards to Conduct University Business
BROWN UNIVERSITY University Policy Accepting Credit Cards to Conduct University Business Purpose Brown University requires all departments that are involved with credit card handling to do so in compliance
EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )
EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy ) Background Due to increased threat of identity theft, fraudulent credit card activity and other instances where cardholder
Dartmouth College Merchant Credit Card Policy for Managers and Supervisors
Dartmouth College Merchant Credit Card Policy for Managers and Supervisors Mission Statement Dartmouth College requires all departments that process, store or transmit credit card data remain in compliance
Payment Card Industry (PCI) Policy Manual. Network and Computer Services
Payment Card Industry (PCI) Policy Manual Network and Computer Services Forward This policy manual outlines acceptable use Black Hills State University (BHSU) or University herein, Information Technology
Standards for Business Processes, Paper and Electronic Processing
Payment Card Acceptance Information and Procedure Guide (for publication on the Treasury Webpages) A companion guide to University policy 6120, Payment Card Acceptance Standards for Business Processes,
ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS:
Boston College Policy ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS: PURPOSE OF POLICY: The purpose of this policy is to establish procedures for accepting payment cards at Boston College
FAQ s for Payment Card Processing at the University
FAQ s for Payment Card Processing at the University 1) We are thinking about taking credit cards for payments. What do we need to know? 2) Who is the PCPC (Payment Card Process Coordinator)? 3) What is
ACCEPTING CREDIT CARDS AND ELECTRONIC CHECKS TO CONDUCT UNIVERSITY BUSINESS
UNIVERSITY OF NORTH DAKOTA FINANCE & OPERATIONS POLICY LIBRARY ACCEPTING CREDIT CARDS AND ELECTRONIC CHECKS TO CONDUCT UNIVERSITY BUSINESS Policy 2.3, Accepting Credit Cards and Electronic Checks to Conduct
UNL PAYMENT CARD POLICY AND PROCEDURES. Table of Contents
UNL PAYMENT CARD POLICY AND PROCEDURES Table of Contents Payment Card Merchant Security Standards Policy and Procedures... 2 Introduction... 4 Payment Card Industry Data Security Standard... 4 Definitions...
3. Internet Credit Card Processing System generates a daily batch release report 4. Reporting Deposits to the University Depository
Internal Credit/Debit Card Processing Policies and Procedures for University of Tennessee Merchants Merchant: DBA Effective: Date Reviewed: Date Revised: Date 1. General Statement 2. Point-of-Sale Processing
POLICY NAME : MERCHANT (PCI) POLICY AND PROCEDURES ACCEPTING CREDIT/DEBIT CARD PAYMENTS
Publication Date 2009-08-11 Issued by: Financial Services Chief Information Officer Revision V 1.0 POLICY NAME : MERCHANT (PCI) POLICY AND PROCEDURES ACCEPTING CREDIT/DEBIT CARD PAYMENTS Overview: There
Becoming PCI Compliant
Becoming PCI Compliant Jason Brown - brownj52@michigan.gov Enterprise Security Architect Enterprise Architecture Department of Technology, Management and Budget State of Michigan @jasonbrown17 History
Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015
Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect
PCI General Policy. Effective Date: August 2008. Approval: December 17, 2015. Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS:
Effective Date: August 2008 Approval: December 17, 2015 PCI General Policy Maintenance of Policy: Office of Student Accounts PURPOSE: To protect against the exposure and possible theft of account and personal
Dartmouth College Merchant Credit Card Policy for Processors
Mission Statement Dartmouth College Merchant Credit Card Policy for Processors Dartmouth College requires all departments that process, store or transmit credit card data remain in compliance with the
New York University University Policies
New York University University Policies Title: Payment Card Industry Data Security Standard Policy Effective Date: April 11, 2012 Supersedes: N/A Issuing Authority: Executive Vice President for Finance
SECTION 509: Payment Card and Electronic Funds Transfer (EFT) Procedures
Page 1 SECTION 509: Payment Card and Electronic Funds Transfer (EFT) Procedures SOURCE: NDSU President NDSU VP for Finance and Administration NDSU VP for Information Technology It is the University s responsibility
Payment Card Acceptance Administrative Policy
Administrative Procedure Approved By: Brandon Gilliland, Associate Vice President for Finance & Controller Effective Date: October 1, 2014 History: Approval Date: September 25, 2014 Revisions: Type: Administrative
A8.700 TREASURY. This directive applies to all campuses of the University of Hawai i.
Prepared by Treasury Office. This amends A8.710 dated July 2001. A8.710 April 2005 A8.700 TREASURY P 1 of 5 A8.710 Credit Card Program 1. Purpose To provide uniform procedures for the processing of credit
Policies and Procedures. Merchant Card Services Office of Treasury Operations
Policies and Procedures Merchant Card Services Office of Treasury Operations 1 Welcome! Table of Contents: Introduction Establishing Payment Card Services Payment Card Acceptance Procedures Payment Card
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced Version 3.0 February
Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008
Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 What is the PCI DSS? And what do the acronyms CISP, SDP, DSOP and DISC stand for? The PCI DSS is a set of comprehensive requirements
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Imprint Machines or Stand-alone Dial-out Terminals Only, no Electronic Cardholder Data Storage
PCI Compliance Overview
PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)
Policy for Accepting Payment (Credit) Card and Ecommerce Payments
Policy for Accepting Payment (Credit) Card and Ecommerce Payments 1 Revision Control Document Title: File Reference: Credit Card Handling Policy and Procedure PCI Policy020212.docx Date By Action Pages
Payment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire D Service Providers For use with PCI DSS Version 3.1 Revision 1.1 July 2015 Section 1: Assessment
CREDIT CARD PROCESSING & SECURITY POLICY
FINANCE AND TREASURY POLICIES AND PROCEDURES E071 CREDIT CARD PROCESSING & SECURITY POLICY PURPOSE The purpose of this policy is to establish guidelines for processing charges/credits on Credit Cards to
How To Complete A Pci Ds Self Assessment Questionnaire
Department PCI Self-Assessment Questionnaire Version 1.1 2009 Attestation of Compliance Instructions for Submission This Department PCI Self-Assessment Questionnaire has been developed as an assessment
CAL POLY POMONA FOUNDATION. Policy for Accepting Payment (Credit) Card and Ecommerce Payments
CAL POLY POMONA FOUNDATION Policy for Accepting Payment (Credit) Card and Ecommerce Payments 1 PURPOSE The purpose of this policy is to establish business processes and procedures for accepting payment
UW Platteville Credit Card Handling Policy
UW Platteville Credit Card Handling Policy Issued: December 2011 Revision History: November 7, 2013; July 11, 2014; November 1, 2014; August 24, 2015 Overview: In order for UW Platteville to accept credit
D. DFA: Mississippi Department of Finance and Administration.
MISSISSIPPI DEPARTMENT OF FINANCE AND ADMINISTRATION ADMINISTRATIVE RULE PAYMENTS BY CREDIT CARD, CHARGE CARD, DEBIT CARDS OR OTHER FORMS OF ELECTRONIC PAYMENT OF AMOUNTS OWED TO STATE AGENCIES The Department
UNLV Payment Card Merchant Policy Credit Card Handling Responsibilities and Procedures
UNLV Payment Card Merchant Policy Credit Card Handling Responsibilities and Procedures Background Colleges and universities have traditionally had open networks of information that foster the exchange
PCI Training for Retail Jamboree Staff Volunteers. Securing Cardholder Data
PCI Training for Retail Jamboree Staff Volunteers Securing Cardholder Data Securing Cardholder Data Introduction This PowerPoint presentation is designed to educate Retail Jamboree Staff volunteers on
Office of Finance and Treasury
Office of Finance and Treasury How to Accept & Process Credit and Debit Card Transactions Procedure Related Policy Title Credit Card Processing Policy For University Merchant Locations Responsible Executive
Merchant Card Processing Best Practices
Merchant Card Processing Best Practices Background: The major credit card companies (VISA, MasterCard, Discover, and American Express) have published a uniform set of data security standards that ALL merchants
University of Virginia Credit Card Requirements
University of Virginia Credit Card Requirements The University of Virginia recognizes that e-commerce is critical for the efficient operation of the University, and in particular for collecting revenue.
Payment Card Industry Data Security Standards
Payment Card Industry Data Security Standards PCI DSS Rhonda Chorney Manager, Revenue Capital & General Accounting Today s Agenda 1. What is PCI DSS? 2. Where are we today? 3. Why is compliance so important?
The University of Michigan Treasurer s Office Card Services. Merchant Services Policy Document
Merchant # (Treasurer s Office Use Only): The University of Michigan Treasurer s Office Card Services Merchant Services Policy Document Business Purpose: Merchant Name (25 characters max): Originator:
. Merchant Accounts are special bank accounts issued by a merchant. . Merchant Level: This classification is based on transaction volume.
Credit Card Procedures and Policies Texas A&M Health Science Center offers university departments the convenience of accepting credit cards in payment for goods and services provided. All University departments
Accounting and Administrative Manual Section 100: Accounting and Finance
No.: C-13 Page: 1 of 6 POLICY: It is the policy of the University of Alaska that all payment card transactions are to be executed in compliance with standards established by the Payment Card Industry Security
Clark University's PCI Compliance Policy
ï» Clark University's PCI Compliance Policy Who Should Read this Policy: All persons who have access to credit card information, including: Every employee that accesses handles or maintains credit card
CREDIT CARD MERCHANT PROCEDURES MANUAL. Effective Date: 5/25/2011
CREDIT CARD MERCHANT PROCEDURES MANUAL Effective Date: 5/25/2011 Updated: May 25, 2011 TABLE OF CONTENTS Introduction... 1 Third-Party Vendors... 1 Merchant Account Set-up... 2 Personnel Requirements...
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance Payment Application Connected to Internet, No Electronic Cardholder Data Storage Version
Vanderbilt University
Vanderbilt University Payment Card Processing and PCI Compliance Policy and Procedures Manual PCI Compliance Office Information Technology Treasury VUMC Finance Table of Contents Policy... 2 I. Purpose...
05.118 Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013
05.118 Credit Card Acceptance Policy Authority: Vice Chancellor of Business Affairs History: Effective July 1, 2011 Updated February 2013 Source of Authority: Office of State Controller (OSC); Office of
Frequently Asked Questions
PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply
SECTION: SUBJECT: PCI-DSS General Guidelines and Procedures
1. Introduction 1.1. Purpose and Background 1.2. Central Coordinator Contact 1.3. Payment Card Industry Data Security Standards (PCI-DSS) High Level Overview 2. PCI-DSS Guidelines - Division of Responsibilities
Policy Title: Payment Cards Policy Effective Date: 5/5/2010. Policy Number: FA-PO-1214 Date of Last Revision: 11/5/2014
Policy Title: Effective Date: 5/5/2010 Policy Number: FA-PO-1214 Date of Last Revision: 11/5/2014 Oversight Department: Financial Services Next Review Date: 10/1/2016 1. PURPOSE The for Radford University
Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance
Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers Compliant? Bank Name
Understanding Payment Card Industry (PCI) Data Security
Understanding Payment Card Industry (PCI) Data Security Office of the State Controller November 2010 State of North Carolina The Enemy Major Security Breaches TJ-Max Heartland Hannaford Foods BJ s Wholesale
POLICY & PROCEDURE DOCUMENT NUMBER: 3.3101. DIVISION: Finance & Administration. TITLE: Policy & Procedures for Credit Card Merchants
POLICY & PROCEDURE DOCUMENT NUMBER: 3.3101 DIVISION: Finance & Administration TITLE: Policy & Procedures for Credit Card Merchants DATE: October 24, 2011 Authorized by: K. Ann Mead, VP for Finance & Administration
b. USNH requires that all campus organizations and departments collecting credit card receipts:
USNH Payment Card Industry Data Security Standard (PCI DSS) Version 3 Administration and Department Policy Draft Revision 3/12/2013 1. Purpose. The purpose of this policy is to assist the University System
This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected
This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected officials, administrative officials and business managers.
Payment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Standard Attestation of Compliance for Self-Assessment Questionnaire D Service Providers Version 3.1 April 2015 Section 1: Assessment Information Instructions for Submission
Purpose: To comply with the Payment Card Industry Data Security Standards (PCI DSS)
Procedure Credit Card Handling and Security for Departments/Divisions and Elected/Appointed Offices Last Update: January 19, 2016 References: Credit Card Payments Policy Purpose: To comply with the Payment
PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:
What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers
http://www4.uwm.edu/bfs/depts/acct/creditcardacceptance/credit-card-acceptance.cfm
Section: Accounting Revised Date: 05/31/2011 Procedure: 2.2.23 Credit Card Acceptance Home Page http://www4.uwm.edu/bfs/depts/acct/creditcardacceptance/credit-card-acceptance.cfm Operating Principles:
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other SAQ-Eligible Merchants and Service Providers Version 2.0 October 2010 Document
PCI Data Security and Classification Standards Summary
PCI Data Security and Classification Standards Summary Data security should be a key component of all system policies and practices related to payment acceptance and transaction processing. As customers
E-Market Policy Accepting Online Payment for Conducting University Business
Accepting Online Payment for Conducting University Business Responsible Office: Bursar s Office Contact: bursar@hartford.edu Effective Date: July 1, 2011 Last Revised: June 20, 2011 Last Reviewed: June
CREDIT CARD POLICY DRAFT
APPROVED BY Ronald J. Paprocki I. Policy Statement Any office of the University that processes credit card transactions may do so only in the manner approved by the University Treasury Office and in compliance
ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY. Processing Electronic Card Payments
ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY Processing Electronic Card Payments Introduction and Policy Aim The Payment Card Industry Data Security Standard (PCI-DSS) is a worldwide information
Ball State University Credit/Debit Card Handling Policy and Procedures
Ball State University Credit/Debit Card Handling Policy and Procedures I. Background Ball State University accepts payments in various forms including cash, checks and electronic fund transfers. University
Minnesota State Colleges and Universities System Procedures Chapter 5 Administration. Guideline 5.23.1.10 Payment Card Industry Technical Requirements
Minnesota State Colleges and Universities System Procedures Chapter 5 Administration Payment Card Industry Technical s Part 1. Purpose. This guideline emphasizes many of the minimum technical requirements
Payment Card Industry Data Security Standards Compliance
Payment Card Industry Data Security Standards Compliance Please turn off, or to vibrate, all cell-phones/electronics Expected course length: 1 Hour Questions are welcomed. Who Created It? & What Is It?
688 Sherbrooke Street West, Room 730 James Administration Building, Room 524
'McGill Sylvia Franke, LL.B., B.Sc. Albert Caponi, C.A. Chief Information Officer Assistant Vice-Principal (Financial Services) 688 Sherbrooke Street West, Room 730 James Administration Building, Room
McGill Merchant Manual
McGill Merchant Manual The McGill Merchant Manual is a complementary document to the Merchant (PCI) Policy and Procedures and serves to aid Merchants in ensuring their operations comply with Payment Card
EASTERN OKLAHOMA STATE COLLEGE ACCEPTING AND HANDLING CREDIT AND DEBIT CARD PAYMENTS POLICIES AND PROCEDURES
EASTERN OKLAHOMA STATE COLLEGE ACCEPTING AND HANDLING CREDIT AND DEBIT CARD PAYMENTS POLICIES AND PROCEDURES This document describes Eastern Oklahoma State College s policy and procedures for the proper
Why Is Compliance with PCI DSS Important?
Why Is Compliance with PCI DSS Important? The members of PCI Security Standards Council (American Express, Discover, JCB, MasterCard, and Visa) continually monitor cases of account data compromise. These
UTAH STATE UNIVERSITY POLICIES AND PROCEDURES MANUAL
UTAH STATE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Credit Card Handling and Acceptance Policy Policy Number: C3875 Effective Date: November 8, 2006 Issuing Authority: Office of VP Business and
Sales Rep Frequently Asked Questions
V 02.21.13 Sales Rep Frequently Asked Questions OMEGA Processing Data Protection Program February 2013 - Updated In response to a national rise in data breaches and system compromises, OMEGA Processing
GLOSSARY OF MOST COMMONLY USED TERMS IN THE MERCHANT SERVICES INDUSTRY
GLOSSARY OF MOST COMMONLY USED TERMS IN THE MERCHANT SERVICES INDUSTRY Acquiring Bank The bank or financial institution that accepts credit and/or debit card payments for products or services on behalf