Langara College PCI Awareness Training

Similar documents
University of York Policy on the Management of Debit/ Credit Card Data

Credit and Debit Card Handling Policy Updated October 1, 2014

Target Security Breach

This policy applies to all GPC units that process, transmit, or handle cardholder information in a physical or electronic format.

PAI Secure Program Guide

PCI Compliance: How to ensure customer cardholder data is handled with care

Information Technology

Accepting Payment Cards and ecommerce Payments

EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )

CREDIT CARD PROCESSING POLICY AND PROCEDURES

EMV and Small Merchants:

Frequently Asked Questions

POLICY & PROCEDURE DOCUMENT NUMBER: DIVISION: Finance & Administration. TITLE: Policy & Procedures for Credit Card Merchants

University Policy Accepting Credit Cards to Conduct University Business

PCI General Policy. Effective Date: August Approval: December 17, Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS:

Cal Poly PCI DSS Compliance Training and Information. Information Security 1

McGill Merchant Manual

Questions and Answers PCI Compliance (Updated May 23, 2014)

Your Single Source. for credit, debit and pre-paid services. Fraud Risk and Mitigation

Saint Louis University Merchant Card Processing Policy & Procedures

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

2.1.2 CARDHOLDER DATA SECURITY

EMV and Restaurants: What you need to know. Mike English. October Executive Director, Product Development Heartland Payment Systems

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking

Payment Card Industry Data Security Standard

Preparing for EMV chip card acceptance

Table of Contents. 2 TouchSuite Welcome Kit

University of Virginia Credit Card Requirements

welcome to liber8:payment

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

Payment Card Industry Data Security Standard PCI DSS

Protecting the POS Answers to Your Frequently Asked Questions

PCI Compliance Top 10 Questions and Answers

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc.

Franchise Data Compromise Trends and Cardholder. December, 2010

PCI DSS COMPLIANCE DATA

PCI Compliance. Top 10 Questions & Answers

Welcome to the Duke Medicine Credit Card PCI Education session.

How To Protect Your Credit Card Information From Being Stolen

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

The Merchant. Skimming is No Laughing Matter. A hand held skimming device. These devices can easily be purchased online.

Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) Merchant Business Solutions. Version 5.0 (April 2011)

Payment Card Security

EASTERN OKLAHOMA STATE COLLEGE ACCEPTING AND HANDLING CREDIT AND DEBIT CARD PAYMENTS POLICIES AND PROCEDURES

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year

University Policy Accepting and Handling Payment Cards to Conduct University Business

How to Help Prevent Fraud

SellWise User Group. Thursday, February 19, 2015

Failure to follow the following procedures may subject the state to significant losses, including:

Credit Card Handling Security Standards

Merchant Services. How to help protect your business

Small Merchant Data Security Survey Results

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

SecurityMetrics Introduction to PCI Compliance

Fall Conference November 19 21, 2013 Merchant Card Processing Overview

What is EMV? What is different?

How To Become A Pca Compliant Organization

Plotting a Course for EMV Compliance

Barracuda Web Site Firewall Ensures PCI DSS Compliance

Understanding PCI Compliance

VISA EUROPE ACCOUNT INFORMATION SECURITY (AIS) PROGRAMME FREQUENTLY ASKED QUESTIONS (FAQS)

Finance & Ecommerce Systems

Becoming PCI Compliant

Merchant guide to PCI DSS

Your Compliance Classification Level and What it Means

Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

How To Control Credit Card And Debit Card Payments In Wisconsin

TERMINAL CONTROL MEASURES

Payment Card Acceptance Administrative Policy

An Oracle White Paper July 2010 U.S. CARD FRAUD

This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected

With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful.

mobile payment acceptance Solutions Visa security best practices version 3.0

It is important to note, the payment brands and acquirers are responsible for enforcing compliance, not the PCI council.

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY

Policy for Protecting Customer Data

The PCI DSS Compliance Guide For Small Business

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

PROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN

PCI COMPLIANCE AND WHAT IT MEANS TO YOU IN ENGLISH

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

CREDIT CARD MERCHANT PROCEDURES MANUAL. Effective Date: 5/25/2011

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW

What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:

PCI Compliance Overview

New York University University Policies

* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

PCI Training for Retail Jamboree Staff Volunteers. Securing Cardholder Data

Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec

2.0 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI-DSS)

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz

ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY. Processing Electronic Card Payments

Transcription:

Langara College PCI Awareness Training

Have you heard of PCI? Due to the increase of credit card fraud and identity theft, major credit card companies like Visa, MasterCard and Amex have formed a security council called the Payment Card Industry Security Standards Council (PCI-SSC). PCI-SSC s mission is to enhance payment card data security to minimize credit card fraud worldwide. For more information about PCI-SSC please visit their website at: https://www.pcisecuritystandards.org/

PCI-SSC The PCI Council was formed to protect cardholder data by educating merchants & the public about PCI Security. PCI has established 12 high level security standards consisting of up to 254 stringent requirements that merchants worldwide must achieve and maintain. Awareness is key for preventing payment card fraud!

Welcome to PCI awareness training Welcome to Payment Card Industry (PCI) awareness training on secure credit and debit card handling practices at Langara College. PCI Data Security Standards (PCI DSS) encompasses both credit and debit cards. For the purposes of this training, reference is made to payment cards, which means both credit and debit cards. This training will provide you with information on what you need to know as a Langara employee, and also how to protect your own payment cards.

Who needs training? To achieve and maintain PCI compliance requirements, the following training must be completed annually by: New and existing employees that handle and/or process payment cards. New and existing employees that MAY come in contact with payment card numbers or information.

You play a crucial role in protecting Langara from credit and debit card fraud To ensure we process payment card transactions safely and securely, we developed this training to educate employees on: 1. Why credit and debit card security is important 2. What the PCI project is all about 3. What the risks might be if Langara experienced a breach 4. What precautions employees should take when handling payment card information

Have you ever thought about How many credit cards you have in your wallet? How often you use your credit or debit card to purchase goods or services? How many credit cards you process or handle each day? If you re using a credit card safely?

Why should secure payment card handling be important to you? Every year 540,400 Canadians suffer financial loss due to credit card fraud The convenience of online purchasing has increased the exposure of credit card information and personal data to hackers Victims of fraud can experience huge financial losses, invasion of privacy and identity theft Safe and secure credit card handling is everyone s responsibility

Is your information secure? Between April and September 2014, Home Depot was hacked by unauthorized user(s) compromising over 56 million credit cards and user accounts. Other notable cases: 40 million customers affected 1.16 million credit cards affected 2.6 million credit cards affected 36% of Canadian companies in a study had experienced one or more cyber attacks in 2014

How do hackers steal information? Techniques: Phishing - emails that direct you to enter your personal information in a fake website that looks legitimate. Spyware - to intercept or take control of your computer. Skimming RFID readers can be used to create a duplicate of your credit card. Hacking unauthorized access of your computer network

How does PCI apply to my work? College Policy establishes guidelines to protect Langara from possible repercussions of non-compliance including: Revocation of credit card acceptance privileges and resulting effects on business operations Fraudulent manipulation of cardholder data Damage to Langara s reputation Potential legal issues and insurance claims Substantial card issuer fines Loss of customer trust Help protect the college s business and reputation by recognizing your responsibilities in safe credit card handling!

Why is PCI important? Departments such as the Registrar s Office, International Education, Continuing Studies, the Bookstore and Financial Services accept credit and debit card payments. To protect the Langara community, every business unit that comes into contact with payment card transactions must follow secure card handling procedures In order to continue accepting payment cards, we must adhere to the security standards established by the PCI Council.

Why is PCI important? (Cont d) 94% of PCI DSS compliant companies say compliance improves their relationship with business partners $100K+ Potential cost of monthly fines for non-compliance PCI requirements $5.5M Average cost of a data breach 2.35 years Average time it takes merchants to become PCI compliant

How do we process credit cards? Langara uses PIN Pads for in-person transactions and various third-party applications to process online credit card payments. A PIN Pad is an electronic device used to input and encrypt the cardholder s Personal Identification Number (PIN) for debit and credit card transactions PIN Pads are also know as: Stand-alone terminals, Credit/debit machines, POS device/point of Sale terminal, Moneris device

Keeping our PIN Pads & Payment Processing Equipment Secure To help keep our PIN Pads and payment processing equipment secure: Check daily to ensure the PIN Pad is safeguarded against tampering or replacement with a fraudulent device Only allow authorized staff to operate credit card handling equipment Ensure the credit card terminal truncates the card account number so that only the last 4 digits are visible

Do Not Store Payment Card Data NEVER save and store payment card data in: Electronic files such as Excel, Word, PowerPoint or email Shared drive folders, on your desktop or personal folders A document - if you write down a credit card number, destroy or delete it immediately after the transaction

Phone Transactions When accepting credit card information over the phone, ensure: The credit card number is entered into a PIN Pad device or online third party payment application If written down, the credit card number is destroyed or deleted immediately after processing the transaction The credit card number is not saved in a document

In-person transactions In-person credit card payments require, The credit card be present at the time of payment. The credit card be inserted into the PIN Pad device if it contains chip technology and a PIN is entered. Swiping the card if it does not have chip technology, and a signature is provided. That credit card numbers not be manually entered into a PIN Pad device for in-person transactions.

Keeping current on PCI It is important for all Langara employees that handle or may come in contact with credit card information to keep up with any changes that effect credit card security by reviewing this online information annually. Langara has current policy and procedures for handling credit and debit cards (http://www.langara.bc.ca/departments/financial-services/procedures.html) The best way to ensure you re up to date is to visit Langara s PCI website (http://www.langara.bc.ca/departments/financial-services/pci-standards.html). You can also check out the PCI website at: https://www.pcisecuritystandards.org/ If you are aware of any areas or new processes where cardholder data exists and/or is not being adequately secured please talk to your manager and review Langara s current policy and procedures (see link above).

Keeping current on PCI: PCI Project The project objectives are to ensure Langara is compliant with PCI requirements by implementing new, or enhancing current processes to secure credit and debit card transactions. One of the strategies for PCI compliance is to outsource the processing of credit card information to a third party, which reduces the work that Langara must do to ensure compliancy. If a credit card breach were to occur, the consequences will affect all business units within the college. Current project status (as of July 2015): Initial assessment complete Analysis and documentation of non-compliant areas complete Employee Security awareness training started in Fall 2015 Analysis and implementation of solutions for non-compliant areas in progress For more information, please visit the project website: http://www.langara.bc.ca/informationtechnology/projects/pci.html

Congratulations! You have completed your annual PCI online awareness information review. By reviewing this online module you acknowledge and understand the information presented. If you have any questions regarding the information provided in this online module or do not understand the implications of the policy, please contact Financial Services.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information