UCSD Credit Card Processing Policy & Procedure



Similar documents
TERMINAL CONTROL MEASURES

University Policy Accepting and Handling Payment Cards to Conduct University Business

CREDIT CARD SECURITY POLICY PCI DSS 2.0

Appendix 1 Payment Card Industry Data Security Standards Program

PCI Policies Appalachian State University

Credit Card Handling Security Standards

Credit and Debit Card Handling Policy Updated October 1, 2014

Information Technology

PCI General Policy. Effective Date: August Approval: December 17, Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS:

Purpose: To comply with the Payment Card Industry Data Security Standards (PCI DSS)

Payment Card Industry Compliance

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

How To Control Credit Card And Debit Card Payments In Wisconsin

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

Becoming PCI Compliant

ACCEPTING CREDIT CARDS AND ELECTRONIC CHECKS TO CONDUCT UNIVERSITY BUSINESS

policy D Reaffirmation of existing policy

Failure to follow the following procedures may subject the state to significant losses, including:

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY

Merchant Payment Card Processing Guidelines

Payment Card Industry Data Security Standards

PCI DSS Security Awareness Training for University of Tennessee Credit Card Merchants. UT System Administration Information Security Office

PCI Training for Retail Jamboree Staff Volunteers. Securing Cardholder Data

Minnesota State Colleges and Universities System Procedures Chapter 5 Administration. Guideline Payment Card Industry Technical Requirements

Payment Card Industry Data Security Standard PCI DSS

INFORMATION SECURITY POLICY. Policy for Credit Card Acceptance to Conduct College Business

2.0 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI-DSS)

CREDIT CARD PROCESSING & SECURITY POLICY

How To Complete A Pci Ds Self Assessment Questionnaire

University of York Policy on the Management of Debit/ Credit Card Data

UTAH VALLEY UNIVERSITY Policies and Procedures

Protecting the POS Answers to Your Frequently Asked Questions

UNL PAYMENT CARD POLICY AND PROCEDURES. Table of Contents

CREDIT CARD MERCHANT POLICY. All campuses served by Louisiana State University (LSU) Office of Accounting Services

References: County Policy Manual- Credit Card Payments; Vendor Remote Access Request Form

Fraud Protection, You and Your Bank

SECTION: SUBJECT: PCI-DSS General Guidelines and Procedures

Policy for Protecting Customer Data

Credit Card Processing Overview

Appendix 1 - Credit Card Security Incident Response Plan

UGA Cooperative Extension Service Credit Card Machine Policy

PLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01

Finance & Ecommerce Systems

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

CREDIT CARD PAYMENTS ARE NOT ACCEPTED FOR STUDENT TUITION PAYMENTS

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance

A MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS)

Getting Started. Quick Reference Guide for Payment Processing

New York University University Policies

Accounting and Administrative Manual Section 100: Accounting and Finance

University of Sunderland Business Assurance PCI Security Policy

PCI Data Security Standards. Presented by Pat Bergamo for the NJTC February 6, 2014

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

CardControl. Credit Card Processing 101. Overview. Contents

b. USNH requires that all campus organizations and departments collecting credit card receipts:

UTAH VALLEY UNIVERSITY Policies and Procedures

SAN DIEGO STATE UNIVERSITY RESEARCH FOUNDATION CREDIT CARD PROCESSING & SECURITY POLICY MERCHANT SERVICES POLICIES & PROCEDURES

How To Ensure Account Information Security

Payment Cardholder Data Handling Procedures (required to accept any credit card payments)

Finance Office. Card Handling Policy

Visa global Compromised Account

CAL POLY POMONA FOUNDATION. Policy for Accepting Payment (Credit) Card and Ecommerce Payments

Your Single Source. for credit, debit and pre-paid services. Fraud Risk and Mitigation

Payment Card Industry (PCI) Policy Manual. Network and Computer Services

PIN Pad Security Best Practices v2. PIN Pad Security Best Practices

Project Title slide Project: PCI. Are You At Risk?

This policy applies to all GPC units that process, transmit, or handle cardholder information in a physical or electronic format.

Viterbo University Credit Card Processing & Data Security Procedures and Policy

CREDIT CARD PROCESSING POLICY AND PROCEDURES

EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )

Vanderbilt University

This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected

Fraud - Preparing Data Card Transactions

Ball State University Credit/Debit Card Handling Policy and Procedures

UW Platteville Credit Card Handling Policy

CREDIT CARD NUMBER HANDLING PROCEDURES POLICY October

You will already have read and understood the following documentation, however do go back to any of these if you are unsure of what they cover:

White Paper On. PCI DSS Compliance And Voice Recording Implications

Policy Title: Payment Cards Policy Effective Date: 5/5/2010. Policy Number: FA-PO-1214 Date of Last Revision: 11/5/2014

How To Spot & Prevent Fraudulent Credit Card Activity

University Policy Accepting Credit Cards to Conduct University Business

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY

Need to be PCI DSS compliant and reduce the risk of fraud?

PCI DSS SECURITY AWARENESS

Credit Card Security

PCI PA-DSS Requirements. For hardware vendors

Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance

Merchant Card Processing Best Practices

SECTION 509: Payment Card and Electronic Funds Transfer (EFT) Procedures

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

PCI Data Security Standards

What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:

BUSINESS POLICY. TO: All Members of the University Community 2012:12. CREDIT CARD PROCESSING AND SECURITY POLICY (Supersedes Policy 2009:05)

PCI Compliance: Protection Against Data Breaches

UTAH STATE UNIVERSITY POLICIES AND PROCEDURES MANUAL

The following are responsible for the accuracy of the information contained in this document:

A PCI Journey with Wichita State University

PCI Compliance Security Awareness Program For Marine Corps Community Services Contacts: Paul Watson

Transcription:

UCSD Credit Card Processing Policy & Procedure The Payment Process UCSD accepts Visa, MasterCard, American Express and Discover credit cards. We perform credit transactions only, no debit sales with cash back. Verify that the signature on ID matches credit card, if cardholder s name does not match name on identification do not accept card for payment, ask for another form of payment. Check the back of the credit card to see if it has been signed and is current. If it has not been signed, the cardholder must show you a current, valid, picture identification card (passport or driver s license). Roles and Responsibilities All UCSD merchants: Front End Employees, Supervisors and Managers- All are allowed to process payments Supervisors and/or Managers- Approve and process refunds on terminal Sensitive Authentication Data: There should not be any credit card information written down or stored at any location without assessment of PCI Administrator and proper documentation of storage. Sensitive authentication data consists of full track data, card security codes, or values (CAV2, CID, CVC2, CVV2) and PIN data must not be stored after authorization, even if it is encrypted. No credit card information is to be sent via end-user message technologies (such as emails, text, etc.). ClientLine Reporting Access: Only supervisors and/or managers should have access to the Bank of America reporting tool BusinessTrack (Formerly ClientLine) with credit card sales information. All users, regardless of roles, can only access masked PANs on BusinessTrack with only the last four digits displayed. Maintaining Terminal Information Department is to maintain an updated list of all terminal devices (ex: merchant ID, terminal ID, model of device) and list of authorized personnel who can process a credit card transaction at all time. Any changes to location of terminal, relocation, removing or adding, need to be approved Campus Credit Card Coordinator. No other devices are allowed to be used at any given time. Terminal is to be used for payments for [approved merchant] only. Use of this device for any other merchant activities, or non- UC Regents activities, is prohibited. Merchant is not allowed to change terminal ID, merchant ID, or any other terminal settings without approval of the General Accounting office. General Accounting will review documents on an annually basis. See PCI DSS Req. 9.9 Evaluation Form below. 1 Revision date: 12/15

Tampering of Terminal This section is to educate employees on what to look for and what to do if a terminal is tampered with. The department supervisor is required to check the terminal on a daily basis for evidence of tampering. A daily log of inspection completion is to be kept for auditing purposes. The terminals should be placed in an area where the public cannot access them without being noticed. Criminals use a technique called skimming to capture and transfer payment data to another source. By checking the terminal for any evidence of tampering minimizes the chances of credit card information being stolen. Always be cautious of unannounced service visits. Criminals can use this opportunity to gain access to a terminal and install a skimming device. Examples of tampering a) Check the terminal for any security stickers placed over screw holes or seams that will act as indicators of the case has been opened. Criminals often remove these labels when compromising terminals and may replace them with their own printed versions. Also, look for any signs that the label may have been removed or tampered with. b) Check for changes to terminal connections. c) Be aware of any additional, unfamiliar electronic equipment connected to the terminal. Examples of theft or loss of terminal to escalate a) Identified terminal is missing. b) Your location was robbed and terminal is missing. c) Lost terminal during a relocation. Escalation process if you suspect tampering, theft or loss of terminal: 1) Disconnect terminal and stop accepting credit card payments 2) Notify your immediate supervisor 3) Contact the General Accounting Office 4) Contact PCI Administrator at acarlsson@ucsd.edu x20247 or knwong@ucsd.edu x42847 Theft or Loss of Terminal If you suspect individuals with suspicious behavior attempting to service terminal without Credit Card Coordinator and/or IT Security authorization, staff is to escalate as indicated in this policy. References: UCSD PCI-DSS Blink page http://blink.ucsd.edu/finance/cash/credit-debit-cards/pci-dss/index.html Computer Incident Response Team (CIRT) Process http://blink.ucsd.edu/technology/security/cirt/index.html PCI Security Standards Council Skimming Prevention: Overview of Best Practices for Merchants https://www.pcisecuritystandards.org/documents/skimming_prevention_overview_one_sheet.pdf PCI Security Standards Council Skimming Prevention: Best Practices for Merchants https://www/pcisecuritystandards.org/documents/skimming/prevention_is.pdf 2 Revision date: 12/15

3 Revision date: 12/15

4 Revision date: 12/15

Merchant Acknowledgement I have read the SAQ B and Credit Card Processing Instructions and I recognize that I must maintain full PCI DSS compliance at all times. Signed name: Date: Printed name: Title: Merchant name: Merchant ID: 5 Revision date: 12/15

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information