Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 10/2013. This training is provided for cashiers, phone-a-thon participants, and fiscal personnel involved in payment card activities that are never.

Published byTracey Dixon Modified over 8 years ago

Similar presentations

Presentation on theme: "1 10/2013. This training is provided for cashiers, phone-a-thon participants, and fiscal personnel involved in payment card activities that are never."— Presentation transcript:

1 1 10/2013

2 This training is provided for cashiers, phone-a-thon participants, and fiscal personnel involved in payment card activities that are never exposed to data from more than one card at a time. 2 This training may not be adequate PCI coordinators, executives who sign the annual PCI Self-Assessment Questionnaire (SAQ), or I.T. professionals. These people should contact the University’s Payment Card Services to arrange for training required for their roles. (http://www.virginia.edu/finance/ecommerce/contacts.html)http://www.virginia.edu/finance/ecommerce/contacts.html Note Note: If you have not completed the Responsible Computing Tutorial for Faculty and Staff, please visit their website to satisfy that requirement as soon as you complete this training: https://tutorial.people.virginia.edu/itsarc. https://tutorial.people.virginia.edu/itsarc

3 3 We work and live and work in a global community. Most of us give very little thought to handing over our credit or debit card to complete strangers or entering their card data into a website. We do this in good faith, expecting that our information will be protected. Yet in 2010, “there were reported losses of $48 billion dollars that affected 11 million Americans” from credit card theft. Source: http://www.creditcards.comhttp://www.creditcards.com

4 4 When most of us think about payment card fraud, we think of cyber crimes. You may think of a hacker sitting at a computer who is out to get you from thousands of miles away. Most payment card frauds are crimes of opportunity: Someone left the door open A computer was left unprotected A filing cabinet was left open or unattended A person was allowed unauthorized access to secure areas or carelessly left documents on a desk They handed data to someone they barely knew

5 5 Each day, people engage in payment card activity or transactions with the University of Virginia, believing that we will protect their data from thieves. We work hard to maintain a secure data environment. The loss of their faith can have serious repercussions for the University. We depend on you as University employees and volunteers to help us in securing all customer’s cardholder data (CHD) and other personal information You are working with sensitive information and should handle it accordingly. Treat payment card data like you would a $1,000 bill Cash and payment card information should be secured if left unattended.

6 Payment Card: A broad term, applying to any magnetic-coded card used to make purchases. Payment Card Merchant: Any entity that accepts payment cards for payment of goods or services. Primary Account Number (PAN): Unique payment card number (typically for credit or debit cards) that identifies the issuer and the particular cardholder account. Card Holder Data: At a minimum, cardholder data consists of the full PAN. Cardholder data may also appear in the form of the full PAN plus any of the following: cardholder name, expiration date and/or service code. 6

7

8 8 1.Do not request, send or accept payment card information by e-mail. a)Do not process any transaction with payment card data received by email! b)If someone emails data to you, you should make them aware that, for their safely, they should not send it again. Remove the data when responding! c)Direct them to an approved method for submitting card data. d)Delete the email and cardholder data securely from your email account. 2.NEVER record card data in any electronic format, even temporarily. a)This includes Excel files, databases, Integrated System notes, etc. b)Comply with UVA Policy IRM-015 “Electronic Storage of Highly Sensitive Data”.IRM-015 3.Do not store any of the magnetic stripe data which includes the credit card confirmation code, or cardholder account numbers with expiration dates. (The 3 digits on the back of many cards and 4 digits on the front of an American Express card, often referred to as the confirmation or “CVV2” code.) For Mail Order/Telephone order charges, you may collect the information as long as it is destroy ( cross-cut shredded ) immediately after processing. 4.Do not direct a payer to a specific computer or offer to enter payment card data into a hosted website or other system that is not a U.Va. authorized point-of-sale swipe terminal on someone else’s behalf. 5.Maintain a clean desk if you are processing card information. a)Do not have personal phones, laptop, or other belongings near the processing area.

9 9 1.Notify your supervisor and your department PCI Coordinator right away! 2.Your PCI Coordinator or Supervisor must contact the following areas. If your supervisor or PCI coordinator are not available, you should notify the areas below. a)Contact your LSP (computer tech) if suspected activity involves computers (hacking, unauthorized access, etc.). ITS Security must be notified as well at: http://its.virginia.edu/security/reporting.html b)Email the U.Va. Payment Card Services unit to alert them immediately at uva_payment_card_svcs@virginia.edu. c)Contact U.Va. Internal Audit if fraud is suspected related to payment card activities; they will assist you further. Call 434-924-4110.

10 Review your department’s payment card procedures with your supervisor. Have signed the U.Va. Electronic Access Agreement either in ESHARP or printed from: https://www.virginia.edu/informationpolicy/documents/eaa.pdf. https://www.virginia.edu/informationpolicy/documents/eaa.pdf Complete the University’s annual Data Security Training linked from: https://tutorial.people.virginia.edu/itsarc https://tutorial.people.virginia.edu/itsarc Protect your ID’s and passwords, as they may provide criminals with an avenue to data that the University stores, processes or transmits. 10

11 11 1)Payment Card Industry – Data Security Standards (PCI-DSS). https://www.pcisecuritystandards.org/documents/PCI%20S SC%20Quick%20Reference%20Guide.pdf https://www.pcisecuritystandards.org/documents/PCI%20S SC%20Quick%20Reference%20Guide.pdf a)Every merchant department or unit has a contractual obligation with the credit card companies to adhere to PCI Standards and to certify compliance with the standards annually. b)Fraud, as a result of non-compliance carries with it substantial fines, sanctions and may result in the inability to conduct future card activity. 2)The University of Virginia e-commerce website at: http://www.virginia.edu/finance/ecommerce Please continue to next slide to complete your training

12 12 To complete your training, click on the following link, select Payment Card Documents in the upper right-hand corner, then select and print the UVA Payment Card Confidentiality Agreement from the Documents page found on our Training site: http://www.virginia.edu/finance/ecommerce/docs/uva_pci_confidentiality_agre ement.pdfhttp://www.virginia.edu/finance/ecommerce/docs/uva_pci_confidentiality_agre ement.pdf. The Agreement should be signed by both you and your supervisor annually. It will be maintained in the department/office records. For additional questions regarding payment card practices please contact the U.Va. Payment Card Services. U.Va. Payment Card Services

Download ppt "1 10/2013. This training is provided for cashiers, phone-a-thon participants, and fiscal personnel involved in payment card activities that are never."

Similar presentations

JPMorgan Chase Purchasing Card Training

JPMorgan Chase Purchasing Card Training
October 28, 2013. Who? What? When? Why? Comply with PCI compliance policies set forth by industry Create internal policies and procedures to protect.

October 28, Who? What? When? Why? Comply with PCI compliance policies set forth by industry Create internal policies and procedures to protect.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.

Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
This refresher course will:

This refresher course will:
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?

1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?
Protecting Your Identity: What to Know, What to Do.

Protecting Your Identity: What to Know, What to Do.
C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?

C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?
Payment Card PCI DSS Compliance SAQ-D Training Accounts Receivable Services, Controller’s Office 7/1/2012.

Payment Card PCI DSS Compliance SAQ-D Training Accounts Receivable Services, Controller’s Office 7/1/2012.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
8 Mistakes That Expose You to Online Fraud to Online Fraud.

8 Mistakes That Expose You to Online Fraud to Online Fraud.
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations

Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations
1.7.2.G1 Electronic/Online Banking & Bill Pay Take Charge of Your Finances.

1.7.2.G1 Electronic/Online Banking & Bill Pay Take Charge of Your Finances.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Credit Card Fraud PRESENTED BY THE VIRGINIA OFFICE OF THE ATTORNEY GENERAL June 2013.

Credit Card Fraud PRESENTED BY THE VIRGINIA OFFICE OF THE ATTORNEY GENERAL June 2013.

Similar presentations

Ads by Google