Presentation is loading. Please wait.

Presentation is loading. Please wait.

October 28, 2013. Who? What? When? Why? Comply with PCI compliance policies set forth by industry Create internal policies and procedures to protect.

Published byBreonna Fieldhouse Modified over 10 years ago

Similar presentations

Presentation on theme: "October 28, 2013. Who? What? When? Why? Comply with PCI compliance policies set forth by industry Create internal policies and procedures to protect."— Presentation transcript:

1 October 28, 2013

2 Who? What? When? Why?

3 Comply with PCI compliance policies set forth by industry Create internal policies and procedures to protect cardholder data Inform and train GVSU personnel who process cardholder data Perform annual review Report suspected or confirmed breach incidents

4 www.gvsu.edu/pci Compliance Documents www.gvsu.edu/pci Prohibited Practices: Storing CVV codes, pin numbers, track data or card numbers These must be destroyed immediately after processing. Sending credit card information via mobile or end-user messaging technologies (email, fax) Requesting for credit card information to be sent to GVSU street address Sending credit card information via intercampus mail

5 Prohibited Practices: Accepting/entering credit card information on GVSU website on behalf of a customer Using a laptop for entering credit card information Instructing customers to enter their own credit card information on a GVSU public computer Directly passing credit card fees to customers who pay via credit cards

6 Prohibited Practices: Using non-designated PCI compliant shredding devices or services Using non-designated PCI compliant hardware Most mobile terminal options, such as the Square that connects to the IPhone/IPad are NOT acceptable. Using non-approved third party service providers to process credit card transactions

7 So, then what is allowed?

8 Accepted Processing Procedures: Approved secure websites for ongoing, frequent processes Ben Rapin, Institutional Marketing, 18014 www.gvsu.edu/webteam/ecommerce.htm - E-Commerce Request Form www.gvsu.edu/webteam/ecommerce.htm Approved secure terminal – wired or wireless Jennifer Schick, Accounting Business Office, 12231 www.gvsu.edu/pci - Credit Card Processing Assistance www.gvsu.edu/pci Most mobile terminal options, such as the Square that connects to the IPhone/IPad are NOT acceptable.

9 Accepted Processing Procedures: Low volume options Take directly to cashier window on same business day. Must be taken by GVSU employee (not a student). See www.gvsu.edu/pci Credit Card Processing Assistance for Departmental Deposit Form.www.gvsu.edu/pci Can keep the last 4 digits of a card number for reference. Call one of the following offices, provide the FOAP where the money should be deposited, and transfer the call: 16806 for gift deposits (Gift Processing/Development Office) OR 12209 for other credit card payments (Student Accounts Hotline).

10 Accepted Processing Procedures: Dedicated PO Box for US Mail Approved PCI compliant shredders or shredding services Coordinate shredding services/bins through Kip Smalligan. Shredders must be cross-cut or diamond cut. Approved PCI compliant vendors If using or considering a third party service provider to accept credit cards, the vendor must be PCI compliant. Notify Sue Korzinek of process to allow for proper documentation to be acquired from third party vendor BEFORE signing a contract.

11 A scenario that works for many events: Set up online registration with Institutional Marketing. Prepare mailing and give registrants these options: Register online for credit card payments or Register via mail for check payments. For day of the event registrations, allow check payments or request the use of a loaner terminal to accept credit card payments.

12 Any new contract/relationship that relates to credit card payments MUST be approved by the PCI Committee. Contact Sue Korzinek and Jennifer Schick. WARNING: Just because a vendor or salesperson says that they are PCI Compliant, it does not mean that they are!

13 Notify immediately Assess situation Corrective measures Prepare message Evaluate processes for improvement

14 EMV – September 2015 EMV (Europay/MasterCard/Visa) /a.k.a Pin & Chip Instead of a magnetic stripe, EMV cards contain an embedded microprocessor. EMV chip technology reduces card fraud in a face- to-face card-present environment; provides global interoperability; and enables safer and smarter transactions across cards and contactless channels. – U.S. EMV Migration Efforts Continue Despite Debit Regulatory Challenges, www.cnbc.com 10/3/13 www.cnbc.com

15 EMV – September 2015 As new credit card terminals are ordered or current terminals need to be replaced, GVSU will order terminals that are EMV capable. By September 2015, GVSU will order new EMV capable credit card terminals to replace terminals with the old technology.

16 Mobile technology Reminder: Most mobile terminal options, such as the Square that connects to the IPhone/IPad are NOT acceptable. Reminder: Using a laptop for entering credit card information is NOT acceptable. We are in the process of testing/evaluating new wireless/cellular terminals and a mobile payment bundle that would connect to an IPad.

17 Fees Reminder: At GVSU, departments are NOT allowed to directly passing credit card fees to customers who pay via credit cards. Recent headlines discussed changes in rules regarding surcharges/convenience fees. Few companies are actually proceeding down this path due to various hoops that they would need to jump through. Departments are able to set their rates for all forms of payment knowing that credit card processing fees are 2-3%.

18 Contact information: Sue Korzinek X12035 Jennifer Schick X12231

Download ppt "October 28, 2013. Who? What? When? Why? Comply with PCI compliance policies set forth by industry Create internal policies and procedures to protect."

Similar presentations

© 2007 First Data Corporation. All Rights Reserved. This document contains unpublished, confidential and proprietary information of First Data Corporation.

© 2007 First Data Corporation. All Rights Reserved. This document contains unpublished, confidential and proprietary information of First Data Corporation.
Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Shawnee State University’s

Shawnee State University’s
Procurement Card Presented By: Denise Matias, CAH March 20, 2013.

Procurement Card Presented By: Denise Matias, CAH March 20, 2013.
Mobile Payment Security The Good, the Bad and the Ugly

Mobile Payment Security The Good, the Bad and the Ugly
UCSB Credit Card Processing and PCI Compliance

UCSB Credit Card Processing and PCI Compliance
Secretary of State Delbert Hosemann

Secretary of State Delbert Hosemann
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
This refresher course will:

This refresher course will:
C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?

C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?
CARD ACCEPTANCE PROCEDURES Facilitator: Kristy A Stanley Fraud and Compliance Officer June 16 2011.

CARD ACCEPTANCE PROCEDURES Facilitator: Kristy A Stanley Fraud and Compliance Officer June
© 2012 Presented by: Preparation For EMV Chip Technology Keith Swiat.

© 2012 Presented by: Preparation For EMV Chip Technology Keith Swiat.
Electronic Payment Systems E-Commerce. Intro to Electronic Payment Systems More than $900 billion transacted online Expected to swell to more than $3.

Electronic Payment Systems E-Commerce. Intro to Electronic Payment Systems More than $900 billion transacted online Expected to swell to more than $3.
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations

Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations
1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking Funded by a grant from Take Charge America, Inc.

1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking Funded by a grant from Take Charge America, Inc.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
PCI and how it affects College Stores… ROBIN MAYO | PCIP ECOMMERCE MANAGER EAST CAROLINA UNIVERISTY.

PCI and how it affects College Stores… ROBIN MAYO | PCIP ECOMMERCE MANAGER EAST CAROLINA UNIVERISTY.
BPOINT for Schools Information Guide for Parents.

BPOINT for Schools Information Guide for Parents.
Emerging Technologies

Emerging Technologies
Travillon Consultants

Travillon Consultants

Similar presentations

Ads by Google