Presentation is loading. Please wait.

Presentation is loading. Please wait.

PCI-DSS Compliance and Payment Card Acceptance

Similar presentations


Presentation on theme: "PCI-DSS Compliance and Payment Card Acceptance"— Presentation transcript:

1 PCI-DSS Compliance and Payment Card Acceptance
Cathy Freeman Cash and Treasury Services Phone: Website: sh-treasury/

2 Agenda PCI-DSS Defined Brief History
Why is PCI-DSS Compliance Important? Merchant Levels and Requirements CU PCI-Best Practices PCI Compliance Responsibilities Virtual Terminals Credit Card Payment Information Who Get’s Overlooked Accepting Credit Card on Campus Questions

3 PCI-DSS Defined Payment Card Industry Data Security Standards
A collaborative effort to achieve a common set of security standards for use by entities that process, store or transport payment card data. Multiple Credit Card organizations participating in PCI efforts Members include Visa, MasterCard, American Express, Diner’s Club, Discover Card and JCB. JCB is a Japanese credit card. It is issued in the USA targeting the Japanese population. It is accepted wherever Discover Cards are accepted. Diner’s Club is accepted wherever Discover cards are accepted.

4 PCI-DSS Definitions Cardholder
Customer to whom a card is issued or individual authorized to use the card Cardholder Data Full magnetic stripe or the Primary Account Number (PAN) plus any of the following Cardholder name Expiration date Service Code Cardholder Validation Value or Code Data element on a card’s magnetic stripe that uses secure cryptographic process to protect data integrity on the stripe, and reveals any alteration or counterfeiting. Compromise Intrusion into computer system where unauthorized disclosure, modification, or destruction of cardholder data is suspected. Encryption Process of converting information into an unintelligible form except to holders of a specific cryptographic key. Use of encryption protects information between the encryption process and the decryption process against unauthorized disclosure

5 PCI-DSS Definitions Firewall
Hardware, software, or both that protect resources of one network from intruders from other networks. Information Security Protection of information to insure confidentiality, integrity and availability. Magnetic Stripe Data encoded in the magnetic stripe used for authorization during transactions when the card is presented. Merchant Any person/business that accepts payments by debit or credit cards. It is an agreement between a retailer, a merchant bank and payment processor for the settlement of credit card and/or debit card transactions.

6 PCI-DSS Definitions PAN
Primary Account Number is the payment card number (credit or debit) that identifies the issuer and the particular cardholder account. Also called Account Number. POS Point of Sale. Hardware and/or software used to process payment card transactions at merchant locations. Service Code Three or four digit number on the magnetic stripe that specifies acceptance requirements and limitations for a magnetic stripe read transaction. Vulnerability Scan Scans used to identify vulnerabilities in operating systems, services and devices that could be used by hackers to target the company’s private network.

7 Brief History The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with focus on improving payment account security throughout the transaction process. The major credit card companies (VISA, MasterCard, Discover, and American Express) came together and published a uniform set of data security standards that ALL merchants must comply with in connection with the acceptance of payment cards. These new standards are called Payment Card Industry Data Security Standards or PCI DSS. These standards have placed additional responsibilities on CU departments in connection with acceptance of payment cards.

8 Why is PCI Compliance Important ?

9 Why is PCI Compliance Important?
Good business practice. PCI compliance is like insurance. Large monetary fines assessed to your department and/or Clemson University. Loss of merchant status for department. Loss of merchant status for Clemson University. Loss of faith in Clemson University name. You are vulnerable!

10 Why is PCI Compliance Important?
Because they are after us! Since 2008 educational institutions have experienced a staggering 158 data breaches resulting in over 2.3 million reported records compromised. Higher ed institutions have become a predominant target for cyber criminals because of the substantial amount of distinct type of data they possess. Databases at colleges include names, addresses, financial information, credit card numbers, SSN and healthcare records of employees, students and parents. Source: Application Security, Inc.

11 Why is PCI Compliance Important?
Estimated $3.4 Billion Lost to Online Fraud The $700 million increase in estimated total fraud loss (vs. 2010)was driven by the overall growth in ecommerce in 2011. Source: CyberSource Online Fraud Report Countries With The Most Card Fraud: U.S. and Mexico One recent survey finds that 27% of cardholders (debit, credit and prepaid) around the world have experienced fraud in the past five years. Rates of fraud vary across countries but in Mexico and the United States are more prone to fraud with 44% and 42% of respondents there saying they’ve experienced card fraud. The report from Aite Group and ACI Worldwide, which surveyed over 5000 consumers in 17 countries, notes that U.S. consumers are heavy card users-more card use means greater likelihood for card fraud. Source: Forbes

12 Why is Compliance Important? You don’t want to make the headlines!

13 Why is PCI Compliance Important? Costs of Non-Compliance.
The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can be catastrophic to a small business.

14 Why is PCI Compliance Important? Breach Trends and The Facts
Main causes of a data breach-Hacking in now #1 Data Breaches Will Likely Affect Your Reputation. 76% of organizations surveyed acknowledged that their reputation was impacted as a result of the loss or theft of customer information. Type of Data Most Often Stolen Password/pin Credit card or bank payment information Credit or payment history Driver’s license/SSN

15 Why is PCI Compliance Important? Breach Trends and The Facts
It Can Be A Long Road To Recovery 64% of organizations say they are concerned that data compromised in a data breach will be used to commit other types of fraud. Breaches Can Strike Twice or Even Three Times 85% of recent survey respondents indicated that their organization had more than one breach involving customer data in the last 24 months. Your Reputation Doesn’t Bounce Back Immediately To restore an organization’s reputation after a breach that involved customer information takes about a year (11.8 months).

16 Definition of Merchant Levels
All merchants will fall into one of the four merchant levels based on Visa transaction volume over a 12-month period. Transaction volume is based on the aggregate number of Visa transactions (inclusive of credit, debit and prepaid) from a merchant Doing Business As (‘DBA’). In cases where a merchant corporation has more than one DBA, Visa acquirers must consider the aggregate volume of transactions stored, processed or transmitted by the corporate entity to determine the validation level. If data is not aggregated, such that the corporate entity does not store, process or transmit cardholder data on behalf of multiple DBAs, acquirers will continue to consider the DBA’s individual transaction volume to determine the validation level. Merchant levels as defined by Visa:

17 Merchant Levels Merchant Level 1 Merchant Level 2
Any merchant -- regardless of acceptance channel -- processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system. Merchant Level 2 Any merchant -- regardless of acceptance channel -- processing 1M to 6M Visa transactions per year.

18 Merchant Levels Merchant Level 3 Merchant Level 4
Any merchant processing 20,000 to 1M Visa e-commerce transactions per year Merchant Level 4 Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants -- regardless of acceptance channel -- processing up to 1M Visa transactions per year.

19 Merchant Requirements
QSA Onsite Review Self Assessment Network Security Scan Level 1 Required (annually) Not Required (quarterly) Level 2 Level 3 Level 4 Recommended

20 QSA Onsite Review Is a detailed audit against the PCI Data Security Standard Potentially targets all systems and networks that store, process and/or transmit cardholder information Includes review of contractual relationships, but not assessment of the Third Party themselves. Must be performed using an offering from a Visa certified provider (QSA) Biggest difficulties in having onsite reviews are the initial scoping and the subsequent cost of correction to compliant levels.

21 Self Assessment Questionnaire
Is a selected subset of the full Onsite Audit Criteria Is completed by the Merchant or Service Provider Is submitted to Acquirer(s) Is made up mainly of Yes/No/Not Applicable responses Is broken into five of the six sections from PCI DSS Build and Maintain a Secure Network Protect Cardholder Data Implement Strong Control Measures Regularly Monitor and Test Networks Maintain an Information Security Policy

22 Network Security Scanning
Targets Internet facing devices, systems and applications including Routers and firewalls Servers and hosts (including virtual) Applications Must be performed using an offering from MasterCard certified provider May not have any Severity 3 or greater issues: 5 (Urgent): Trojan Horses, file read and write exploits, remote command execution 4 (Critical): Potential Trojan Horses, file read exploit 3 (High): Limited exploit of read, directory browsing and denial of service. A Trojan horse, or Trojan, is a type of malware that masquerades as a legitimate file or helpful program but whose real purpose is, for example, to grant a hacker unauthorized access to a computer. A Trojan may give a hacker remote access to a targeted computer system, Trojan horses may steal information, or harm their host computer systems.

23 Merchant Requirements Six Goals, Twelve Requirements
Build and Maintain a Secure Network Install and maintain a firewall configuration to protect cardholder data. Do not use vendor supplied defaults for system passwords and other security parameters Protect Cardholder Data Protect stored cardholder data Encrypt transmissions of cardholder data across open, public networks. Maintain a Vulnerability Management Program Use and regularly update anti-virus software Develop and maintain secure systems and applications

24 Merchant Requirements Six Goals, Twelve Requirements
Implement Strong Access Control Measures Restrict access to cardholder data by business need-to-know Assign a unique ID to each person with computer access Restrict physical access to cardholder data Regularly Monitor and Test Networks Track and monitor all access to network resources and cardholder data Regularly test security systems and processes Maintain an Information Security Policy Maintain a policy that addresses information security

25 CU PCI Compliance Best Practices
Merchants should discontinue to store credit card numbers and the security code on any computer, server, or database. This includes Excel spreadsheets. Treat payment card receipts like you would cash. Keep payment card data secure and confidential. Limit access to system components and cardholder data to only those individuals whose job requires such access. Assign all users a unique ID before allowing them to access system components or cardholder data.

26 CU PCI Compliance Best Practices
Documents containing cardholder data should be kept in a secure environment (i.e. safe, locked file cabinet, etc.). Never send cardholder information via . Credit card numbers must not be transmitted in an insecure manner, such as , unsecured fax or through campus mail. Fax transmittal of cardholder data is permissible only if the receiving fax is located in a secure environment. Render sensitive cardholder data unreadable anywhere it is stored.

27 CU PCI Compliance Best Practices
Manual swipes or imprinters are not authorized for use. Any new systems/software that process payment cards are required to be approved by the Cash and Treasury Office prior to being purchased. Any computer system hosting a credit card application must be housed in CCIT’s data centers due to security requirements. Computer systems that process payment cards must be behind a firewall. Use and regularly update anti-virus software.

28 CU PCI Compliance Best Practices
Do not use vendor-supplied defaults for systems passwords and other security parameters. Computer systems that process payment cards must have the ability to monitor and track access to network resources and cardholder data. Report all suspected or known security breaches to Cash and Treasury Services and CCIT’s Information Security & Privacy. Malicious individuals (external and internal to a company) often use vendor default passwords and other vendor default settings to compromise systems. These passwords and settings are well known by hacker communities and are easily determined via public information

29 Credit Card Data Storage Motto
If you don’t need it, DON’T KEEP IT!

30 CU PCI Compliance Responsibilities
Merchant Complete and submit Security Assessment Questionnaire (SAQ) annually. Each merchant is responsible for their own PCI DSS Compliance. Development of a departmental credit card data information security policy, procedures or plan. Implementation of all data security controls necessary to comply with PCI DSS requirements. Attendance to an annual PCI DSS Compliance Training conducted by the Cash and Treasury Services Department.

31 CU PCI Compliance Responsibilities
Cash and Treasury Services Provide guidance and support to the merchants PCI DSS Compliance efforts. Make recommendations on how to lower a merchants risk of exposure to breaches. Coordinate and assist in the completion and submission of SAQ’s by all merchants. Serve as Liaison between merchant and the Credit Card Processer. Assist merchants in responding to a possible breach.

32 CU PCI Compliance Responsibilities
CCIT Information Security & Privacy Completes and coordinates with Cash and Treasury Services a single Security Assessment Questionnaire (SAQ) for the University. Provide guidance and support to the merchants PCI DSS Compliance efforts from a technical perspective. Make recommendations on how to implement Compensating Controls that will meet particular PCI DSS requirements. Provide Application and Website Vulnerability Scanning. This can also be done at the system level. Assist Merchants/Cash and Treasury Services to a possible breach and breach investigation. Provides information regarding the overall health of the operating system, applications services and patch level of their systems.

33 Virtual Terminals and PCI Compliance
A virtual terminal is a web-based application that allows merchants to accept credit card payments using their Internet connected computers. Like the traditional credit card terminals that you see at most retail stores, virtual terminals can accept both swiped and keyed transactions. Virtual terminal workstations must be segmented and secured. A merchant must meet the following criteria: Merchant’s only payment processing is via a virtual terminal accessed by an Internet-connected web browser

34 Virtual Terminals and PCI Compliance
Merchant accesses the virtual terminal via a computer that is isolated in a single location, and is not connected to other locations or systems within your environment Merchant’s virtual terminal solution is provided and hosted by a PCI DSS validated third party service provider Merchant’s computer does not have software installed that causes cardholder data to be stored (for example, there is no software for batch processing or store-and-forward) Merchant’s computer does not have any attached hardware devices that are used to capture or store cardholder data (for example, there are no card readers attached)

35 Virtual Terminals and PCI Compliance
Merchant does not otherwise receive or transmit cardholder data electronically through any channels (for example, via an internal network or the Internet) Merchant does not store cardholder data in electronic format If merchant does store cardholder data, such data is only in paper reports or copies of paper receipts and is not received electronically.

36 Credit Card Payments Nearly one-third (30%) of students put tuition on their credit card, an increase from 24 percent in the previous study. 84% of the student population overall have credit cards. 92% of undergraduate credit cardholders charged textbooks, school supplies, or other direct education expenses, up from 85% when the study was conducted in 2004 Source: Sallie Mae, “How Undergraduate Students Use Credit Cards:, April 2009)

37 Current credit card payment methods on campus
Credit Card Payments Current credit card payment methods on campus Point of Sale Terminals E-commerce & Online Payment

38 Credit Card Payments In FY 2012, Clemson University merchants processed: Total Transactions (Online and POS): 201,731 Total Revenue (Online and POS): $53,042, Number of Merchants: 110

39 What Gets Overlooked? Paper

40 What Gets Overlooked? People

41 What Gets Overlooked? Process PCI Compliance Cycle

42 Accepting Credit Cards on Campus
Thinking of taking payment cards or changing your current process? Contact Cash and Treasury Services first. Do not go it alone. The state of South Carolina mandates who we can use for credit card processing. PayPal Accounts and devices like Square for your IPAD or IPhone cannot be used. Our current credit card processing companies are FirstData, TouchNet and Official Payments. Contact Cash and Treasury Services for current credit card rates charged by FirstData, TouchNet and Official Payments. Clemson University accepts American Express, Discover, MasterCard and Visa.

43 Just Remember… Data Security is an ongoing process
Recognize the risks at all levels to your department. Understand what you can do to be proactive. Determine what behaviors and processes may have to change.

44 Want to know more? Resources
PCI Data Security Standards PCI for Merchants https://www.pcisecuritystandards.org/merchants/index.php https://www.pcisecuritystandards.org/security_standards/ind ex.php CU Network Security Policy rity.html

45 Points of Contact Has data been compromised? The first 24 hours are critical! Contact: Office of Information Security and Privacy And Cash and Treasury Services Banking and Payment Card Coordinator

46 Points of Contact A confidential Ethics Line is provided as a service to assist any member of the University community with reporting concerns or issues about questionable practices. These may include fraud, theft, conflicts of interest, abuse of assets or property, or violations of laws or regulations. Toll Free: ( FRAUD) Available 24 hours a day, seven days a week. Leave a message. or

47 Questions

48 PCI Compliance Training Questions
1) What Does PCI-DSS Stand For? Protect Computer Identity-Data Security Standard Payment Card Industry-Data Security Standard Payment Card Industry-Data Safety Standard Payment Card Identification-Develop Security Service

49 PCI Compliance Training Questions
1) What Does PCI-DSS Stand For? Protect Computer Identity-Data Security Standard Payment Card Industry-Data Security Standard Payment Card Industry-Data Safety Standard Payment Card Identification-Develop Security Service Answer: B Incorrect Good try. PCI-DSS stands for Payment Card Industry-Data Security Standard. Next Question

50 PCI Compliance Training Questions
1) What Does PCI-DSS Stand For? Protect Computer Identity-Data Security Standard Payment Card Industry-Data Security Standard Payment Card Industry-Data Safety Standard Payment Card Identification-Develop Security Service Answer: B Correct Good Job! The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Next Question

51 PCI Compliance Training Questions
1) What Does PCI-DSS Stand For? Protect Computer Identity-Data Security Standards Payment Card Industry-Data Security Standards Payment Card Industry-Data Safety Standards Payment Card Identification-Develop Security Service Answer: B Incorrect Good try. PCI-DSS stands for Payment Card Industry-Data Security Standard. Next Question

52 PCI Compliance Training Questions
1) What Does PCI-DSS Stand For? Protect Computer Identity-Data Security Standards Payment Card Industry-Data Security Standards Payment Card Industry-Data Safety Standards Payment Card Identification-Develop Security Service Answer: B Incorrect Good try. PCI-DSS stands for Payment Card Industry-Data Security Standard. Next Question

53 PCI Compliance Training Questions
2) When was the Payment Card Industry Security Standards Council launched? September 7th, 2003 September 7th, 2004 September 7th, 2005 September 7th, 2006

54 PCI Compliance Training Questions
2) When was the Payment Card Industry Security Standards Council launched? September 7th, 2003 September 7th, 2004 September 7th, 2005 September 7th, 2006 Answer: D Incorrect Good Try. The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006. Next Question

55 PCI Compliance Training Questions
2) When was the Payment Card Industry Security Standards Council launched? September 7th, 2003 September 7th, 2004 September 7th, 2005 September 7th, 2006 Answer: D Incorrect Good Try. The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006. Next Question

56 PCI Compliance Training Questions
2) When was the Payment Card Industry Security Standards Council launched? September 7th, 2003 September 7th, 2004 September 7th, 2005 September 7th, 2006 Answer: D Incorrect Good Try. The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006. Next Question

57 PCI Compliance Training Questions
2) When was the Payment Card Industry Security Standards Council launched? September 7th, 2003 September 7th, 2004 September 7th, 2005 September 7th, 2006 Answer: D Correct Good Job! The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with focus on improving payment account security throughout the transaction process. Next Question

58 PCI Compliance Training Questions
3) The Payment Card Industry Security Standards Council (PCI SSC) breaks merchants up into 4 compliance levels? True False

59 PCI Compliance Training Questions
3) The Payment Card Industry Security Standards Council (PCI SSC) breaks merchants up into 4 compliance levels? True False Answer: True Correct Good Job! All merchants will fall into one of the four merchant levels based on Visa transaction volume over a 12-month period Next Question

60 PCI Compliance Training Questions
3) The Payment Card Industry Security Standards Council (PCI SSC) breaks merchants up into 4 compliance levels? True False Answer: True Incorrect Good Try. All merchants will fall into one of the four merchant levels based on Visa transaction volume over a 12-month period Next Question

61 PCI Compliance Training Questions
4) The Self-Assessment Questionnaire (SAQ) is filled out by the merchant? True False

62 PCI Compliance Training Questions
4) The Self-Assessment Questionnaire (SAQ) is filled out by the merchant? True False Answer: True Correct Good Job! Merchants processing credit cards are required to complete the SAQ annually. Next Question

63 PCI Compliance Training Questions
4) The Self-Assessment Questionnaire (SAQ) is filled out by the merchant? True False Answer: True Incorrect Good Try. Merchants processing credit cards are required to complete the SAQ annually. Next Question

64 PCI Compliance Training Questions
5) There are 6 requirements for PCI-DSS compliance? True False

65 PCI Compliance Training Questions
5) There are 6 requirements for PCI-DSS compliance? True False Answer: False Correct Good Job! PCI DSS is a set of 12 requirements designed to enhance the security of data in credit card accounts. It helps organizations that process card payments prevent credit card fraud, hacking, and other security threats. The PCI DSS requirements apply to any company that stores, processes, or transmits Primary Account Numbers (PANs). Next Question

66 PCI Compliance Training Questions
5) There are 6 requirements for PCI-DSS compliance? True False Answer: False Incorrect Good Try. PCI DSS is a set of 12 requirements designed to enhance the security of data in credit card accounts. It helps organizations that process card payments prevent credit card fraud, hacking, and other security threats. The PCI DSS requirements apply to any company that stores, processes, or transmits Primary Account Numbers (PANs). Next Question

67 PCI Compliance Training Questions
6) Which of the following is a Clemson University PCI Compliance best practice? Keep payment card data confidential Computer systems that process payment cards must be behind a firewall Render sensitive cardholder data unreadable anywhere it is stored All of the Above

68 PCI Compliance Training Questions
6) Which of the following is a Clemson University PCI Compliance best practice? Keep payment card data confidential Computer systems that process payment cards must be behind a firewall Render sensitive cardholder data unreadable anywhere it is stored All of the Above Answer: D Incorrect Good Try. They are all considered Clemson University PCI Compliance best practices. Next Question

69 PCI Compliance Training Questions
6) Which of the following is a Clemson University PCI Compliance best practice? Keep payment card data confidential Computer systems that process payment cards must be behind a firewall Render sensitive cardholder data unreadable anywhere it is stored All of the Above Answer: D Incorrect Good Try. They are all considered Clemson University PCI Compliance best practices. Next Question

70 PCI Compliance Training Questions
6) Which of the following is a Clemson University PCI Compliance best practice? Keep payment card data confidential Computer systems that process payment cards must be behind a firewall Render sensitive cardholder data unreadable anywhere it is stored All of the Above Answer: D Incorrect Good Try. They are all considered Clemson University PCI Compliance best practices. Next Question

71 PCI Compliance Training Questions
6) Which of the following is a Clemson University PCI Compliance best practice? Keep payment card data confidential Computer systems that process payment cards must be behind a firewall Render sensitive cardholder data unreadable anywhere it is stored All of the Above Answer: D Correct Good Job! They are all considered Clemson University PCI Compliance best practices. Next Question

72 PCI Compliance Training Questions
7) You can send cardholder information via ? True False

73 PCI Compliance Training Questions
7) You can send cardholder information via ? True False Answer: False Incorrect Good try. If you are sending out card data or sensitive information by , you must always ensure that you encrypt it. If you do not have encrypted you cannot send cardholder information via . Next Question

74 PCI Compliance Training Questions
7) You can send cardholder information via ? True False Answer: False Correct Good Job! If you are sending out card data or sensitive information by , you must always ensure that you encrypt it. If you do not have encrypted you cannot send cardholder information via . Next Question

75 PCI Compliance Training Questions
8) Which of the following is a PCI Compliance responsibility for the merchant? Complete the Self-Assessment Questionnaire Development of a departmental credit card data information security policy, procedures or plan Attend annual PCI DSS Compliance Training All of the Above

76 PCI Compliance Training Questions
8) Which of the following is a PCI Compliance responsibility for the merchant? Complete the Self-Assessment Questionnaire Development of a departmental credit card data information security policy, procedures or plan Attend annual PCI DSS Compliance Training All of the Above Answer: D Incorrect Good try. They are all considered PCI Compliance responsibilities for the merchant. Next Question

77 PCI Compliance Training Questions
8) Which of the following is a PCI Compliance responsibility for the merchant? Complete the Self-Assessment Questionnaire Development of a departmental credit card data information security policy, procedures or plan Attend annual PCI DSS Compliance Training All of the Above Answer: D Incorrect Good try. They are all considered PCI Compliance responsibilities for the merchant. Next Question

78 PCI Compliance Training Questions
8) Which of the following is a PCI Compliance responsibility for the merchant? Complete the Self-Assessment Questionnaire Development of a departmental credit card data information security policy, procedures or plan Attend annual PCI DSS Compliance Training All of the Above Answer: D Incorrect Good try. They are all considered PCI Compliance responsibilities for the merchant. Next Question

79 PCI Compliance Training Questions
8) Which of the following is a PCI Compliance responsibility for the merchant? Complete the Self-Assessment Questionnaire Development of a departmental credit card data information security policy, procedures or plan Attend annual PCI DSS Compliance Training All of the Above Answer: D Correct Good Job! They are all considered PCI Compliance responsibilities for the merchant. Next Question

80 PCI Compliance Training Questions
9) A virtual terminal workstation can be located in an open area for anyone to use? True False

81 PCI Compliance Training Questions
9) A virtual terminal workstation can be located in an open area for anyone to use? True False Answer: False Incorrect Good Try. Virtual terminal workstations must be segmented and secured. Next Question

82 PCI Compliance Training Questions
9) A virtual terminal workstation can be located in an open area for anyone to use? True False Answer: False Correct God Job! Virtual terminal workstations must be segmented and secured. Next Question

83 PCI Compliance Training Questions
10) PayPal or devices like Square can be used to accept payments on campus? True False

84 PCI Compliance Training Questions
10) PayPal or devices like Square can be used to accept payments on campus? True False Answer: False Incorrect Good Try. Clemson University is mandated by the state of South Carolina to use certain credit card processors. The state works with the credit card processing company to get the best credit card rates. Finish

85 PCI Compliance Training Questions
10) PayPal or devices like Square can be used to accept payments on campus? True False Answer: False Correct Good Job! Clemson University is mandated by the state of South Carolina to use certain credit card processors. The state works with the credit card processing company to get the best credit card rates. Finish

86 Thank you for taking the PCI Compliance Training. Need More Help
Thank you for taking the PCI Compliance Training. Need More Help? Contact Cathy Freeman at or

87 To acknowledge that you have read and completed the online PCI Compliance training, continue to the website below. Clemson.edu/esig


Download ppt "PCI-DSS Compliance and Payment Card Acceptance"

Similar presentations


Ads by Google