Presentation is loading. Please wait.

Presentation is loading. Please wait.

Accepting Credit Cards and PCI Compliance

Similar presentations

Presentation on theme: "Accepting Credit Cards and PCI Compliance"— Presentation transcript:

1 Accepting Credit Cards and PCI Compliance
What are the Requirements? Information Session

2 Agenda Who Key Players What PCI Compliant Why World events When Now
Where All campus How Education/Work If you are a merchant that accepts credit cards cards, you are required to be compliant with the Payment Card Industry Data Security Standards or PCI DSS

3 Who Key Players Moneris Solutions
PCI Security Standards Council (who oversee the Payment Card Information Data Security Standards (PCI DSS)) Merchants - MUN and MUN Depts

4 Who Moneris Solutions Moneris Solutions is a joint investment between RBC Royal Bank and BMO Bank of Montreal that was launched in December 2000. Transaction processing is their business; VISA, Mastercard, Debit They provide a full range of service and products from point of sale terminals to full e-commerce solutions. Quote from web page: “Moneris is the industry leader in payment processing because we focus all our efforts on the three key elements of payment processing - technology, innovation and people “ Moneris is the supplier to Memorial for all our credit card processing; no other company is allowed to be used.

5 Who PCI Security Standards Council
Founded in 2006 by some of the largest credit card companies including VISA and Mastercard Responsible for PCI Security Standards The payment card companies themselves would levy any fines and penalties that arise due to non compliance. The PCI Security Standards Council is an open global forum, launched in 2006, that is responsible for the development, management, education, and awareness of the PCI Security Standards, including the Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements.

6 Who Memorial University
We accept credit cards We are required to be PCI DSS Compliant

7 What Payment Card Information Data Security Standards (PCI DSS)
Started by combining VISA and Mastercard account and cardholder security programs The result is a set of 12 requirements The PCI Data Security Standard represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information. Initially created by aligning Visa's Account Information Security (AIS)/Cardholder Information Security (CISP) programs with MasterCard's Site Data Protection (SDP) program, the standard provides an actionable framework for developing a robust account data security process - including preventing, detecting and reacting to security incidents. The updated version, version 1.1, developed by the founding members of the PCI Security Standards Council, became effective with the launch of the PCI Security Standards Council. Show video Look at #1 document

8 Why How did we get here? The electronic age makes merchants the new target for financial fraud Lax security by a merchant enables criminals to steal and use consumer financial information from payment card transactions and processing systems

9 Why Fraud Sony admitted that the personal details of 77M users were hacked. Winners and HomeSense parent, TJX Co. lost millions of customers information to hackers. Brock University lost personal information of donors to unauthorized access.

10 When Timing MUN has been “working” on this since 2007
Still working towards total compliance

11 Where At MUN Who is responsible?
Everyone (locally to a dept; or centrally) Person who handles the hardware (credit card machine) Person who accepts a credit card as payment Person who designs a web page to accept credit cards Person who looks after MUN’s databases MUN’s Security Officer Centrally means it’s a C&C responsibility or MUN Security Officier; or Moneris Administrator; or Financial and Administrative Services Locally means the dept who has the machine; credit card acceptance is decentralized so each dept that requests to accept credit card by any method accepts this responsibility.

12 How What to Secure? Electronic connections/transmission
Hardware – Machines Electronic storage of records Paper based storage of records What to Secure? Focus on protecting cardholder data under your control You are responsible for protecting cardholder data at the point of sale, and as it flows into the payment system. The best step you can take is to not store any cardholder data. Compliance with the PCI standard includes protecting: Card readers Point of sale systems Store networks & wireless access routers Payment card data storage and transmission Payment card data stored in paper-based records

13 How Types of Connections
Connectivity (central responsible) Telephone lines IP lines over the internet Virtual terminal Pin pads (connected to a computer)

14 How Hardware – Machines
Security of Hardware hand held machines It must be secure (locally) Used properly (swipe; chip) (locally) Up to date technology and security (centrally) These are the hand held machines; pin pads; portable. Behind a counter, under the counter; not in view or reach of the public. You can get a tether to have it attached. Wireless are less secure so more precautions must be taken with them. Technology and security – Moneris will ensure we have the up to date machine required. See documents # 2, 3, 4, 5 ,6

15 How Electronic storage of records (Centrally)
Credit card numbers; CVC’s Current system do not “capture” these details Do not “manually” capture” What are reasons credit card number and details would be written down? Ask attendees.

16 How Security Features Chip PAN – Primary Account number Expiry date
CID – Amex Magnetic stripe CA2/CID/CVC2/CVV2 (Discover/ JCB/Mastercard/Visa)

17 How Paper based storage of records
Credit card numbers; CVC’s Never maintained (locally) If written down; ensure in secure place until shredded or at cashiers office (locally)

18 How Awareness Face to Face
Suspicious customer behaviour Card security features and Proper processing procedures Code 10 authorizations Fraud Prevention begins with keeping your eyes and ears open. Signs of suspicious customer behaviour can include: Customer has randomly collected merchandise without the usual care Customer may appear nervous or in a hurry The customer may take the card from their pocket instead of their wallet and the signatures may not match Customer makes large, random, expensive purchases

19 How Credit Card itself All cards are designed with special security features to deter counterfeiting and alteration. When you are presented with a card, look for the following elements: On the front Verify the match of print and embossing Embossing Hologram Valid Date Compare account numbers On the back Signature panel Signature

20 … nothing is more important than keeping your customer’s payment card data secure
We do not want Memorial to be a news story!

21 Questions/Comments/Concerns. Contact: Heather Whelan hjwhelan@mun
Questions/Comments/Concerns? Contact: Heather Whelan Thanks so much for coming. If you have any questions or would like links to any of the sites or information please contact me.

Download ppt "Accepting Credit Cards and PCI Compliance"

Similar presentations

Ads by Google