Presentation on theme: "Accepting Credit Cards and PCI Compliance What are the Requirements? Information Session."— Presentation transcript:
Accepting Credit Cards and PCI Compliance What are the Requirements? Information Session
Agenda WhoKey Players WhatPCI Compliant WhyWorld events WhenNow Where All campus HowEducation/Work
WhoKey Players Moneris Solutions PCI Security Standards Council (who oversee the Payment Card Information Data Security Standards (PCI DSS)) Merchants - MUN and MUN Depts
WhoMoneris Solutions Moneris Solutions is a joint investment between RBC Royal Bank and BMO Bank of Montreal that was launched in December 2000. Transaction processing is their business; VISA, Mastercard, Debit They provide a full range of service and products from point of sale terminals to full e-commerce solutions.
WhoPCI Security Standards Council Founded in 2006 by some of the largest credit card companies including VISA and Mastercard Responsible for PCI Security Standards The payment card companies themselves would levy any fines and penalties that arise due to non compliance.
WhoMemorial University We accept credit cards We are required to be PCI DSS Compliant
WhatPayment Card Information Data Security Standards (PCI DSS) Started by combining VISA and Mastercard account and cardholder security programs The result is a set of 12 requirements
WhyHow did we get here? The electronic age makes merchants the new target for financial fraud Lax security by a merchant enables criminals to steal and use consumer financial information from payment card transactions and processing systems
WhyFraud Sony admitted that the personal details of 77M users were hacked. Winners and HomeSense parent, TJX Co. lost millions of customers information to hackers. Brock University lost personal information of donors to unauthorized access.
WhenTiming MUN has been “working” on this since 2007 Still working towards total compliance
Where At MUN Who is responsible? Everyone (locally to a dept; or centrally) Person who handles the hardware (credit card machine) Person who accepts a credit card as payment Person who designs a web page to accept credit cards Person who looks after MUN’s databases MUN’s Security Officer
HowWhat to Secure? Electronic connections/transmission Hardware – Machines Electronic storage of records Paper based storage of records
HowTypes of Connections Connectivity (central responsible) Telephone lines IP lines over the internet Virtual terminal Pin pads (connected to a computer)
HowHardware – Machines Security of Hardware hand held machines It must be secure (locally) Used properly (swipe; chip) (locally) Up to date technology and security (centrally)
HowElectronic storage of records (Centrally) Credit card numbers; CVC’s Current system do not “capture” these details Do not “manually” capture”
HowPaper based storage of records Credit card numbers; CVC’s Never maintained (locally) If written down; ensure in secure place until shredded or at cashiers office (locally)
How Awareness Face to Face 1.Suspicious customer behaviour 2.Card security features and 3.Proper processing procedures 4.Code 10 authorizations
HowCredit Card itself All cards are designed with special security features to deter counterfeiting and alteration. When you are presented with a card, look for the following elements: On the front Verify the match of print and embossing Embossing Hologram Valid Date Compare account numbers On the back Signature panel Signature
… nothing is more important than keeping your customer’s payment card data secure