Merchant Accounts Updates System down?- Voice Authorization – Need MID. Questions on Accounts? DST /7 service –Statement issues –Authorization Problems –Supplies Bursar Support Services –Dial Pay –Wireless Terminal –POS
Frequently Asked Questions Service Charges – –No- Varied rules between Visa and other card brands. Flat fee versus %. –May be some legislation changes –No service charge encourages prompt payment customer response Establishing minimum charge amount- –Card organizations forbid you from establishing any transaction dollar limits.
More FAQ’s Requiring pictured identification –Card organizations state the credit card sale cannot be turned down due to lack of picture id. Phone authorization Card not signed Suspected counterfeit card Fax Machines & Laptops MOTO’s - Virtual Terminals & Dial Pay
Reducing Credit Card Fees Enter the correct zip code when a card number must be hand- keyed. Card not present transactions –Use the AVS – address verification service –Answer all terminal prompted questions –Use an invoice number, enter the last four digits of the card number for reference Clean card readers regularly so they capture all magnetic stripe information. One way to do this is to wrap a dollar bill around a card and swipe it through the terminal a few times.
PCI –DSS Compliance Payment Card Industry- Data Security Standard- 225 specifics governing technical & operational processes Consequences: –Large Monetary fines –Restrictions on merchant processing –Loss of privilege Merchant Responsible Persons are responsible for ALL of them
Payment Methods & Validation Requirements
SAQ Validation What Have We Learned?- That in this case-Left is always better! Upcoming Third Party SAQ Validation Audit – –All SAQ C’s will be reviewed thoroughly! –SAQ A’s & B’s will be sampled. –PCI File Review Written Department Policies Copy of Completed SAQ in File Process Map Successful Vulnerability Scans (if applicable) Merchant Agreement
Campus PCI Self Assessment Questionnaire –Annual –A great % of merchants have completed Security Policies/Procedures –Departmental –Campus
Compliance Failures –Shopping Cart, Operating Systems and Other Patches –Firewall Rule Review –Segmentation /flat networks –Look for an alternative (“Move to the left”) –Keep MOTO to Dial Pay or Point of Sale Terminal –Paper processes –Lack of written department policies –Discovering sensitive information in storage/old files etc.
An Internet Web Site provided by the state shall contain a privacy statement to disclose the information gathering and dissemination practices related to the Internet. The Privacy Statement shall describe at a minimum the following: Notice regarding what services the web site provides A person’s ability to choose to proceed with the transaction and the alternatives available Who has access to the information the person provides What security measures are in place to protect the person’s private information and what information will be protected.
Departments that have written their own Eller Bookstore (link at bottom left of page) College of Agriculture and Life Sciences Human Resources
Departments specific intro paragraph linked to UA’s Electronic Privacy Statement UA Facilitators Library Southwest Asthma & Allergy (AHSC) Other Office of Enrollment Management https://admissions.arizona.edu/policy/privacy.aspx Student Unions
If Compromise is computer based Disconnect computer from internet Do not turn computer off or reboot Do not run Antivirus Immediately contact: Department IT Support Person Information Security Office 621-UISO (8476) Or FSO Bursar’s Merchant Liaison Robbyn Lennon Immediately contact: Department IT Support Person Information Security Office 621-UISO (8476) Or FSO Bursar’s Merchant Liaison Robbyn Lennon
Awareness Presentations Mandatory All Employee Awareness Visa’s Business Guide to Data Security – link available on security.arizona.edu/pci under section 4 entitled “Implementation” Department Specific Awareness Session Other Awareness UA.infosec monthly newsletter communications sent via merchant listserv
Resources –Kelley Bogart – ISO –Robbyn Lennon – FSO-Bursar’s –Security Metrics – Securitymetrics.com –BankofAmerica.com/merchantsupport –https://www.pcisecuritystandards.org/ Prioritized Approach for DSS https://www.pcisecuritystandards.org/education/prioritized.shtml PCI Quick Reference Guide https://www.pcisecuritystandards.org/pdfs/pci_ssc_quic
Certificate of Attendance Annual Campus Merchant Awareness Training October 19, 2010 __________________ ______________________ Robbyn Lennon Kelley Bogart FSO-Bursar’s UA Info Sec