Merchant Accounts Updates System down?- Voice Authorization- 1.800.936.2632 – Need MID. Questions on Accounts? DST 1.800.228.5882- 24/7 service –Statement issues –Authorization Problems –Supplies Bursar Support Services –Dial Pay –Wireless Terminal –POS
Frequently Asked Questions Service Charges – –No- Varied rules between Visa and other card brands. Flat fee versus %. –May be some legislation changes –No service charge encourages prompt payment customer response Establishing minimum charge amount- –Card organizations forbid you from establishing any transaction dollar limits.
More FAQ’s Requiring pictured identification –Card organizations state the credit card sale cannot be turned down due to lack of picture id. Phone authorization Card not signed Suspected counterfeit card Fax Machines & Laptops MOTO’s - Virtual Terminals & Dial Pay
Reducing Credit Card Fees Enter the correct zip code when a card number must be hand- keyed. Card not present transactions –Use the AVS – address verification service –Answer all terminal prompted questions –Use an invoice number, enter the last four digits of the card number for reference Clean card readers regularly so they capture all magnetic stripe information. One way to do this is to wrap a dollar bill around a card and swipe it through the terminal a few times.
PCI –DSS Compliance Payment Card Industry- Data Security Standard- 225 specifics governing technical & operational processes Consequences: –Large Monetary fines –Restrictions on merchant processing –Loss of privilege Merchant Responsible Persons are responsible for ALL of them
SAQ Validation What Have We Learned?- That in this case-Left is always better! Upcoming Third Party SAQ Validation Audit – –All SAQ C’s will be reviewed thoroughly! –SAQ A’s & B’s will be sampled. –PCI File Review Written Department Policies Copy of Completed SAQ in File Process Map Successful Vulnerability Scans (if applicable) Merchant Agreement
Campus PCI Self Assessment Questionnaire –Annual –A great % of merchants have completed Security Policies/Procedures –Departmental –Campus
Compliance Failures –Shopping Cart, Operating Systems and Other Patches –Firewall Rule Review –Segmentation /flat networks –Look for an alternative (“Move to the left”) –Keep MOTO to Dial Pay or Point of Sale Terminal –Paper processes –Lack of written department policies –Discovering sensitive information in storage/old files etc.
An Internet Web Site provided by the state shall contain a privacy statement to disclose the information gathering and dissemination practices related to the Internet. The Privacy Statement shall describe at a minimum the following: Notice regarding what services the web site provides A person’s ability to choose to proceed with the transaction and the alternatives available Who has access to the information the person provides What security measures are in place to protect the person’s private information and what information will be protected. http://security.arizona.edu/privacy_statement
Departments that have written their own Eller http://www.eller.arizona.edu/privacy.asp http://www.eller.arizona.edu/privacy.asp Bookstore (link at bottom left of page) http://www.uofabookstores.com/uaz/ College of Agriculture and Life Sciences http://ag.arizona.edu/general/privacy.html Human Resources http://www.hr.arizona.edu/09_rel/privacy.php
Departments specific intro paragraph linked to UA’s Electronic Privacy Statement UA Facilitators http://askus.arizona.edu/privacy.shtml http://askus.arizona.edu/privacy.shtml Library http://www.library.arizona.edu/about/access/privacy.html http://www.library.arizona.edu/about/access/privacy.html Southwest Asthma & Allergy (AHSC) http://allergy.peds.arizona.edu/southwest/ Other Office of Enrollment Management https://admissions.arizona.edu/policy/privacy.aspx Student Unions http://www.union.arizona.edu/privacy.php
If Compromise is computer based Disconnect computer from internet Do not turn computer off or reboot Do not run Antivirus Immediately contact: Department IT Support Person Information Security Office 621-UISO (8476) firstname.lastname@example.org Or FSO Bursar’s Merchant Liaison Robbyn Lennon 621-5781 Immediately contact: Department IT Support Person Information Security Office 621-UISO (8476) email@example.com Or FSO Bursar’s Merchant Liaison Robbyn Lennon 621-5781
Awareness Presentations Mandatory All Employee Awareness Visa’s Business Guide to Data Security – link available on security.arizona.edu/pci under section 4 entitled “Implementation” Department Specific Awareness Session Other Awareness UA.infosec monthly newsletter Email communications sent via merchant listserv