Presentation is loading. Please wait.

Presentation is loading. Please wait.

Welcome to the 2010 Annual Campus Merchant Awareness Training Meeting.

Similar presentations


Presentation on theme: "Welcome to the 2010 Annual Campus Merchant Awareness Training Meeting."— Presentation transcript:

1 Welcome to the 2010 Annual Campus Merchant Awareness Training Meeting

2 Agenda Introductions Merchant Account Updates FAQ’s Reducing Credit Card Fees PCI Compliance Campus Information Security Office Resources

3 Merchant Accounts Updates System down?- Voice Authorization- 1.800.936.2632 – Need MID. Questions on Accounts? DST 1.800.228.5882- 24/7 service –Statement issues –Authorization Problems –Supplies Bursar Support Services –Dial Pay –Wireless Terminal –POS

4 Merchant Accounts Updates TerminalsFraud Control- http://usa.visa.com/merchants/risk_management /index.html PCI Compliance PCI-DSS 2.0 update New details required to open new accounts- Consumer Data Privacy Policy

5 Frequently Asked Questions Service Charges – –No- Varied rules between Visa and other card brands. Flat fee versus %. –May be some legislation changes –No service charge encourages prompt payment customer response Establishing minimum charge amount- –Card organizations forbid you from establishing any transaction dollar limits.

6 More FAQ’s Requiring pictured identification –Card organizations state the credit card sale cannot be turned down due to lack of picture id. Phone authorization Card not signed Suspected counterfeit card Fax Machines & Laptops MOTO’s - Virtual Terminals & Dial Pay

7 Reducing Credit Card Fees Enter the correct zip code when a card number must be hand- keyed. Card not present transactions –Use the AVS – address verification service –Answer all terminal prompted questions –Use an invoice number, enter the last four digits of the card number for reference Clean card readers regularly so they capture all magnetic stripe information. One way to do this is to wrap a dollar bill around a card and swipe it through the terminal a few times.

8 PCI –DSS Compliance Payment Card Industry- Data Security Standard- 225 specifics governing technical & operational processes Consequences: –Large Monetary fines –Restrictions on merchant processing –Loss of privilege Merchant Responsible Persons are responsible for ALL of them

9 http://security.arizona.edu/pci

10 Payment Methods & Validation Requirements

11 SAQ Validation What Have We Learned?- That in this case-Left is always better! Upcoming Third Party SAQ Validation Audit – –All SAQ C’s will be reviewed thoroughly! –SAQ A’s & B’s will be sampled. –PCI File Review Written Department Policies Copy of Completed SAQ in File Process Map Successful Vulnerability Scans (if applicable) Merchant Agreement

12 Campus PCI Self Assessment Questionnaire –Annual –A great % of merchants have completed Security Policies/Procedures –Departmental –Campus

13 Compliance Failures –Shopping Cart, Operating Systems and Other Patches –Firewall Rule Review –Segmentation /flat networks –Look for an alternative (“Move to the left”) –Keep MOTO to Dial Pay or Point of Sale Terminal –Paper processes –Lack of written department policies –Discovering sensitive information in storage/old files etc.

14 Privacy Policy Incident Reporting Awareness Questions

15 An Internet Web Site provided by the state shall contain a privacy statement to disclose the information gathering and dissemination practices related to the Internet. The Privacy Statement shall describe at a minimum the following: Notice regarding what services the web site provides A person’s ability to choose to proceed with the transaction and the alternatives available Who has access to the information the person provides What security measures are in place to protect the person’s private information and what information will be protected. http://security.arizona.edu/privacy_statement

16 Departments that have written their own Eller http://www.eller.arizona.edu/privacy.asp http://www.eller.arizona.edu/privacy.asp Bookstore (link at bottom left of page) http://www.uofabookstores.com/uaz/ College of Agriculture and Life Sciences http://ag.arizona.edu/general/privacy.html Human Resources http://www.hr.arizona.edu/09_rel/privacy.php

17 Departments specific intro paragraph linked to UA’s Electronic Privacy Statement UA Facilitators http://askus.arizona.edu/privacy.shtml http://askus.arizona.edu/privacy.shtml Library http://www.library.arizona.edu/about/access/privacy.html http://www.library.arizona.edu/about/access/privacy.html Southwest Asthma & Allergy (AHSC) http://allergy.peds.arizona.edu/southwest/ Other Office of Enrollment Management https://admissions.arizona.edu/policy/privacy.aspx Student Unions http://www.union.arizona.edu/privacy.php

18 Know what the UA’s Electronic Privacy Statement says Department specific Privacy Policy needs to include specific information that differs from the UA’s Privacy Statement Department specific Privacy Policy’s that include more then an introductory paragraph linking to UA’s Electronic Privacy Statement should be reviewed by legal Easy to find department contact information

19 If Compromise is computer based Disconnect computer from internet Do not turn computer off or reboot Do not run Antivirus Immediately contact: Department IT Support Person Information Security Office 621-UISO (8476) iso@u.arizona.edu Or FSO Bursar’s Merchant Liaison Robbyn Lennon 621-5781 Immediately contact: Department IT Support Person Information Security Office 621-UISO (8476) iso@u.arizona.edu Or FSO Bursar’s Merchant Liaison Robbyn Lennon 621-5781

20 Awareness Presentations Mandatory All Employee Awareness Visa’s Business Guide to Data Security – link available on security.arizona.edu/pci under section 4 entitled “Implementation” Department Specific Awareness Session Other Awareness UA.infosec monthly newsletter Email communications sent via merchant listserv

21

22 Resources –Kelley Bogart – ISO - 626.8232 –Robbyn Lennon – FSO-Bursar’s - 621.5781 –Security Metrics – Securitymetrics.com –BankofAmerica.com/merchantsupport –https://www.pcisecuritystandards.org/ Prioritized Approach for DSS 1.2 - https://www.pcisecuritystandards.org/education/prioritized.shtml PCI Quick Reference Guide https://www.pcisecuritystandards.org/pdfs/pci_ssc_quic

23 Certificate of Attendance Annual Campus Merchant Awareness Training October 19, 2010 __________________ ______________________ Robbyn Lennon Kelley Bogart FSO-Bursar’s UA Info Sec


Download ppt "Welcome to the 2010 Annual Campus Merchant Awareness Training Meeting."

Similar presentations


Ads by Google