Presentation on theme: "Lessons Learned Data and Asset Security FOCUS Spring 2006 Chuck Banner UVA-Wise."— Presentation transcript:
Lessons Learned Data and Asset Security FOCUS Spring 2006 Chuck Banner UVA-Wise
Primary Areas of Interest Banking Credit Cards Cash Handling Web Based Transactions
Banking Unauthorized Checking Accounts Recognized Student Organizations Student Groups Faculty Sponsored Groups
Banking SSteps to take for unauthorized checking accounts: Annually review with all local banks any use of tax identification numbers Talk with student organizations about their options for handling their finances Remind faculty members of the liabilities involved with improper use of tax identification number and the repercussions
Credit Cards Where are they on my campus? Who is responsible for them on my campus? What has been done to properly monitor usage? How are transactions being processed?
Credit Cards Proper training of all areas which accept credit cards for payment Working knowledge of PCI-DSS Annual required training on PCI-DSS Ensure compliance with college, university and Department of Accounts (DOA) policies and procedures
Credit Cards Proper installation of terminals Establish user codes to identify the user who processed the transaction Require training of any new employee who processes credit card transactions Conduct annual “reviews” of campus wide credit card locations
Cash Handling Ensure all areas which handle cash or checks are familiar with the depositing requirements Some Examples: An area holding deposits taken during spring orientations until summer A professor collecting educational “trip” deposits and holding funds until the time to pay for the trip
Cash Handling Keep your eyes and ears out for “Petty Cash” funds Listen to students, faculty, and staff. You can learn many things. Sometimes the guilty will tell on themselves. Verify authorized petty cash accounts and amounts regularly
Cash Handling Departmental “Materials” Charges Look at departments that have consumable items Once again listen to students
Web Based Transactions Areas taking credit card transactions via the web seem to crop up overnight When credit cards are being used the customer needs to know who they are dealing with
Web Based Transactions Some questions need to be asked about these transactions: Who authorizes areas to use a third party vendor to handle these transactions? How will the college or university receive any funds collected? How will you verify whom the funds are for and how they are to be applied?