Presentation is loading. Please wait.

Presentation is loading. Please wait.

Langara College PCI Awareness Training

Published byErick Baker Modified over 8 years ago

Similar presentations

Presentation on theme: "Langara College PCI Awareness Training"— Presentation transcript:

1 Langara College PCI Awareness Training

2 Have you heard of PCI? Due to the increase of credit card fraud and identity theft, major credit card companies like Visa, MasterCard and Amex have formed a security council called the Payment Card Industry Security Standards Council (PCI-SSC). PCI-SSC’s mission is to enhance payment card data security to minimize credit card fraud worldwide. For more information about PCI-SSC please visit their website at:

3 Awareness is key for preventing payment card fraud!
PCI-SSC The PCI Council was formed to protect cardholder data by educating merchants & the public about PCI Security. PCI has established 12 high level security standards consisting of up to 254 stringent requirements that merchants worldwide must achieve and maintain. Awareness is key for preventing payment card fraud!

4 Welcome to PCI awareness training
Welcome to Payment Card Industry (PCI) awareness training on secure credit and debit card handling practices at Langara College. PCI Data Security Standards (PCI DSS) encompasses both credit and debit cards. For the purposes of this training, reference is made to payment cards, which means both credit and debit cards. This training will provide you with information on what you need to know as a Langara employee, and also how to protect your own payment cards.

5 Who needs training? To achieve and maintain PCI compliance requirements, the following training must be completed annually by: New and existing employees that handle and/or process payment cards. New and existing employees that MAY come in contact with payment card numbers or information.

6 Before we get started This module contains an overview of secure payment card handling practices This lesson is interactive and audio-free Please advance through the 22 slides using the PLAY (advance arrow) button located at the bottom left of the page Estimated time to complete the presentation is 10 minutes

7 You play a crucial role in protecting Langara from credit and debit card fraud
To ensure we process payment card transactions safely and securely, we developed this training to educate employees on: Why credit and debit card security is important What the PCI project is all about What the risks might be if Langara experienced a breach What precautions employees should take when handling payment card information

8 Have you ever thought about…
How many credit cards you have in your wallet? How often you use your credit or debit card to purchase goods or services? How many credit cards you process or handle each day? If you’re using a credit card safely?

9 Why should secure payment card handling be important to you?
Every year 540,400 Canadians suffer financial loss due to credit card fraud The convenience of online purchasing has increased the exposure of credit card information and personal data to hackers Victims of fraud can experience huge financial losses, invasion of privacy and identity theft Safe and secure credit card handling is everyone’s responsibility

10 Is your information secure?
Between April and September 2014, Home Depot was hacked by unauthorized user(s) compromising over 56 million credit cards and user accounts. Other notable cases: 36% of Canadian companies in a study had experienced one or more cyber attacks in 2014 40 million customers affected 1.16 million credit cards affected 2.6 million credit cards affected Instead of referencing protecting personal information, let’s make the focus of this slide on examples of other institutions being compromised.

11 How do hackers steal information?
Techniques: Phishing - s that direct you to enter your personal information in a fake website that “looks” legitimate. Spyware - to intercept or take control of your computer. Skimming – RFID readers can be used to create a duplicate of your credit card. Hacking – unauthorized access of your computer network Say who “they” is, and delete “my”

12 How does PCI apply to my work?
College Policy establishes guidelines to protect Langara from possible repercussions of non-compliance including: Revocation of credit card acceptance privileges and resulting effects on business operations Fraudulent manipulation of cardholder data Damage to Langara’s reputation Potential legal issues and insurance claims Substantial card issuer fines Loss of customer trust Help protect the college’s business and reputation by recognizing your responsibilities in safe credit card handling!

13 Why is PCI important? Departments such as the Registrar’s Office, International Education, Continuing Studies, the Bookstore and Financial Services accept credit and debit card payments. To protect the Langara community, every business unit that comes into contact with payment card transactions must follow secure card handling procedures In order to continue accepting payment cards, we must adhere to the security standards established by the PCI Council.

14 Why is PCI important? (Cont’d)
94% of PCI DSS compliant companies say compliance improves their relationship with business partners $100K+ Potential cost of monthly fines for non-compliance PCI requirements $5.5M Average cost of a data breach 2.35 years Average time it takes merchants to become PCI compliant

15 How do we process credit cards?
Langara uses PIN Pads for in-person transactions and various third-party applications to process online credit card payments. A PIN Pad is an electronic device used to input and encrypt the cardholder’s Personal Identification Number (PIN) for debit and credit card transactions PIN Pads are also know as: Stand-alone terminals, Credit/debit machines, POS device/Point of Sale terminal, Moneris device

16 Keeping our PIN Pads & Payment Processing Equipment Secure
To help keep our PIN Pads and payment processing equipment secure: Check daily to ensure the PIN Pad is safeguarded against tampering or replacement with a fraudulent device Only allow authorized staff to operate credit card handling equipment Ensure the credit card terminal truncates the card account number so that only the last 4 digits are visible

17 Do Not Store Payment Card Data
NEVER save and store payment card data in: Electronic files such as Excel, Word, PowerPoint or Shared drive folders, on your desktop or personal folders A document - if you write down a credit card number, destroy or delete it immediately after the transaction

18 Phone Transactions When accepting credit card information over the phone, ensure: The credit card number is entered into a PIN Pad device or online third party payment application If written down, the credit card number is destroyed or deleted immediately after processing the transaction The credit card number is not saved in a document

19 In-person transactions
In-person credit card payments require, The credit card be present at the time of payment. The credit card be inserted into the PIN Pad device if it contains chip technology and a PIN is entered. Swiping the card if it does not have chip technology, and a signature is provided. That credit card numbers not be manually entered into a PIN Pad device for in-person transactions.

20 Keeping current on PCI It is important for all Langara employees that handle or may come in contact with credit card information to keep up with any changes that effect credit card security by reviewing this online information annually. Langara has current policy and procedures for handling credit and debit cards ( The best way to ensure you’re up to date is to visit Langara’s PCI website ( You can also check out the PCI website at: If you are aware of any areas or new processes where cardholder data exists and/or is not being adequately secured please talk to your manager and review Langara’s current policy and procedures (see link above). Instead of project site, reference Finance site.

21 Keeping current on PCI: PCI Project
The project objectives are to ensure Langara is compliant with PCI requirements by implementing new, or enhancing current processes to secure credit and debit card transactions. One of the strategies for PCI compliance is to outsource the processing of credit card information to a third party, which reduces the work that Langara must do to ensure compliancy. If a credit card breach were to occur, the consequences will affect all business units within the college. Current project status (as of July 2015): Initial assessment complete Analysis and documentation of non-compliant areas complete Employee Security awareness training started in Fall 2015 Analysis and implementation of solutions for non-compliant areas in progress For more information, please visit the project website:

22 Congratulations! You have completed your annual PCI online awareness information review. By reviewing this online module you acknowledge and understand the information presented. If you have any questions regarding the information provided in this online module or do not understand the implications of the policy, please contact Financial Services.

Download ppt "Langara College PCI Awareness Training"

Similar presentations

Learning Objectives Understand the shifts that are occurring with regard to online payments. Discuss the players and processes involved in using credit.

Learning Objectives Understand the shifts that are occurring with regard to online payments. Discuss the players and processes involved in using credit.
What we all need to know. Approval Date: April 30, 2012 Approved by: President's Council.

What we all need to know. Approval Date: April 30, 2012 Approved by: President's Council.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
This refresher course will:

This refresher course will:
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Accepting Credit Cards and PCI Compliance

Accepting Credit Cards and PCI Compliance
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.

1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.
C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?

C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?
© Vendor Safe Technologies 2008 B REACHES BY M ERCHANT T YPE 70% 1% 9% 20% Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits.

© Vendor Safe Technologies 2008 B REACHES BY M ERCHANT T YPE 70% 1% 9% 20% Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits.
Credit / Debit Card Electronic Payments Industry Update on Convenience Fees, Utility Program and More! Presented by: Presented by: Michael Hodge, Regional.

Credit / Debit Card Electronic Payments Industry Update on Convenience Fees, Utility Program and More! Presented by: Presented by: Michael Hodge, Regional.
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations

Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Around the World, Around the Corner WorldPay for Small Business.

Around the World, Around the Corner WorldPay for Small Business.
Why Comply with PCI Security Standards?

Why Comply with PCI Security Standards?

Similar presentations

Ads by Google