Credit Cards at Fermilab Irwin Gaines Computer Security Awareness Day 9-Nov-2010.

Slides:

Advertisements

Similar presentations

Session 4: Data Privacy and Fraud Moderator: Bill Houck, Director, Risk Management, UATP Panelist: Peter Warner, EVP, Retail Decisions Cherie Lauretta,

Advertisements

MIT Web Credit Card Processing Lorraine J. Rappaport.

What we all need to know. Approval Date: April 30, 2012 Approved by: President's Council.

New PCI Credit Card Security Requirements An in depth look at how to apply the new standards and protect your institution.

Lessons Learned Data and Asset Security FOCUS Spring 2006 Chuck Banner UVA-Wise.

Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations

Storing Organizational Information—Databases

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

E-Commerce Kerri Mills Student Activities Office W

McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Chapter 7 Storing Organizational Information - Databases.

Web Advisory Committee June 17,  Implementing E-commerce at UW  Current Status and Future Plans  PCI Data Security Standard  Questions.

1 1.One stop shop -Purchases supplies from the vendor at wholesale cost: Passes saving on to customers -Saves the Agency money by: -Reducing purchase card.

Electronic Transactions for your PTA organization June 26, 2013 North Fulton Council PTA ® everychild. onevoice. ®

Solution Briefing Business Productivity in Action Keynote.

PCI 3.0 Boot Camp Payment Card Industry Data Security Standards 3.0.

Corporate Purchasing Card Enhanced Reporting January 2015 Web Version 1.

FIVE STEPS TO REDUCE THE RISK OF CYBERCRIME TO YOUR BUSINESS.

Viterbo University Credit Card Training Updated

2012 Hired Highway Safety Services to assist in the management of SMSA Opened the SMSA Business Office Created a new Web Page Distributed the SMSA Newsletter.

Multnomah Education Service District P-Card Recertification

Protecting Personal Information at Fermilab. What You Will Learn F Why must we protect personal information? F What are the laboratory policies governing.

Protecting Personal Information at Fermilab. Outline F Why must we protect personal information? F What is Protected Personally Identifiable Information.

Best Practices: Financial Resource Management February 2011.

ASHRAE Staff Report: The Business of ASHRAE. ASHRAE Membership Membership up over last year – 52,1993 total members – 43,372 members in US and Canada.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Unit 4 IT 484 Networking Security Course Name – IT Networking Security 1203C Term Instructor.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Chapter 9B Doing Business in the Online World.

Manage Your Risk Utilizing Collaborative Partnerships to analyze, simplify, compare & strategize.

The State of Computer & Data Security in Corporations Independent Survey.

June 22,  Background  Recent history  Some pictures  Possible future options  Considerations DISCUSSION.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

MOST™ Measure of Success Tracking Behavioral Health Compliance Solutions, LLC Presents.

Controller’s & Bursar’s Offices Mission Support College operations: Collect funds (e.g., tuition & fees, grants, and State appropriations) Pay bills (e.g.,

Types of transactions. What is it? An electronic payment is any kind of non-cash payment that doesn't involve a paper check. Methods include credit cars,

What you need to know about PCI-DSS Jane Drews Chief Information Security Officer Information Security & Policy Office

Information Security Standards 2015 Update IIPS Security Standards Committee Roderick Brower - Chair.

SABRE VIRTUAL PAYMENTS Karen Frayer Sabre Virtual Payments Manager.

Revision Q1: Explain the term HACKING?

Chapter 8 Auditing in an E-commerce Environment

Welcome and Logistics Joel Butler Fermilab. Outline Welcome from organizers Welcome from Fermilab Logistics.

CO – CART Project Status Protocol Revision Subcommittee Update 08/17/2006.

McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Chapter 7 Storing Organizational Information - Databases.

Washington State Auditor’s Office Third Party Receipting Presented to Washington Public Ports Association June 2016 Peg Bodin, CISA.

Credit Card Compliance

Payment Card Industry (PCI) Rules and Standards

Payment Card Industry (PCI) Rules and Standards

Lesson 05-I E-commerce Payments

What Do I Need To Comply? A written policy for your unit detailing how you process payments; Cash Handling Training, renewed every two years; A safe,

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Payment card industry data security standards

Credit Card Training Updated

Multnomah Education Service District

Multnomah Education Service District

Protecting Personal Information at Fermilab

Service Owner: Andrea Beesing 9 February 2016

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 1 Fundamentals of Information Systems.

Current ‘Hot Topics’ in Information Security Governance Auditing

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Data Compliance.

Credit Card Training Updated

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

IIA District Conference Seminar Presenter David Cole, CPA, CISA, CRISC

Marketplace FAQs Treasury 5/1/2019.

Colorado “Protections For Consumer Data Privacy” Law

UD PCI GUIDELINES A guide for compliance with PCI DSS and the University of Delaware Payment Card Program ALWAYS Process payments immediately using a solution.

Credit Card Training Updated

Information Technology Organization Overview RFP #220-05

PCI, PII & 2015 Accounting.

Presentation transcript:

Credit Cards at Fermilab Irwin Gaines Computer Security Awareness Day 9-Nov-2010

Many Potential Uses Auditorium Committee (tickets to events) Recreation Office (gym memberships) Ed Center Cafeteria Chez Leon Housing Office Conference Office Collaboration Meetings

Many Potential Use Cases Employee presents actual card Member of general public presents card Individual reads card number over phone Individual types card number into a web page

Significant Constraints We cannot just do anything we like in processing credit cards!! E-Gov Act requires us to not collect any personal information about members of the general public PII requirements demand that we do not have any credit card information on lab computers Bank requires that any networks that process credit cards must be audited for PCI- compliance (which the general lab network could not do) Lab does not want multiple different solutions for the same problem

Credit Card Policy The lab computer network cannot be used to transmit credit card information, except by an individual using their own credit card while acting as a customer. This includes contract services such as the cafeteria, shoe truck, eye glass store, etc. All credit card transactions accepted by lab employees must be processed using a swiper/keypad provided under the terms of the lab contract administered by the Finance Section. All credit card processing services must be arranged under the terms of the labwide contract administered by the Finance Section.

Use cases handled as follows: A customer physically presents credit card to a lab merchant. The lab merchant must use swiper/keypad (not a computer!!!) to process credit card. A customer phones lab merchant with credit card information. Merchant must use keypad on swiper (not a computer!!!) to process credit card. A customer enters their own credit card information by visiting a site cleared by a 3d party provider. Customer may be onsite or remote. A customer physically presents credit card to a contractor (eg eye glass vendor, shoe truck, etc). The contractor cannot use any device attached to the Fermilab network to process credit card. The two expected mechanisms are a physical imprinter or a swiper/keypad. Note these use cases are designed to ensure that a lab merchant never enters a customer’s credit card into a computer, they only process credit cards using a swiper/keypad.