C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?

Slides:



Advertisements
Similar presentations
Lampasas ISD Technology Updates Network Administrator
Advertisements

October 28, Who? What? When? Why? Comply with PCI compliance policies set forth by industry Create internal policies and procedures to protect.
What we all need to know. Approval Date: April 30, 2012 Approved by: President's Council.
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Complying With Payment Card Industry Data Security Standards (PCI DSS)
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
1 Goal is protection of sensitive data New Rice policy calls for protection of sensitive personally identifying information Confidential information includes:
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Why Comply with PCI Security Standards?
Introduction to PCI DSS
Northern KY University Merchant Training
PCI and how it affects College Stores… ROBIN MAYO | PCIP ECOMMERCE MANAGER EAST CAROLINA UNIVERISTY.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
5 EASY STEPS : Online Card Payments for your INUKA Orders
PCI 3.0 Boot Camp Payment Card Industry Data Security Standards 3.0.
Central Michigan University Payroll and Travel Services 3.
Protecting Sensitive Information PA Turnpike Commission.
Information Governance Jym Bates Head of Information Assurance.
The influence of PCI upon retail payment design and architectures Ian White QSA Head of UK&I and ME PCI Team September 4, 2013 Weekend Conference 7 & 8.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
FINANCIAL MANAGEMENT AUTOMATING FINANCE 24 AUGUST :30 PRESENTED BY:Scott Watson Wing Financial Analyst
Using SWHS: The AUP [Acceptable Use Policy]
Sensitive Data Accessibility Financial Management College of Education Michigan State University.
Viterbo University Credit Card Training Updated
IT security By Tilly Gerlack.
Procurement Card Presented By: Denise Matias, CAH February 1, 2012.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Standard Operating Procedures Joe Wherton Queen Mary University of London
Information Services Overview An introduction to DePaul’s technology especially for new employees.
Cash Handling and Funds Collection Policies and Procedures.
Credit Card Merchant Training PCI Why Now? In October 2015, there will be a fraud liability shift that will affect merchants not able to accept.
Information Security & Compliance Financial Services Workshop February 10, 2010.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
Homework #2 John Bach IST 110 Section 031 JMB6824 9/15/2012.
What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.
Payment Card Acceptance Security Awareness Interactive Quiz.
e-Learning Module Credit/Debit Payment Card Acceptance and Security
Information Systems Unit 3.
1 Banking and Reconciliation. 2 To Certify As A Cash Handler  Visit the training website  Review the Payment Card Industry (PCI)
Langara College PCI Awareness Training
Personal data protection in research projects
Policies and Security for Internet Access
Fall  Comply with PCI compliance policies set forth by industry  Create internal policies and procedures to protect cardholder data  Inform and.
1 10/2013. This training is provided for cashiers, phone-a-thon participants, and fiscal personnel involved in payment card activities that are never.
ONLINE SECURITY Tips 1 Online Security Online Security Tips.
Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.
Computer Security Keeping you and your computer safe in the digital world.
Payment Card Industry (PCI) Rules and Standards
Payment Card Industry (PCI) Rules and Standards
PCI-DSS Security Awareness
Boston University Purchasing Card
Credit Card Training Updated
UGA Extension Credit Card Processing Training
Internal Controls.
Credit Card Training Updated
Welcome to the SPH Information Security Learning Module
Understanding Data Protection
Move this to online module slides 11-56
Marketplace FAQs Treasury 5/1/2019.
Internal Controls.
UD PCI GUIDELINES A guide for compliance with PCI DSS and the University of Delaware Payment Card Program ALWAYS Process payments immediately using a solution.
Credit Card Training Updated
Payment Card Industry Data Security Standards (PCI-DSS) Training
Internal Controls.
Presentation transcript:

C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?

PCI-DSS anyone handling payment card details at UoY must adhere to: Payment Card Industry Data Security Standards treat payment card details as you would cash keep details secure!

Why must we do this? University must comply with the PCI DSS rules in order to be approved and continue to accept online card payments Non compliance with these standards puts the University at risk for: Large monetary fines charged to your department and/or University Loss of merchant status for department Loss of merchant status for the University of York Reputational damage Failure to do so will place the University at risk of having its license to take card payment revoked and will also be regarded as a disciplinary offence Non-compliance is not an option! PCI-DSS

Where is the information on PCI - DSS? on the Finance website at within the Online Store section click the link text PCI DSS Compliance (MS Word.docx) to download (and save a copy) on the YIMS Online Support Centre website at support_main.cfm under the heading Online Payments/System Use... PCI-DSS

Compliance requirements… It is the University’s Policy not to store credit card numbers on any computer, server, or database. This includes Excel spreadsheets or Word documents etc. Treat payment card receipts like you would cash Keep payment card data secure and confidential Restrict access to card data to “those who need to know" PCI-DSS

Documents containing cardholder data should be kept in a secure environment (i.e. safe, locked file cabinet, etc.) Credit card numbers and security numbers must not be requested by or other messaging technologies e.g. Facebook, chat, sms Fax transmittal of cardholder data is permissible only if the receiving fax is located in a secure environment e.g. the Cash Office PCI-DSS

Credit card receipts and supporting documentation containing card numbers should have the first 12 digits obliterated immediately after use to confirm payment, can be kept for up to 2 years, but no longer Paper receipts and documents should be destroyed so that account information and security numbers are unreadable and cannot be reconstructed Technology changes that affect payment card systems are required to be approved by the Finance Department prior to being implemented PCI-DSS

Do NOT develop any new systems/software to process card payments Computers or other electronic systems that process payment cards (including entering card details directly on on-line payment systems (e.g. WPM) must be signed off by Finance as meeting PCI-DSS standards. Report all suspected or known security breaches to the Financial Accounting and IT Security. PCI-DSS

Scope of the policy All machines used to handle credit card payments (e.g. by connecting to the WPM online store as an administrator) must comply with this policy. Failure to do so will place the University at risk of having its license to take card payment revoked and will also be regarded as a disciplinary offence. PCI-DSS

Device (PCs, Laptops, Mobiles, etc.) Settings All devices MUST: Have automatic updates enabled for operating system updates Run a virus checker which is automatically updated Be kept fully up-to-date with all software updates for all software installed on the machine (note that this will be more than just the operating system updates) Be University owned and not personally owned by a member of staff Log anti-virus messages centrally and keep those logs for at least one year Chip and Pin devices must ONLY be used on the correct secure FM network PCI-DSS

Devices (PCs, Laptops, Mobiles, etc.): Must NOT enter card details into a website Must NOT run any peer to peer software Must NOT be used for browsing websites commonly associated with malware, especially pornographic sites or sites that provide illegal software/movies etc. PCI-DSS

Card terminals, used for taking manual payments, must be connected to the secure FM Network on campus. If you’re uncertain about this, please see guidance from IT Services. PCI-DSS

Any problems, any questions? Contact: Ian Smallwood Tel: Andrew Busby Tel: Richard Fuller via Tel: Compliance details on the Finance website at PCI-DSS

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.