Presentation is loading. Please wait.

Presentation is loading. Please wait.

UGA Extension Credit Card Processing Training

Published byAshlyn Cecily Skinner Modified over 5 years ago

Similar presentations

Presentation on theme: "UGA Extension Credit Card Processing Training"— Presentation transcript:

1 UGA Extension Credit Card Processing Training
Notes: The purpose of this training is to review the current UGA CES Credit Card Machine Policy. This training is required for all personnel who handle credit cards in a County Office. Upon completion of this training, please review the policy and complete the PCI-DSS awareness training. The policy and the PCI-DSS awareness training may be found at the following website: Presented by the CAES Business Office

2 UGA CES Credit Card Machine Policy
All UGA Extension Offices who process credit card payments must adhere to the UGA CES Credit Card Machine Policy Must be reviewed before processing credit card payments Provides minimum required policies and procedures Each office must have their own office specific policies and procedures in addition to these policies. The policy and a template for office specific policies may be found at the following website: Notes: Upon completion of this training and other required trainings, please review the office specific policy template on the CAES Fiscal Compliance Reporting webpage. Use the template to create your own office specific policies.

3 Operating the Credit Card Terminal
Currently the approved credit card devices include the FD410, FD130, FD200, FD35, FD400GT, Clover Mini, Clover Mobile, Clover Go, Clover Flex and Clover Station. The following links include instructional demos the devices from First Data: FD410 ( FD130 ( FD200 ( FD35 ( FD400GT ( Information on Clover devices may be reviewed on the following website: Review the demos for assistance in operating your specific machine and for printing required reports. Notes: If you have a credit card terminal other than the currently approved terminals, then contact the CAES Business Office to return your current device and either purchase or rent an approved machine.

4 Credit Card Terminals MUST be connected to analog phone lines!
Notes: Credit card terminals may not be connected to your network. This changes the compliance requirements for County Offices and greatly increases the risk of identity theft. If your office does not possess analog phone lines, then you will want to purchase the cellular mobile credit card machine. The compliance requirements for the mobile machine as the same as other terminals connected through an analog phone line.

5 Set up Process and Forms of Payment
Offices who wish to accept credit card payments must obtain approval from their respective District Office. Contact the CAES Business Office to apply for a credit card terminal, return an older model, or to coordinate renting a terminal for specific periods of time Only approved card processing terminals may be used: Do not use any device or online payment portal that is not approved by the CAES Business Office Only VISA, Discover, and MasterCard cards may be accepted Notes:

6 Security and Control of Credit Card Terminals
Credit Card Terminal must be actively tracked and inventoried: An inventory log may be found at the following website: Must track the department, location, make, model, serial number, and individual responsible for the device Provide this information to your District office and the CAES Fiscal Compliance Coordinator. If information changes, then submit the form with the changes to both offices. Secure the credit card terminal during and after work hours. If possible, assign password or user identification to staff operating the terminals. Passwords and user identification should not be shared. Notes: You may provide this information to your District office when performing your regularly scheduled equipment inventory reporting. Please scan this information to the CAES Fiscal Compliance Coordinator as soon as you complete the form.

7 Credit Card Information (1)
The credit cardholder information required to process transaction is: Dollar amount Photo ID Expiration date Signature Offices are encouraged to have the customer swipe or, if the card has a chip, then insert the card into the chip reader to process transactions. Manual entry processing costs are higher than swipe or chip use costs. Notes:

8 Credit Card Information (2)
Notes: This is a reference of the information displayed on credit cards. If you are unsure of what information is required or how to find it, then please refer back to this slide. PAN stands for “primary account number”

9 Security of Cardholder Information and Records Retention
Credit Card Deposit Logs and other documents substantiating revenue should be stored for 5 years. Signed merchant receipts and other documents with cardholder data should be kept for 1 year. They must be cross-shred a year after the processing date. Full credit card numbers and the 3-digit security code on the back of the card should NEVER be retained. Note that full credit card numbers may be recorded in order to process a transaction over the phone, but all except for the last 4 digits must be punched out immediately after processing the payment. Whiting or blacking out the numbers is NOT sufficient! Notes: Please note that the “cross-shred” requirement is a specific PCI-DSS requirement. It is not acceptable to simply tear up, black out, or throw away documentation. If you process a credit card transaction over the phone and record the full credit card number, then be sure to punch out the numbers with a hole puncher after processing the transaction. Again, this is a specific PCI-DSS requirement, so blacking or whiting out the numbers are not sufficient.

10 Credit Card Transactions over the Phone
If the credit cards are taken over the phone the following additional information must be recorded: Full address Full credit card number (after use, all but the last 4 numbers must be punched out) Full name on the card Zip code Notation that this transaction was taken over the phone A credit card transactions over the phone record may be found at the at the following website: Store this record along with the signed merchant copies of the receipts. They must also be cross-shred 1 year after the date of processing. Notes: Note that for manually entered transactions, the customer must also give you the expiration date and the security code information. However, this information may NOT be recorded in any form.

11 Credit Card Refunds/Credits
Refunds must be processed back to the original card only. Since full credit card numbers are not retained, the customer must provide the number to you in order to process the refund. Refunds must be documented with the following information: Customer’s name Amount listed on the merchant copy of the receipt Reason for the refund Program or activity associated with the refund CEC’s signature of approval A credit card refunds record may be found at the at the following website: Notes: The CEC must approve all credit card refunds before processing. If the CEC is not available at the time the refund is requested, then they must be contacted for approval prior to giving the refund and may sign the form once they return.

12 Processing Credit Card Transactions by Mail, Fax, or Online
Credit card information may not be mailed or faxed to the office, or processed through online payment applications. Only card present transactions or transactions taken over the phone are acceptable methods for processing credit cards. Notes:

13 Daily Processes and Reports
At the close of each business day or at the start of the following business day, the following close out steps must be performed: Print batch report. Record transactions into the daily credit card deposit record. All transactions must be entered into QuickBooks Online. Secure the terminal in a location with appropriate access restrictions Secure merchant copies of receipts and other documents with cardholder information in a location with appropriate access restrictions. Notes:

14 Monthly Processes and Reports
Each month the following steps must be performed: The daily credit card deposit record, batch reports, refunds records are reviewed for the month. The bank statement is reconciled to QuickBooks Online and the monthly credit card deposit records. Monthly reconciliation of credit card deposit records are reviewed by the CEC. Notes: The review will occur concurrently with your monthly bank reconciliation.

15 Yearly Processes and Reports
Complete annual SAQ and maintain PCI compliance at all times Notify the CAES Business Office’s Fiscal Compliance Coordinator of any proposed change in approved processing. Maintain internal documented policies and procedures and a data flow diagram Submit your policies and diagram to the CAES Business Office’s Fiscal Compliance Coordinator. Any updates to internal policies should be submitted annually along with the SAQ for that year. Maintain and update device list Maintain media transfer log for moving cardholder information Complete PCI-DSS awareness training Annual training is required for all employees who process credit cards All new employees who will handle credit cards must complete the training prior to processing credit cards Notes: The annual SAQ will be discussed more in the PCI-DSS awareness training. Templates for the data flow diagram, Office specific policies, device list, and media transfer log are available at the following website:

16 Incident Response Should the office become aware that any cardholder data was subject to compromise, the office must inform their DED and the CAES Fiscal Compliance Coordinator. In addition, in the event of a compromise, follow the following procedures: Do not access or alter compromised systems Do not turn the compromised machine off; isolate compromised systems from the network Preserve logs and electronic evidence Log all actions taken Be on high alert and monitor all systems Notes:

17 Questions and Further Instructions
Upon completing this training, please attest to your completion by clicking the following link and following the instructions provided: Contact Information: Timothy Gray, CAES Fiscal Compliance Coordinator Notes:

Download ppt "UGA Extension Credit Card Processing Training"

Similar presentations

© 2007 First Data Corporation. All Rights Reserved. This document contains unpublished, confidential and proprietary information of First Data Corporation.

© 2007 First Data Corporation. All Rights Reserved. This document contains unpublished, confidential and proprietary information of First Data Corporation.
JPMorgan Chase Purchasing Card Training

JPMorgan Chase Purchasing Card Training
Procurement Card Presented By: Denise Matias, CAH March 20, 2013.

Procurement Card Presented By: Denise Matias, CAH March 20, 2013.
Procurement Card Policies and Guidelines Arkansas Tech University.

Procurement Card Policies and Guidelines Arkansas Tech University.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Audits: How to Prepare and What to Expect Council of Senior Business Administrators Focus Session April 21, 2004 James Laird Assistant Dean for Finance.

Audits: How to Prepare and What to Expect Council of Senior Business Administrators Focus Session April 21, 2004 James Laird Assistant Dean for Finance.
PACESetters 1 Purchasing Card (P-Card)Practices for a Transparent World presented by the Division of Finance July 1, 2013.

PACESetters 1 Purchasing Card (P-Card)Practices for a Transparent World presented by the Division of Finance July 1, 2013.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Youngstown State University PCI Training enter or left click on mouse to advance slides.

Youngstown State University PCI Training enter or left click on mouse to advance slides.
Purchasing Card Record Keeping & Retention REVISED 07-20151.

Purchasing Card Record Keeping & Retention REVISED
Viterbo University Credit Card Training Updated 5-19-15.

Viterbo University Credit Card Training Updated
Online Course This online course takes approximately 30 minutes to complete. You must successfully pass the exam with an 80%. Cash Management Training.

Online Course This online course takes approximately 30 minutes to complete. You must successfully pass the exam with an 80%. Cash Management Training.
Procurement Card Presented By: Denise Matias, CAH February 1, 2012.

Procurement Card Presented By: Denise Matias, CAH February 1, 2012.
Property Control Asset Forms Property Control Website URL:

Property Control Asset Forms Property Control Website URL:
Cash Handling and Funds Collection Policies and Procedures.

Cash Handling and Funds Collection Policies and Procedures.
Money Handling Procedures Updated by Roger Sparrow, Karen Ramage & David Herbst April 2014.

Money Handling Procedures Updated by Roger Sparrow, Karen Ramage & David Herbst April 2014.
Credit Card Merchant Training PCI 2015. Why Now? In October 2015, there will be a fraud liability shift that will affect merchants not able to accept.

Credit Card Merchant Training PCI Why Now? In October 2015, there will be a fraud liability shift that will affect merchants not able to accept.
Hawk card (ID) Higher One card Hawk Card Vs. HigherOne card.

Hawk card (ID) Higher One card Hawk Card Vs. HigherOne card.

Similar presentations

Ads by Google