Presentation is loading. Please wait.

Presentation is loading. Please wait.

C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?

Published byMagdalene Flynn Modified over 9 years ago

Similar presentations

Presentation on theme: "C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?"— Presentation transcript:

1 C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?

2 PCI-DSS anyone handling payment card details at UoY must adhere to: Payment Card Industry Data Security Standards treat payment card details as you would cash keep details secure!

3 Why must we do this? University must comply with the PCI DSS rules in order to be approved and continue to accept online card payments Non compliance with these standards puts the University at risk for: Large monetary fines charged to your department and/or University Loss of merchant status for department Loss of merchant status for the University of York Reputational damage Failure to do so will place the University at risk of having its license to take card payment revoked and will also be regarded as a disciplinary offence Non-compliance is not an option! PCI-DSS

4 Where is the information on PCI - DSS? on the Finance website at https://www.york.ac.uk/staff/finance/payments/ within the Online Store section click the link text PCI DSS Compliance (MS Word.docx) to download (and save a copy) on the YIMS Online Support Centre website at http://www.york.ac.uk/univ/mis/cfm/supportcentre/ support_main.cfm under the heading Online Payments/System Use... PCI-DSS

5 Compliance requirements… It is the University’s Policy not to store credit card numbers on any computer, server, or database. This includes Excel spreadsheets or Word documents etc. Treat payment card receipts like you would cash Keep payment card data secure and confidential Restrict access to card data to “those who need to know" PCI-DSS

6 Documents containing cardholder data should be kept in a secure environment (i.e. safe, locked file cabinet, etc.) Credit card numbers and security numbers must not be requested by email or other messaging technologies e.g. Facebook, chat, sms Fax transmittal of cardholder data is permissible only if the receiving fax is located in a secure environment e.g. the Cash Office PCI-DSS

7 Credit card receipts and supporting documentation containing card numbers should have the first 12 digits obliterated immediately after use to confirm payment, can be kept for up to 2 years, but no longer Paper receipts and documents should be destroyed so that account information and security numbers are unreadable and cannot be reconstructed Technology changes that affect payment card systems are required to be approved by the Finance Department prior to being implemented PCI-DSS

8 Do NOT develop any new systems/software to process card payments Computers or other electronic systems that process payment cards (including entering card details directly on on-line payment systems (e.g. WPM) must be signed off by Finance as meeting PCI-DSS standards. Report all suspected or known security breaches to the Financial Accounting and IT Security. PCI-DSS

9 Scope of the policy All machines used to handle credit card payments (e.g. by connecting to the WPM online store as an administrator) must comply with this policy. Failure to do so will place the University at risk of having its license to take card payment revoked and will also be regarded as a disciplinary offence. PCI-DSS

10 Device (PCs, Laptops, Mobiles, etc.) Settings All devices MUST: Have automatic updates enabled for operating system updates Run a virus checker which is automatically updated Be kept fully up-to-date with all software updates for all software installed on the machine (note that this will be more than just the operating system updates) Be University owned and not personally owned by a member of staff Log anti-virus messages centrally and keep those logs for at least one year Chip and Pin devices must ONLY be used on the correct secure FM network PCI-DSS

11 Devices (PCs, Laptops, Mobiles, etc.): Must NOT enter card details into a website Must NOT run any peer to peer software Must NOT be used for browsing websites commonly associated with malware, especially pornographic sites or sites that provide illegal software/movies etc. PCI-DSS

12 Card terminals, used for taking manual payments, must be connected to the secure FM Network on campus. If you’re uncertain about this, please see guidance from IT Services. PCI-DSS

13 Any problems, any questions? Contact: Ian Smallwood Email: ian.smallwood@york.ac.uk Tel: 322123 Andrew Busby Email: andrew.busby@york.ac.uk Tel: 323976 Richard Fuller Email via itsupport@york.ac.uk Tel: 323838 Compliance details on the Finance website at https://www.york.ac.uk/staff/finance/payments/ PCI-DSS

Download ppt "C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?"

Similar presentations

Lampasas ISD Technology Updates Network Administrator

Lampasas ISD Technology Updates Network Administrator
October 28, 2013. Who? What? When? Why? Comply with PCI compliance policies set forth by industry Create internal policies and procedures to protect.

October 28, Who? What? When? Why? Comply with PCI compliance policies set forth by industry Create internal policies and procedures to protect.
What we all need to know. Approval Date: April 30, 2012 Approved by: President's Council.

What we all need to know. Approval Date: April 30, 2012 Approved by: President's Council.
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
1 Goal is protection of sensitive data New Rice policy calls for protection of sensitive personally identifying information Confidential information includes:

1 Goal is protection of sensitive data New Rice policy calls for protection of sensitive personally identifying information Confidential information includes:
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Why Comply with PCI Security Standards?

Why Comply with PCI Security Standards?
Introduction to PCI DSS

Introduction to PCI DSS
Northern KY University Merchant Training

Northern KY University Merchant Training
PCI and how it affects College Stores… ROBIN MAYO | PCIP ECOMMERCE MANAGER EAST CAROLINA UNIVERISTY.

PCI and how it affects College Stores… ROBIN MAYO | PCIP ECOMMERCE MANAGER EAST CAROLINA UNIVERISTY.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
5 EASY STEPS : Online Card Payments for your INUKA Orders

5 EASY STEPS : Online Card Payments for your INUKA Orders
PCI 3.0 Boot Camp Payment Card Industry Data Security Standards 3.0.

PCI 3.0 Boot Camp Payment Card Industry Data Security Standards 3.0.

Similar presentations

Ads by Google