1 / 23

Welcome to the 2010 Annual Campus Merchant Awareness Training Meeting

Welcome to the 2010 Annual Campus Merchant Awareness Training Meeting. Agenda. Introductions Merchant Account Updates FAQ’s Reducing Credit Card Fees PCI Compliance Campus Information Security Office Resources. Merchant Accounts Updates.

inigo
Télécharger la présentation

Welcome to the 2010 Annual Campus Merchant Awareness Training Meeting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Welcome to the 2010 Annual Campus Merchant Awareness Training Meeting

  2. Agenda • Introductions • Merchant Account Updates • FAQ’s • Reducing Credit Card Fees • PCI Compliance • Campus Information Security Office • Resources

  3. Merchant Accounts Updates • System down?- Voice Authorization- 1.800.936.2632 – Need MID. • Questions on Accounts? DST 1.800.228.5882- 24/7 service • Statement issues • Authorization Problems • Supplies • Bursar Support Services • Dial Pay • Wireless Terminal • POS

  4. Merchant Accounts Updates • TerminalsFraud Control- http://usa.visa.com/merchants/risk_management/index.html • PCI Compliance PCI-DSS 2.0 update • New details required to open new accounts- Consumer Data Privacy Policy

  5. Frequently Asked Questions • Service Charges – • No- Varied rules between Visa and other card brands. Flat fee versus %. • May be some legislation changes • No service charge encourages prompt payment customer response • Establishing minimum charge amount- • Card organizations forbid you from establishing any transaction dollar limits.

  6. More FAQ’s • Requiring pictured identification • Card organizations state the credit card sale cannot be turned down due to lack of picture id. • Phone authorization • Card not signed • Suspected counterfeit card • Fax Machines & Laptops • MOTO’s - Virtual Terminals & Dial Pay

  7. Reducing Credit Card Fees • Enter the correct zip code when a card number must be hand- keyed. • Card not present transactions • Use the AVS – address verification service • Answer all terminal prompted questions • Use an invoice number, enter the last four digits of the card number for reference • Clean card readers regularly so they capture all magnetic stripe information. One way to do this is to wrap a dollar bill around a card and swipe it through the terminal a few times.

  8. PCI –DSS Compliance • Payment Card Industry- Data Security Standard- 225 specifics governing technical & operational processes • Consequences: • Large Monetary fines • Restrictions on merchant processing • Loss of privilege • Merchant Responsible Persons are responsible for ALL of them

  9. http://security.arizona.edu/pci

  10. Payment Methods & Validation Requirements

  11. SAQ Validation What Have We Learned?- That in this case-Left is always better! • Upcoming Third Party SAQ Validation Audit – • All SAQ C’s will be reviewed thoroughly! • SAQ A’s & B’s will be sampled. • PCI File • Review Written Department Policies • Copy of Completed SAQ in File • Process Map • Successful Vulnerability Scans (if applicable) • Merchant Agreement

  12. Campus PCI • Self Assessment Questionnaire • Annual • A great % of merchants have completed • Security Policies/Procedures • Departmental • Campus

  13. Compliance Failures • Shopping Cart, Operating Systems and Other Patches • Firewall Rule Review • Segmentation /flat networks • Look for an alternative (“Move to the left”) • Keep MOTO to Dial Pay or Point of Sale Terminal • Paper processes • Lack of written department policies • Discovering sensitive information in storage/old files etc.

  14. University Information Security Office • Privacy Policy • Incident Reporting • Awareness • Questions

  15. Electronic Policy Statement • An Internet Web Site provided by the state shall contain a privacy statement to disclose the information gathering and dissemination practices related to the Internet. The Privacy Statement shall describe at a minimum the following: • Notice regarding what services the web site provides • A person’s ability to choose to proceed with the transaction and the alternatives available • Who has access to the information the person provides • What security measures are in place to protect the person’s private information and what information will be protected. http://security.arizona.edu/privacy_statement

  16. UA Department Privacy Statements Departments that have written their own • Eller http://www.eller.arizona.edu/privacy.asp • Bookstore (link at bottom left of page) http://www.uofabookstores.com/uaz/ • College of Agriculture and Life Sciences http://ag.arizona.edu/general/privacy.html • Human Resources http://www.hr.arizona.edu/09_rel/privacy.php

  17. UA Department Privacy Statements Departments specific intro paragraph linked to UA’s Electronic Privacy Statement • UA Facilitators http://askus.arizona.edu/privacy.shtml • Library http://www.library.arizona.edu/about/access/privacy.html • Southwest Asthma & Allergy (AHSC) http://allergy.peds.arizona.edu/southwest/ Other • Office of Enrollment Management https://admissions.arizona.edu/policy/privacy.aspx • Student Unions http://www.union.arizona.edu/privacy.php

  18. UA Department Privacy Policy • Know what the UA’s Electronic Privacy Statement says • Department specific Privacy Policy needs to include specific information that differs from the UA’s Privacy Statement • Department specific Privacy Policy’s that include more then an introductory paragraph linking to UA’s Electronic Privacy Statement should be reviewed by legal • Easy to find department contact information

  19. Incident Reporting • Immediately contact: • Department IT Support Person • Information Security Office • 621-UISO (8476) • iso@u.arizona.edu • Or • FSO Bursar’s Merchant Liaison • Robbyn Lennon • 621-5781 • If Compromise is computer based • Disconnect computer from internet • Do not turn computer off or reboot • Do not run Antivirus

  20. Security Awareness • Awareness Presentations • Mandatory All Employee Awareness • Visa’s Business Guide to Data Security – link available on security.arizona.edu/pci under section 4 entitled “Implementation” • Department Specific Awareness Session • Other Awareness • UA.infosec monthly newsletter • Email communications sent via merchant listserv

  21. Questions

  22. Resources • Kelley Bogart – ISO - 626.8232 • Robbyn Lennon – FSO-Bursar’s - 621.5781 • Security Metrics – Securitymetrics.com • BankofAmerica.com/merchantsupport • https://www.pcisecuritystandards.org/ • Prioritized Approach for DSS 1.2 -https://www.pcisecuritystandards.org/education/prioritized.shtml • PCI Quick Reference Guide https://www.pcisecuritystandards.org/pdfs/pci_ssc_quic

  23. Certificate of AttendanceAnnual Campus Merchant Awareness Training October 19, 2010 __________________ ______________________ Robbyn Lennon Kelley Bogart FSO-Bursar’s UA Info Sec

More Related