1 / 15

Credit and Debit Card Acceptance Policy and e Transact Informational Session December 3, 2009

Credit and Debit Card Acceptance Policy and e Transact Informational Session December 3, 2009. Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations. Agenda. Credit and Debit Card Acceptance and Electronic Commerce Policy Why do we need a policy? What is PCI DSS?

vianca
Télécharger la présentation

Credit and Debit Card Acceptance Policy and e Transact Informational Session December 3, 2009

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Credit and Debit Card Acceptance Policy and eTransact Informational SessionDecember 3, 2009 Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations

  2. Agenda • Credit and Debit Card Acceptance and Electronic Commerce Policy • Why do we need a policy? • What is PCI DSS? • Highlights of the policy • Plan for validating PCI DSS compliance • Questions • eTransact • Overview of eTransact application • Benefits of using eTransact • How to get started • Questions

  3. Why do we need a policy? • The use of credit and debit cards as the preferred method of payment continues to grow • Schools and departments increasingly want the ability to accept credit and debit cards, particularly by utilizing e-commerce (internet based transactions) • Policy provides the guidelines and expectations for schools and departments that accept credit and debit cards as a method of payment including the need for PCI DSS compliance

  4. What is PCI DSS? • Payment Card Industry Data Security Standard • It is a “set of comprehensive requirements developed by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to facilitate the adoption of consistent data security measures on a global basis.” www.pcisecuritystandards.org • The PCI DSS is intended to help organizations proactively protect customer account data. • The PCI DSS is managed by the PCI Security Standards Council. The Council will modify the PCI DSS as needed to keep pace with emerging payment security risks.

  5. High Level Look at the PCI DSS Requirements At its core, the PCI DSS is really based on the best practices surrounding network security and information security that departments and schools already follow

  6. High Level Look at the SAQs Self-assessment questionnaire – required annually 4 different SAQs, your business process will determine which SAQ you complete

  7. Policy Highlights • Each school or department is responsible for policy compliance. A main contact responsible for compliance must sign the policy acknowledgement form and return to Cash and Credit Operations • Merchant ID numbers and/or electronic commerce capabilities must be obtained from Cash and Credit Operations. eTransact is the preferred method of processing electronic commerce transactions • Only the Controller’s Office can authorize the use of a convenience fee. The University does not accept credit or debit cards for tuition payments

  8. Policy Highlights (cont.) • Complete annual PCI DSS questionnaire (SAQ) • Develop remediation plans for any compliance issues • Background checks for employees functioning as cashiers with access to one card number at a time while facilitating a transaction is a recommendation only • Background checks are required for employees with access to multiple card account numbers at one time • Review third party contracts for PCI DSS compliance • Report potential security breaches according to the Security Breach Response referenced in the policy • Read and enforce the twelve requirements of the PCI DSS

  9. Plan for PCI DSS compliance • Finalized credit and debit card acceptance and e-commerce policy • Selected an approved scanning vendor (ASV) to perform required quarterly network scans (Coalfire) • Selected vendor for eTransact (CASHNet) • In 2010, we will require campus merchants to provide us with completed SAQs • Once, we have completed SAQs and quarterly scans, we will submit to our merchant bank to validate compliance • Questions?

  10. eTransact www.wustl.edu/etransact

  11. eTransact • eTransact is the preferred method of electronic commerce at the University. We have partnered with a PCI DSS compliant third party vendor to process credit and debit card transactions for the University. • Public Affairs has created a website for eTransact that can provide information to schools and departments as well as to customers. www.wustl.edu/etransact

  12. Benefits of eTransact • Transactions processed through eTransact do not require receipt vouchers to be completed. There is a direct feed to AIS overnight to post the income to your general ledger account • Storefronts can be setup quickly with little use of your technology resources • Reporting tools, report groups, customizable pages • Unlimited license for storefronts and checkouts www.wustl.edu/etransact

  13. Benefits of eTransact (cont.) • No monthly fee or cost to activate - normal credit card fees still apply • Two different types of applications possible • Storefront – website/application/form hosted on third party site • Checkout – website/application/form hosted on Washington University servers, but customer passed to third party to enter credit card data • Helps to achieve PCI DSS compliance by limiting the scope of PCI, keeping sensitive data off WU networks, and not storing cardholder data www.wustl.edu/etransact

  14. How to get started • Read the Credit and Debit Card Acceptance & Electronic Commerce Policy • Your department’s business manager (or equivalent) will be responsible for ensuring compliance with the policy and compliance with PCI DSS requirements • The business manager (or equivalent) must sign the acknowledgement at the end of the Credit Card Acceptance and Electronic Commerce Policy indicating their understanding of the requirements • Complete the application for merchant ID (PDF) found at http://www.cashandcredit.wustl.edu/campuscommerce.html and return to Cash and Credit Operations – Campus Box 1147

  15. Examples and Current Status • Ten departments live with eTransact – five storefront and five checkout • Five departments under construction • Cashiering module is the next phase we will consider. This will allow similar processing only for point of sale machines as opposed to electronic commerce • www.wustl.edu/etransact • Questions?

More Related