110 likes | 219 Vues
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council. Accounting and Financial Services. What is PCI-DSS?. PCI-DSS is an acronym for the Payment Card Industry-Data Security Standard
E N D
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services
What is PCI-DSS? • PCI-DSS is an acronym for the Payment Card Industry-Data Security Standard • PCI DSS is the global data security standard that any business of any size must adhere to in order to accept payment cards, and to store, process, and/or transmit cardholder data.
About the Council • The Payment Card Industry Security Standards Council, or PCI SSC – often termed simply “the Council” – is an open global forum, launched in 2006, that develops, maintains and manages the PCI Security Standards, which include the Data Security Standard (DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) Requirements. • The Council’s five founding global payment brands -- American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc. • The Council does NOT validate or enforce any organization’s compliance with its PCI Security Standards, nor does it impose penalties for non-compliance. These areas are governed by the payment brands and their partners.
Report on Compliance • The Report on Compliance (ROC) is produced during onsite PCI DSS assessments as part of an entity’s validation process. • The ROC provides details about the entity’s environment and the assessment methodology, and documents the entity’s compliance status for each PCI DSS Requirement.
UCD/UCDHS Level 2 Merchant • 2,508,716 combined transactions processed 2013 • $129,479,579.00 in sales processed in 2013 • UCD is the 2ndLargest in UC System • UCLA and UCSD are also Level 2 Merchants • 203 Merchants must comply collectively with the PCI-DSS
PCI Merchant Types and SAQ (Self Assessment Questionnaire) 5 Different SAQ Forms; each drives to higher levels of validation complexity UCD/UCDHS have a combined 203 merchants • SAQ “A” Fully Outsourced Merchant (47) • SAQ “B” Dial-Out Terminal, Card Imprint Merchant (146) • SAQ “C” Internet Connected Payment Application Merchant (3) • SAQ “C-VT” Internet Connected Virtual Terminal Merchant (4) • SAQ “D” All Others (POS Point of Sale System) (3)
PCI NON-Compliance • The fines can vary based on level of non-compliance • Visa/MC have the discretion to determine those fines • Visa/MC have indicated that UCD could be required to pay $5000.00 per month in fines for every month of non-compliance
UCD Credit Card Breach Impact • Average cost per credit card compromised is $188.00 • Significant fees, fines, and penalties • Cost of Forensic Audit • Litigation • Regulatory notification requirements • Negative image for UC Davis brand
Campus Compliance Efforts • Sylvia Montgomery (University Cashier & Credit Card Coordinator) is leading our compliance efforts. • Coalfire, our QSA, is working with our largest merchants on gap analysis reports. • Merchants are addressing risks and preparing for the ROC. • The ROC is scheduled for early October.