PCI Device Inspections

Slides:



Advertisements
Similar presentations
JPMorgan Chase Purchasing Card Training
Advertisements

Procurement Card Presented By: Denise Matias, CAH March 20, 2013.
October 28, Who? What? When? Why? Comply with PCI compliance policies set forth by industry Create internal policies and procedures to protect.
What we all need to know. Approval Date: April 30, 2012 Approved by: President's Council.
UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.
Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
The University of Texas Health Science Center at San Antonio Cash Handling Training Presented by Yvette Hernandez Office of Bursar.
C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?
PCI DSS Version 3.0 For Controllers and Business Users Luke Harris, Office of State the Controller David Reavis, UNC General Administration November 10,
1 Cash Handling – It’s my job Whether you take in lots of money or … you collect “pennies”
Kevin R Perry August 12, Part 1: High Level Changes & Clarifications.
Checking Account Debit Card Safety Tips card-safety-10-tips.htm October.
Why Comply with PCI Security Standards?
PCI and how it affects College Stores… ROBIN MAYO | PCIP ECOMMERCE MANAGER EAST CAROLINA UNIVERISTY.
SMARTER. TOGETHER. Skimming Prevention: Overview of Best Practices August 5, 2014.
PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP
Youngstown State University PCI Training enter or left click on mouse to advance slides.
Electronic Transactions for your PTA organization June 26, 2013 North Fulton Council PTA ® everychild. onevoice. ®
Workshop Summary ISPS Drills & Exercises Workshop Port Moresby 2006.
PCI 3.0 Boot Camp Payment Card Industry Data Security Standards 3.0.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
General Awareness Training
Chapter 13 Security Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives State the major responsibility.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.
Procurement Card Presented By: Denise Matias, CAH February 1, 2012.
Credit Card Merchant Training PCI Why Now? In October 2015, there will be a fraud liability shift that will affect merchants not able to accept.
Payment Card Acceptance Security Awareness Interactive Quiz.
Chapter 2 Securing Network Server and User Workstations.
e-Learning Module Credit/Debit Payment Card Acceptance and Security
1 Banking and Reconciliation. 2 To Certify As A Cash Handler  Visit the training website  Review the Payment Card Industry (PCI)
Langara College PCI Awareness Training
INTRODUCTION TO SIM.DLL AGENDA SIM.DLL Overview and Features SIM.DLL Requirements Supported Terminals Transaction Flow Benefits.
EMV: What is it and how will it impact your business.
Fall  Comply with PCI compliance policies set forth by industry  Create internal policies and procedures to protect cardholder data  Inform and.
Step 2 – Register a Card To register a UR Card, you can send an to or fill out the registration form at one of our awesome
Avoiding Unauthorized Purchases An unauthorized purchase is a purchase committing agency funds without prior approval. Training provided by Texas Juvenile.
Confidential and Proprietary - NOT TO BE DISTRIBUTED WITHOUT THE EXPRESS WRITTEN PERMISSION OF BANK OF AMERICA MERCHANT SERVICES. ASTRA EMV Review/Best.
Fraud Procedures Tips for Mitigation Fraud Case Process.
Presented by UT System Administration Information Security Office
Payment Card Industry (PCI) Rules and Standards
Cash Handling – It’s my job
Payment Card Industry (PCI) Rules and Standards
East Georgia State College Annual Purchasing Card Review
PCI-DSS Security Awareness
What Do I Need To Comply? A written policy for your unit detailing how you process payments; Cash Handling Training, renewed every two years; A safe,
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Leon County Schools Purchasing Card Program
Multnomah Education Service District
PCI Rapid Comply Questionnaire
UML Use Case Diagrams.
Cash Handling – It’s my job
UGA Extension PCI DSS Awareness Training
UGA Extension Credit Card Processing Training
Using the Card Swipe Readers
Presented By: Denise Matias, CAH February 1, 2012
Internal Controls.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
ISO 9001 Awareness Training.
Red Flags Rule An Introduction County College of Morris
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
The new data protection rules
Leon County Schools Purchasing Card Program
AS 9100 Awareness Training.
Internal Controls.
UD PCI GUIDELINES A guide for compliance with PCI DSS and the University of Delaware Payment Card Program ALWAYS Process payments immediately using a solution.
Cash Handling Policies and Procedures
Payment Card Industry Data Security Standards (PCI-DSS) Training
Internal Controls.
Presentation transcript:

PCI Device Inspections Student Business Services

PCI Requirement – effective April 2016 New to Version 3 of the Payment Card Industry Data Security Standard – Requirement 9.9: Restrict Physical Access to Cardholder Data “Are the devices that capture payment card data via direct physical interaction with the card protected against tampering and substitution…?” Note: This requirement applies to card-reading devices used in card present transactions (that is, card swipe or dip) at the point of sale. This requirement is not intended to apply to manual key entry components such as computer keyboards and POS keypads.

Requirement Details Maintain policies and procedures regarding requirements for device inspections and inventory. Maintain a device inventory. Document changes to device inventory. Periodically inspect devices for physical tampering or substitution. Train personnel to be aware of attempted tampering or replacement of devices.

Maintain Policies and Procedures… UPPS 3.01.05.07 states that Texas State University will comply with the Payment Card Industry Data Security Standard (PCI DSS) including its evolving standards and practices. http://www.txstate.edu/effective/UPPS/upps-03-01-05.html We will be implementing the device inspection requirement as a monthly task.

Maintain a Device Inventory SBS will provide you with a form that will serve as an inspection log and a device inventory. You may add lines to the Word document as needed. The inventory must include: Make & Model (terminals & pin pads) The serial # (S/N) – usually located on a sticker on the bottom of the device Location (example: admin desk, or cashier’s office)

Document Changes to Device Inventory Document on the inspection log when a terminal is replaced. Include date of replacement. Include make/model, serial number, and location of the terminal that is returned or broken. Include make/model and serial number of the new terminal for that location. Note if a device is simply relocated.

Periodically Inspect the Devices Inspect the following on each device, once a month: The serial # should be the same each time you inspect the device, unless otherwise noted. The card readers (the swipe area or dip area for EMV cards) do not have anything inserted or blocking the area, and do not show signs of damage. The cords are the same, and do not have additional adaptors added to the connectors. Cords should be the same, unless otherwise noted. The tamper stickers should be in place and undamaged. Note if the sticker is peeling due to handling by staff.

Inspection Results Mark each item as “OK” on the log, if everything looks fine. If you see damage or other issues, note on the log and contact SBS for further instructions. If a terminal’s serial number is different and is not otherwise noted on the log, discontinue use and contact SBS immediately! Call 512-245-8326

Additional Tamper Detection Tactics: Be aware of suspicious behavior around devices (for example, attempts by unknown persons to unplug or open devices). Never leave your devices un-attended. Do not allow third-party persons, claiming to be repair or maintenance personnel, access to the devices, unless you have received notification from SBS. Do not give third party callers information regarding your device. No one should call you about your devices, we will call them!

Know Your Stuff: Educate ALL staff on the appropriate handling of your credit card devices. Educate ALL staff to be aware of unauthorized access attempts from people outside the department or outside of SBS. Know your terminal – be familiar with its physical appearance and functionality. Know your staff – educate them and make sure they are FOLLOWING the outlined procedures.

Thank You! Please take a few moments to review the PCI DSS skimming prevention guidance. https://www.pcisecuritystandards.org/documents/Skimming_Prevention_At-a-Glance_Sept2014.pdf …for being diligent in keeping Texas State University a safe place to use credit cards!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.