Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Advisory Committee June 17, 2009.  Implementing E-commerce at UW  Current Status and Future Plans  PCI Data Security Standard  Questions.

Published byPreston Caldwell Modified over 9 years ago

Similar presentations

Presentation on theme: "Web Advisory Committee June 17, 2009.  Implementing E-commerce at UW  Current Status and Future Plans  PCI Data Security Standard  Questions."— Presentation transcript:

1 Web Advisory Committee June 17, 2009

2  Implementing E-commerce at UW  Current Status and Future Plans  PCI Data Security Standard  Questions

3  Prepare an e-commerce business plan.  Obtain approval from Financial Systems Mgmt. Committee.  Organize project.  Obtain bank merchant account & Beanstream account.  Design/build application or install packaged application or configure hosted application according to standards (PCI, Bank, UW).  Integrate with Beanstream if not hosted.  Test.  Review/signoff by Finance and Security.  Go – live.

4  Describe the products or services to be offered and the rationale for offering them via e-commerce.  Provide estimated annual transaction and dollar volume.  Describe the business process to handle the additional workload from the e-commerce function, including the accounting, maintenance, and reconciliation of general ledger accounts and the credit card operation.  Indicate whether the operation currently accepts credit cards.  Identify the hardware requirements and hardware location.  Identify the source of technical support.  Identify areas or departments that need to be involved in the development and implementation of your e-commerce initiative; examples may include Finance, Information Systems and Technology, or Procurement and Contract Services.  Identify the working group to develop the initiative.

5  Must use Beanstream for credit card processing.  Beanstream provides multiple integration methods.  UW uses Beanstream’s hosted payment page to ensure security, privacy, and for easier PCI compliance. No credit card information is stored on a UW server.  IST provides an e-commerce server to host Linux applications.  Use of other, secure servers is acceptable.

6  May use a hosted shopping cart / event management site. Little experience with this at UW.  Must use Beanstream for credit card payment processing in all cases.

7  Retail Services  Housing ◦ Residence deposits ◦ Off campus housing landlord fees  Watcard  Parking  CEMC  Events and conferences come and go

8  Continuing Education  Conference Centre  Food Services

9  UW approved, hosted shopping cart system.  UW approved, hosted event/conference system.  Hosting will significantly reduce implementation effort for all UW participants.  Will make small volume e-commerce sites more feasible.

10  PCI = Payment Card Industry (Amex, Discover, JCB, MC, Visa)  PCI Data Security Standard (DSS)  PCI DSS v1.2 released October 2008  72 page document  Consistent security measures around the processing, storage, and transmission of credit card data  A nice baseline of security measures for any application

11

12  Depends on how credit card data is handled  SAQ = Self Assessment Questionnaire  Assessment from an external QSA  Regular network scans of e- commerce sites SAQ Validation Type Description SAQ: V1.2 1 Card-not-present (e-commerce or mail/telephone-order) merchants, all cardholder data functions outsourced. This would never apply to face-to-face merchants. A 2 Imprint-only merchants with no electronic cardholder data storage B 3 Stand-alone terminal merchants, no electronic cardholder data storage B 4 Merchants with POS systems connected to the Internet, no electronic cardholder data storage C 5 All other merchants (not included in Types 1-4 above) and all service providers defined by a payment brand as eligible to complete an SAQ. D

13  Our acquirer requires us to be compliant with PCI DSS  All validation types apply to UW  Security measures for validation type 5 are expensive  Strategy: Eliminate cases where validation type 5 apply

14  E-commerce websites must not collect, transmit or store credit card information  Reduce scope: Isolate IP-based PoS terminals from the rest of the campus network  Include in more general security policies and procedures

15  Heavy fines from the acquiring bank  Bank could suspend the University’s ability to process any credit card

16  http://finance.uwaterloo.ca/ecommerce/ecommain.ht ml http://finance.uwaterloo.ca/ecommerce/ecommain.ht ml  https://www.pcisecuritystandards.org/security_standa rds/pci_dss.shtml https://www.pcisecuritystandards.org/security_standa rds/pci_dss.shtml  https://strobe.uwaterloo.ca/~twiki/bin/view/ISTITSec/ EcommerceSystemSecurityStandards https://strobe.uwaterloo.ca/~twiki/bin/view/ISTITSec/ EcommerceSystemSecurityStandards

17

Download ppt "Web Advisory Committee June 17, 2009.  Implementing E-commerce at UW  Current Status and Future Plans  PCI Data Security Standard  Questions."

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
ISACA January 8, 2013. IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.

ISACA January 8, IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.

Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.

.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.
PCI DSS for Retail Industry

PCI DSS for Retail Industry
UCSB Credit Card Processing and PCI Compliance

UCSB Credit Card Processing and PCI Compliance
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
Continuing Education Registrations Automated!. Presentation Outline History – Where We Were (Michael) Present – Where We Are Now (Dave) Present – What.

Continuing Education Registrations Automated!. Presentation Outline History – Where We Were (Michael) Present – Where We Are Now (Dave) Present – What.
Navigating the New SAQs (Helping the 99% validate PCI compliance)

Navigating the New SAQs (Helping the 99% validate PCI compliance)
Zenith Visa Web Acquiring A quick over view. Web Acquiring Allows merchants to receive payments for goods and services through the Internet Allows customers.

Zenith Visa Web Acquiring A quick over view. Web Acquiring Allows merchants to receive payments for goods and services through the Internet Allows customers.
Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.

Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
This refresher course will:

This refresher course will:
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.

Property of CampusGuard Compliance With The PCI DSS.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.

Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
Payment Card PCI DSS Compliance SAQ-D Training Accounts Receivable Services, Controller’s Office 7/1/2012.

Payment Card PCI DSS Compliance SAQ-D Training Accounts Receivable Services, Controller’s Office 7/1/2012.
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations

Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations

Similar presentations

Ads by Google