Presentation is loading. Please wait.

Presentation is loading. Please wait.

Credit Card Merchant Training PCI 2015. Why Now? In October 2015, there will be a fraud liability shift that will affect merchants not able to accept.

Published byMaximilian Patrick Modified over 9 years ago

Similar presentations

Presentation on theme: "Credit Card Merchant Training PCI 2015. Why Now? In October 2015, there will be a fraud liability shift that will affect merchants not able to accept."— Presentation transcript:

1 Credit Card Merchant Training PCI 2015

2 Why Now? In October 2015, there will be a fraud liability shift that will affect merchants not able to accept EMV chip cards. This shift will mean that whoever does not have the superior EMV technology between the merchant (i.e. WKU) and the card issuer will absorb any financial loss due to fraud. PCI DSS 3.1 new security requirements effective October 1, 2015

3

4 Challenges for Universities Decentralized environment Variety of credit card data locations Variance in procedures Network connections

5 Goals for WKU Secure, concise practices to benefit and protect departments, employees and WKU Proactive focus on security Compliance with data security standards to be viewed as an “everyday, business-as-usual practice.”(Mills-Sen, 2015 p.5)

6 What’s New? Acceptance of American Express Ingenico ICT 220 – mag-stripe reader, EMV card-entry slot, integrated contactless reader Privileged User Access form and Terminal log Ethernet port connection – dedicated port(s) SAQ requirement will change to B-IP due to change from phone lines to Ethernet

7 What is the Same? Security processes as outlined in the Policy & Procedures for Credit Card Merchants, http://www.wku.edu/policies/docs/146.pdf http://www.wku.edu/policies/docs/146.pdf Annual SAQ questionnaire - prompt response is strongly encouraged to submit completed SAQ in a timely manner Transmittal process

8 Departmental Practices Departments may accept credit cards in person (preferred), by mail, phone, and fax. Always obscure all but the last four digits of the card numbers immediately after the transaction is approved. Never email credit card information or store credit card numbers in any database or spreadsheet. Never send credit card information via text messages or any end-user messaging technology.

9 Departmental Practices If you receive compromised information via email or text: Open a NEW email or text, reply to sender, alert them that credit card information should never be sent via email or text and as a result their information could have been compromised. Inform them we will delete all records of the email or text(s) for security reasons. Ask them to submit the card information using a secure method – in person, by mail, over the phone, fax. Delete ALL records of the email or text (including the trash folder) immediately.

10 Departmental Practices Keep all documentation in a secure, locked location. Store receipts according to WKU’s record retention schedule. All receipts must be shredded after that time. Watch for tampering, add-ons or anything unusual around the device. Be cautious of anyone claiming to be from BB&T stating they are supposed to work on the terminal. If you have concerns, call the Office of the Bursar for verification.

11 Transmittals After credit cards are processed for the day, batch the credit card machine (this may also happen overnight). Submit batch settlements to the Office of the Bursar. Please do not include individual sales receipts for each transaction, only submit the batch total. The transaction details are to be maintained by the department. Please submit transmittals daily per University policy.

12 What’s Next? Pick up new machines WKU IT will schedule a time to check terminal, record MAC address, turn on the dedicated port(s) and test operation Return ALL old credit card terminals to Office of the Bursar by September 30 Future training (required by PCI DSS 3.1) to provide ongoing education and campus security

13 Questions? Training for new terminal: BB&T 1-800-847-2876 M-F 6:00 am – 5:00 pm AZT Questions or changes to merchant account? – Contact Rachel Norton, Bursar Specialist – 270-745-5375, rachel.norton@wku.edu

14 References Branch Banking and Trust. EMV (Europay- MasterCard/Visa). 2015. Mead, Ann K. (authorized). WKU Policy & Procedures for Credit Card Merchants, 3.3101. 2011. Mills-Sen, Pamela. PCI Compliance Crackdown. University Business Magazine Web Feb 2015. PCI Security Standards Council, LLC. PCI DSS SAQ B, v3.0 – Section 2: Self-Assessment Questionnaire. © 2006-2014.

Download ppt "Credit Card Merchant Training PCI 2015. Why Now? In October 2015, there will be a fraud liability shift that will affect merchants not able to accept."

Similar presentations

October 28, 2013. Who? What? When? Why? Comply with PCI compliance policies set forth by industry Create internal policies and procedures to protect.

October 28, Who? What? When? Why? Comply with PCI compliance policies set forth by industry Create internal policies and procedures to protect.
What we all need to know. Approval Date: April 30, 2012 Approved by: President's Council.

What we all need to know. Approval Date: April 30, 2012 Approved by: President's Council.
National Bank of Dominica Ltd. 2011 Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.

National Bank of Dominica Ltd Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.
Credit Card Journal Entry Training in PeopleSoft Financials Office of the Controller.

Credit Card Journal Entry Training in PeopleSoft Financials Office of the Controller.
The University of Texas Health Science Center at San Antonio Credit Card Merchant Procedures Presented by: Office of the Bursar.

The University of Texas Health Science Center at San Antonio Credit Card Merchant Procedures Presented by: Office of the Bursar.
You are responsible for security of your internet banking transactions ONLINE.

You are responsible for security of your internet banking transactions ONLINE.
Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.

Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
This refresher course will:

This refresher course will:
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
PCard User Overview. 2 Marion Campus Who can use the PCard? Users Responsibilities Faculty, staff and students (with supervisor approval) who have been.

PCard User Overview. 2 Marion Campus Who can use the PCard? Users Responsibilities Faculty, staff and students (with supervisor approval) who have been.
1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.

1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.
C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?

C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?
Navigating the trustkeeper.net Portal 2011 PCI:DSS Compliance Validation UCSF Controller’s Office.

Navigating the trustkeeper.net Portal 2011 PCI:DSS Compliance Validation UCSF Controller’s Office.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.

Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations

Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations
CASH HANDLING Training Presentation

CASH HANDLING Training Presentation
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
1 Cash Handling – It’s my job Whether you take in lots of money or … you collect “pennies”

1 Cash Handling – It’s my job Whether you take in lots of money or … you collect “pennies”
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

Similar presentations

Ads by Google