Transcript Youngstown State University

PCI Training
Youngstown
State University
enter or left click on mouse to advance slides
Overview
In response to consumer concerns with the security of credit card usage, the
Payment Card Industry (PCI) council – which includes American Express,
Discover, MasterCard, and Visa – has issued Payment Card Industry Data
Security Standards (PCI DSS) which must be complied with by any business or
organization accepting those card brands. If compliance is not maintained,
Youngstown State University could lose its right to accept those cards, suffer
fees, fines, permit financial harm to befall our stakeholders, and irreparably
damage the University’s reputation.
Part of the University’s PCI Compliance Plan is an annual PCI training
conducted by the Bursar.
PCI Council Training Video
Add me- not
available on this
Power Point
https://www.pcisecuritystandards.org/smb/
Which statement below is true?
o The only person who should be presenting a credit card to you for payment
is the person whose name is on the front of the card and their name is signed.
Correct Answer
o It is okay to accept a parent's credit card from a student as long as their last
name matches and they can show proof of relationship.
o It is okay to accept a spouse's credit card if the last names match.
o It is okay to accept someone else's credit card if the person in possession of
the card has a signed letter from the owner of the card and their signature.
Departments/cashiers/student employees who work with credit cards,
and/or credit card machines.
• The machines should be settled every night after closing
• Do not allow anyone to inspect or remove the machine unless you know who they are
• If your machine appears to have been tampered with, please contact Gloria Kobus,
Bursar. You are required to keep the signed copy of the credit card receipt for 18
months
• If you are hand entering credit card numbers, do not accept credit card numbers taken
through e-mail (phone, fax, and US mail are okay as long as the credit card number is
kept secure until entered and destroyed afterwards).
• If a credit card is denied, do NOT override under any circumstances (phone call from a
“bank” for example).
• You should not accept an unsigned card.
• Do not accept a credit card if the signatures do not match, the card appears to have
been altered or tampered with, or you are told when the card is swiped to “pick up” the
card.
Which of the following are red flags for potential credit card
fraud and may indicate that a closer inspection of the card or
extra identification may be required?
o The person using the credit card tries to distract or rush you
during the sale.
o The person makes a large purchase right after opening or right
before closing.
o A purchase is made, and the person leaves and then returns to
make more purchases.
o The card appears to have been altered or damaged.
 All of the above.
PCI Training Video
Add me- not
available on this
Power Point
https://www.pcisecuritystandards.org/smb/
General Reminders :
Make sure you are not storing full credit card numbers anywhere.
Please double check old forms on file, old receipts, ect. Black out or
destroy the credit card number. It is NOT okay to throw away old
credit card receipts with full credit card numbers – PCI requirements
override record retention requirements.
Additional Reminders!!!!
• Please double check to make sure there are no Social Security numbers on old forms or
stored in your computer. Do not post or display SSNs or transmit over the internet.
• Limit access to personal information as much as possible.
• Be sure to change passwords on a regular basis and never use default passwords.
• Secure customer records and information by locking rooms and file cabinets.
• If you think that you’ve had a compromise/breach (for example, a locked cabinet with
credit card numbers waiting to be entered was broken into), please contact the Bursar.
The Bursar will work with the department to determine the extent of the breach and
may need to contact Visa etc., the local FBI, and/or U.S. Secret Service.
• Please make sure anyone in your department who will be working with credit cards
completes this training.
Just a reminder for departmental credit card users, please do not write down the credit card
number for someone else to use and make sure when entering the credit card number online that it is only through a secure site (https).
Which of the following could indicate a counterfeit credit
card?
oThe embossing on the card is illegible or the card doesn't have an
expiration date.
oIf the name on the card does not match the signature or there is a
misspelling.
oThe hologram is not clear or the picture in the hologram does not move.
oIf the card does not start with the correct numberic digit All American Express cards start with a 3
All Visa cards start with a 4
All MasterCards start with a 5
All Discover cards start with a 6
All of the Above
Don’t Get Targeted
Breaking down the avg. cost
• Average cost per breach: $5.4
million
• $400k on detection on escalation
cost
• $565k on notifications
• $1.4 million of post breach cost
• $3 million on lost customer base
Thank you
Don’t forget !!!!!
Directors/Responsible Party: complete the requirement form and return to Gloria Kobus
Office of University Bursar, Meshel Hall, Room 227.
Staff: complete the requirement form and give to your Director or Responsible Party.
Both forms can be found at:
http://web.ysu.edu/contentm/easy_pages/easy_page_view.php?sid=25&page_id=1301