Transcript Accepting Credit Cards and PCI Compliance What are the Requirements? Information Session Agenda • Who • What • Why • When • Where • How Key Players PCI Compliant World events Now All campus Education/Work.

Accepting Credit Cards and PCI
Compliance
What are the Requirements?
Information Session
Agenda
• Who
• What
• Why
• When
• Where
• How
Key Players
PCI Compliant
World events
Now
All campus
Education/Work
Who
Key Players
• Moneris Solutions
• PCI Security Standards Council
(who oversee the Payment Card
Information
Data Security Standards (PCI DSS))
• Merchants - MUN and MUN Depts
Who
Moneris Solutions
• Moneris Solutions is a joint investment
between RBC Royal Bank and BMO Bank
of Montreal that was launched in
December 2000.
• Transaction processing is their business;
VISA, Mastercard, Debit
• They provide a full range of service and
products from point of sale terminals to
full e-commerce solutions.
Who
PCI Security Standards
Council
• Founded in 2006 by some of the largest
credit card companies including VISA and
Mastercard
• Responsible for PCI Security Standards
• The payment card companies themselves
would levy any fines and penalties that
arise due to non compliance.
Who
Memorial University
• We accept credit cards
• We are required to be PCI DSS
Compliant
What
Payment Card
Information
Data Security
Standards (PCI DSS)
• Started by combining VISA and
Mastercard account and cardholder
security programs
• The result is a set of 12 requirements
Why
How did we get here?
• The electronic age makes merchants
the new target for financial fraud
• Lax security by a merchant enables
criminals to steal and use consumer
financial information from payment
card transactions and processing
systems
Why
Fraud
• Sony admitted that the personal
details of 77M users were hacked.
• Winners and HomeSense parent, TJX
Co. lost millions of customers
information to hackers.
• Brock University lost personal
information of donors to
unauthorized access.
When
Timing
• MUN has been “working” on this
since 2007
• Still working towards total
compliance
Where
At MUN Who is
responsible?
• Everyone (locally to a dept; or centrally)
• Person who handles the hardware (credit
card machine)
• Person who accepts a credit card as
payment
• Person who designs a web page to
accept credit cards
• Person who looks after MUN’s databases
• MUN’s Security Officer
How
What to Secure?
• Electronic connections/transmission
• Hardware – Machines
• Electronic storage of records
• Paper based storage of records
How
Types of Connections
• Connectivity (central responsible)
•
•
•
•
Telephone lines
IP lines over the internet
Virtual terminal
Pin pads (connected to a computer)
How
Hardware – Machines
• Security of Hardware hand held
machines
• It must be secure (locally)
• Used properly (swipe; chip) (locally)
• Up to date technology and security
(centrally)
How
Electronic storage of
records (Centrally)
• Credit card numbers; CVC’s
• Current system do not “capture” these
details
• Do not “manually” capture”
How
Security Features
How
Paper based storage of
records
• Credit card numbers; CVC’s
• Never maintained (locally)
• If written down; ensure in secure place
until shredded or at cashiers office
(locally)
How
Awareness Face to Face
1. Suspicious customer behaviour
2. Card security features and
3. Proper processing procedures
4. Code 10 authorizations
How
Credit Card itself
All cards are designed with special security features to
deter counterfeiting and alteration.
When you are presented with a card, look for the
following elements:
On the front
•Verify the match of print and embossing
•Embossing
•Hologram
•Valid Date
•Compare account numbers
On the back
•Signature panel
•Signature
… nothing is more important
than keeping your customer’s
payment card data secure
Questions/Comments/Concerns?
Contact: Heather Whelan
[email protected]
709-864-4391