Payment Card Security Policy

Similar documents
Administration and Department Credit Card Policy

CREDIT CARD PROCESSING AND SECURITY

Ball State University

Subject: Protecting cardholder data in support of the Payment Card Industry (PCI) Data Security Standards

Subject: Protecting cardholder data in support of the Payment Card Industry (PCI) Data Security Standards

Payment Card Industry Data Security Standards (PCI DSS) Initial Training

Credit Card Handling Security Standards

BUSINESS POLICY. TO: All Members of the University Community 2016:07. Credit Card Processing and Security Policy (Supersedes Policy 2009:05 & 2012:12)

Business Practices Seminar April 3, 2014

VPSS Certification Frequently Asked Questions

OLD DOMINION UNIVERSITY PCI SECURITY AWARENESS TRAINING OFFICE OF FINANCE

PCI Training. If your department processes credit card information, it is CRITICAL that you understand the importance of protecting this data.

PAYMENT CARD INDUSTRY

2.1.3 CARDHOLDER DATA SECURITY

Payment Card Industry Data Security Standards (PCI DSS) Awareness Training

Payment Card Acceptance Administrative Policy

Payment Card Industry Training 2014

What is PCI Compliance?

Clark University's PCI Compliance Policy

UNL PAYMENT CARD POLICIES AND PROCEDURES. Table of Contents

Securing Credit Card Data at UB (complying with Payment Card Industry Data Security Standards)

COLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6

The University of Michigan Treasurer s Office Card Services. Merchant Services Policy Document

PCI DSS and GDPR Made Easy

PCI security standards: A high-level overview

Payment Card Industry Compliance Policy

CARD ISSUER DUTIES & RESPONSIBILITIES. Copyright 2013 CO-OP Financial Services

protect fraudulent against transactions your business Introduction What is a fraudulent transaction? Merchant Responsibilities Card Present

Credit Card Acceptance and Processing Procedures

A to Z Jargon buster. Call +44 (0) to discuss your upgrade options

Before debiting the Cardholder, the Merchant shall conduct the checks specified below.

Campus Administrative Policy

CASH HANDLING. These procedures apply to any individual handling or processing University or Auxiliary Organization cash or cash equivalents.

minimise card fraud in your business.

MERCHANT MEMBER PACKAGE AGREEMENT & APPLICATION

Visa or mastercard stolen card numbers with zip code

PAI Secure Program Guide

Cash Advance Application

ACCOUNTS PAYABLE POLICIES AND PROCEDURES

PCI Compliance and Payment Card Processing Policy

A report showing the merchant s settlement. The acquirer settlement report is generated by the acquiring bank at the end of every billing cycle.

Visa s Approach to Card Fraud and Identity Theft

Handling Debit Card Chargebacks

MERCHANT CARD PROCESSING AGREEMENT 1. MERCHANT S APPLICATION AND INFORMATION.

PCI-DSS for Credit Unions

Your Merchant Facility and Managing Risk

Merchant Payment Card Processing Guidelines

REGULATIONS for the processing of card payments.

Merchant Services Card Acceptance and Reference Guide

Indiana University Payment Card Merchant Agreement

RETAIL SPECIFIC NEWS Keeping you in the know

BOQ MERCHANT FACILITY

Recognizing Credit Card Fraud

Authorization Approval of a transaction by the financial institution that issued a paycard or other payment card.

Chapter 4 E-commerce Security and Payment Systems

Data Breach Financial Protection Program Terms and Conditions

MERCHANT CARD PROCESSING AGREEMENT 1. MERCHANT S APPLICATION AND INFORMATION.

Chargebacks 101. Do draft retrievals result in upfront debits? No, draft retrievals are non-monetary.

General Conditions for issuance and use of Visa Credit Cards with chip of Komercijalna Banka AD Skopje for individuals 1

Departmental Funds Receipting

Credit Card Processing Best Practices

ACCOUNT MAINTENANCE AND CARD USAGE RULES of AS DNB banka

Table of Contents. Overview. What is payment processing? Who s Who. Types of Payment Solutions. Online Transactions. Interchange Process

Rules for Visa Merchants Card Acceptance and Chargeback Management Guidelines

PCI FAQ Q: What is PCI? ALL process, store transmit Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)?

American Express Merchant Reference Guide - Canada

regulating the credit transfers and money remittance;

AN 1213 Revised Standards Signature Requirements

Tips for Preventing Credit Card Fraud and Avoiding Chargebacks

TERMS AND CONDITIONS FOR THE ISSUANCE AND USE OF A CORPORATE CARD

ANZ MERCHANT BUSINESS SOLUTIONS

Reconsidering Key Entry and Voice Authorizations

WEBINAR. Five Steps to PCI Compliance. Madeline Long. Ron Demmans. Download these slides at Director of Sales Solveras

Merchant Business Solutions

Application of Policy. All University faculty, staff, and third party service providers.

EQUA BANK PRODUCT TERMS AND CONDITIONS FOR DEBIT PAYMENT CARDS 1. INTRODUCTORY PROVISIONS

CASH HANDLING PROCEDURES

PCI 101: Transaction Volumes and Validation Requirements. By Chip Ross January 4, 2019

Cash Handling Policy & Procedures

PayPal Website Payments Pro and Virtual Terminal Agreement

CASH HANDLING PROCEDURES

Event Merchant Card Services

RentWorks Version 4 Credit Card Processing (CCPRO) User Guide

Payment Processing 101

CARD PROGRAM SERVICES. Terms and Conditions (Merchant Agreement)

Merchant Operating Guide

Amstar Brands Payment Methods Manual. First Data Locations

Merchant Business Solution. Card Acceptance by Business Terms and Conditions. Version: 8.0. Effective date: December 2017.

American Express Data Security Operating Policy Thailand

HSBC Visa Credit Card User Guide

Administration Policy

2009 North49 Business Solutions Inc. All rights reserved.

think samba think samba World class banking solutions for the most important things in life

card fraud business Helpful information for Merchants Avoiding card fraud

EFTPOS Merchant Agreement Terms and Conditions

MERCHANT OPERATING GUIDE ANZ POS PLUS 2 SIMPLE AND RELIABLE PAYMENT SOLUTIONS

Data Compromise Issues: Is Your Company in Shape To Deal with Banks & Card Networks?

EMV Chargeback Best Practices

Overview of Cards ecosystem. April 2016

Card Acceptance Guide

Transcription:

Responsible University Administrator: Vice President for Finance and Administration Responsible Officer: Director of Student Financial Services Origination : 4/1/2016 Current Revision : N/A Next Review : 7/1/2017 End of Policy : N/A Policy Number: ADMA-BUS-009 Status: Effective Payment Card Security Policy Policy Statement Accepting payments by credit or debit card is very convenient and one of the most recognized methods of payment. If utilized safely, it can enhance the revenue stream of a unit/ department. By being approved to use this method, each unit/department is responsible for the associated risks of fraud and identity theft. Reason for Policy/Purpose This document and additional supporting documents represents The University of Southern Mississippi s policy to prevent loss or disclosure of customer information including payment card data. Failure to protect customer information may result in financial loss for customers, suspension of credit card processing privileges, and fines imposed on and damage to the reputation of the unit and the university. Who Needs to Know This Policy The University of Southern Mississippi Payment Card Security Policy applies to all faculty, staff, students, organizations, third party vendors, individuals, systems and networks involved with payment card handling. This includes transmission, storage and/or processing of payment card data, in any form (electronic or paper), on behalf of The University of Southern Mississippi. Website Address for this Policy www.usm.edu/institutional-policies/policy-adma-bus-009 1

Definitions Payment Card Industry Data Security Standards (PCI DSS) Cardholder Cardholder Data (CHD) Primary Account Number (PAN) Cardholder Name Expiration Service Code Sensitive Authentication Data Magnetic Stripe (i.e., track) data CAV2, CVC2, CID, or CVV2 data The security requirements defined by the Payment Card Industry Security Standards Council and the 5 major Payment card Brands: Visa, MasterCard, American Express, Discover, and JCB. These security requirements apply to all transactions surrounding the payment card industry and the merchants/organizations that accept these cards as forms of payment. Further details about PCI can be found at the PCI Security Standards Council Web site (https://www.pcisecuritystandards.org) Someone who owns and benefits from the use of a membership card, particularly a payment card. Those elements of payment card information that are required to be protected. These elements include Primary Account Number (PAN), Cardholder Name, Expiration and the Service Code. Number code of 14 or 16 digits embossed on a bank or payment card and encoded in the card's magnetic strip. PAN identifies the issuer of the card and the account, and includes a check digit as an authentication device. The name of the Cardholder to whom the card has been issued. The date on which a card expires and is no longer valid. The expiration date is embossed, encoded or printed on the card. The service code that permits where the card is used and for what. Additional elements of payment card information that are also required to be protected but never stored. These include Magnetic Stripe (i.e., track) data, CAV2, CVC2, CID, or CVV2 data and PIN/PIN block. Data encoded in the magnetic stripe or equivalent data on a chip used for authorization during a card present transaction. Entities may not retain full magnetic stripe data after transaction authorization. The three or four digit value printed on or to the right of the signature panel or on the face of a payment card used to verify card not present transactions. 2

PIN/PIN block Disposal Department Personal Identification Number entered by cardholder during a card present transaction, and/or encrypted PIN block present within the transaction message. CHD must be disposed of in a certain manner that renders all data un recoverable. This includes paper documents and any electronic media including computers, hard drives, magnetic tapes, USB storage devices,(before disposal or repurposing, computer drives should be sanitized in accordance with the (Institution s) Electronic Data Disposal Policy). The approved disposal methods are: Cross cut shredding, Incineration, Approved shredding or disposal service Any department or unit (can be a group of departments or a subset of a department) which has been approved by the (institution) to accept payment cards and has been assigned a Merchant identification number. Database A structured electronic format for organizing and maintaining information that is accessible in various ways. Simple examples of databases are tables or spreadsheets. Policy/Procedures In order to accept credit and debit card payments, The University of Southern Mississippi must prove and maintain compliance with the Payment Card Industry Data Security Standards (PCI DSS). The University of Southern Mississippi Payment Card Security Policy and additional supporting documents provide the required guidance for processing, transmission, storage and disposal of cardholder data. This is done in order to reduce the institutional risk associated with the handling of payment card data and to ensure proper internal control and compliance with the PCI DSS. It is the policy of The University of Southern Mississippi to allow acceptance of payment cards as a form of payment for goods and services upon written approval from the university Merchant Services/PCI Compliance Committee. The University of Southern Mississippi requires all departments that accept payment cards to do so only in compliance with the PCI DSS and in accordance with the procedures outlined in this policy document, The University of Southern Mississippi Administration and Department Procedures and other supporting documents. Review The Director of Student Financial Services is responsible for review of this policy annually. 3

Forms/Instructions Annual Merchant Survey Renewal Department Policy Template Appendices N/A Related Information Administration and Department Procedures Information Security Incident Response Plan Department Payment Card Responsibilities History New policy instituted in 2016. Amendments: N/A 4

Authorization Title: Payment Card Security Policy Policy number: ADMA-BUS-009 RECOMMENDED BY: 7-;Afc-/h 6tWDCUdA.JSMiAJA'fc=: Responsible University Officer ' (. z.&'. llp JrI2t.!JL2 REVIEWED BY:~ Director ofcompliance and Ethics APPROVED: ~ I ~ M_" President 5

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback