accepting credit cards and pci compliance what are the requirements? information session
TRANSCRIPT
![Page 1: Accepting Credit Cards and PCI Compliance What are the Requirements? Information Session](https://reader036.vdocument.in/reader036/viewer/2022062803/56649c995503460f94955596/html5/thumbnails/1.jpg)
Accepting Credit Cards and PCI Compliance
What are the Requirements?Information Session
![Page 2: Accepting Credit Cards and PCI Compliance What are the Requirements? Information Session](https://reader036.vdocument.in/reader036/viewer/2022062803/56649c995503460f94955596/html5/thumbnails/2.jpg)
Agenda• Who Key Players• What PCI Compliant• Why World events• When Now• Where All campus• How Education/Work
![Page 3: Accepting Credit Cards and PCI Compliance What are the Requirements? Information Session](https://reader036.vdocument.in/reader036/viewer/2022062803/56649c995503460f94955596/html5/thumbnails/3.jpg)
Who Key Players
• Moneris Solutions• PCI Security Standards Council (who
oversee the Payment Card Information Data Security Standards (PCI DSS))
• Merchants - MUN and MUN Depts
![Page 4: Accepting Credit Cards and PCI Compliance What are the Requirements? Information Session](https://reader036.vdocument.in/reader036/viewer/2022062803/56649c995503460f94955596/html5/thumbnails/4.jpg)
Who Moneris Solutions
• Moneris Solutions is a joint investment between RBC Royal Bank and BMO Bank of Montreal that was launched in December 2000.
• Transaction processing is their business; VISA, Mastercard, Debit
• They provide a full range of service and products from point of sale terminals to full e-commerce solutions.
![Page 5: Accepting Credit Cards and PCI Compliance What are the Requirements? Information Session](https://reader036.vdocument.in/reader036/viewer/2022062803/56649c995503460f94955596/html5/thumbnails/5.jpg)
Who PCI Security Standards Council
• Founded in 2006 by some of the largest credit card companies including VISA and Mastercard
• Responsible for PCI Security Standards• The payment card companies themselves
would levy any fines and penalties that arise due to non compliance.
![Page 6: Accepting Credit Cards and PCI Compliance What are the Requirements? Information Session](https://reader036.vdocument.in/reader036/viewer/2022062803/56649c995503460f94955596/html5/thumbnails/6.jpg)
Who Memorial University
• We accept credit cards• We are required to be PCI DSS
Compliant
![Page 7: Accepting Credit Cards and PCI Compliance What are the Requirements? Information Session](https://reader036.vdocument.in/reader036/viewer/2022062803/56649c995503460f94955596/html5/thumbnails/7.jpg)
What Payment Card Information Data Security Standards (PCI DSS)
• Started by combining VISA and Mastercard account and cardholder security programs
• The result is a set of 12 requirements
![Page 8: Accepting Credit Cards and PCI Compliance What are the Requirements? Information Session](https://reader036.vdocument.in/reader036/viewer/2022062803/56649c995503460f94955596/html5/thumbnails/8.jpg)
Why How did we get here?
• The electronic age makes merchants the new target for financial fraud
• Lax security by a merchant enables criminals to steal and use consumer financial information from payment card transactions and processing systems
![Page 9: Accepting Credit Cards and PCI Compliance What are the Requirements? Information Session](https://reader036.vdocument.in/reader036/viewer/2022062803/56649c995503460f94955596/html5/thumbnails/9.jpg)
Why Fraud
• Sony admitted that the personal details of 77M users were hacked.
• Winners and HomeSense parent, TJX Co. lost millions of customers information to hackers.
• Brock University lost personal information of donors to unauthorized access.
![Page 10: Accepting Credit Cards and PCI Compliance What are the Requirements? Information Session](https://reader036.vdocument.in/reader036/viewer/2022062803/56649c995503460f94955596/html5/thumbnails/10.jpg)
When Timing
• MUN has been “working” on this since 2007
• Still working towards total compliance
![Page 11: Accepting Credit Cards and PCI Compliance What are the Requirements? Information Session](https://reader036.vdocument.in/reader036/viewer/2022062803/56649c995503460f94955596/html5/thumbnails/11.jpg)
Where At MUN Who is responsible?
• Everyone (locally to a dept; or centrally)• Person who handles the hardware (credit
card machine) • Person who accepts a credit card as
payment• Person who designs a web page to
accept credit cards• Person who looks after MUN’s databases• MUN’s Security Officer
![Page 12: Accepting Credit Cards and PCI Compliance What are the Requirements? Information Session](https://reader036.vdocument.in/reader036/viewer/2022062803/56649c995503460f94955596/html5/thumbnails/12.jpg)
How What to Secure?
• Electronic connections/transmission
• Hardware – Machines
• Electronic storage of records
• Paper based storage of records
![Page 13: Accepting Credit Cards and PCI Compliance What are the Requirements? Information Session](https://reader036.vdocument.in/reader036/viewer/2022062803/56649c995503460f94955596/html5/thumbnails/13.jpg)
How Types of Connections
• Connectivity (central responsible)
• Telephone lines• IP lines over the internet• Virtual terminal • Pin pads (connected to a computer)
![Page 14: Accepting Credit Cards and PCI Compliance What are the Requirements? Information Session](https://reader036.vdocument.in/reader036/viewer/2022062803/56649c995503460f94955596/html5/thumbnails/14.jpg)
How Hardware – Machines
• Security of Hardware hand held machines
• It must be secure (locally)• Used properly (swipe; chip) (locally)• Up to date technology and security
(centrally)
![Page 15: Accepting Credit Cards and PCI Compliance What are the Requirements? Information Session](https://reader036.vdocument.in/reader036/viewer/2022062803/56649c995503460f94955596/html5/thumbnails/15.jpg)
How Electronic storage of records (Centrally)
• Credit card numbers; CVC’s
• Current system do not “capture” these details
• Do not “manually” capture”
![Page 16: Accepting Credit Cards and PCI Compliance What are the Requirements? Information Session](https://reader036.vdocument.in/reader036/viewer/2022062803/56649c995503460f94955596/html5/thumbnails/16.jpg)
How Security Features
![Page 17: Accepting Credit Cards and PCI Compliance What are the Requirements? Information Session](https://reader036.vdocument.in/reader036/viewer/2022062803/56649c995503460f94955596/html5/thumbnails/17.jpg)
How Paper based storage of records
• Credit card numbers; CVC’s
• Never maintained (locally)
• If written down; ensure in secure place until shredded or at cashiers office (locally)
![Page 18: Accepting Credit Cards and PCI Compliance What are the Requirements? Information Session](https://reader036.vdocument.in/reader036/viewer/2022062803/56649c995503460f94955596/html5/thumbnails/18.jpg)
How Awareness Face to Face
1. Suspicious customer behaviour
2. Card security features and
3. Proper processing procedures
4. Code 10 authorizations
![Page 19: Accepting Credit Cards and PCI Compliance What are the Requirements? Information Session](https://reader036.vdocument.in/reader036/viewer/2022062803/56649c995503460f94955596/html5/thumbnails/19.jpg)
How Credit Card itself
All cards are designed with special security features to deter counterfeiting and alteration.
When you are presented with a card, look for the following elements:
On the front• Verify the match of print and embossing • Embossing • Hologram • Valid Date • Compare account numbers
On the back• Signature panel • Signature
![Page 20: Accepting Credit Cards and PCI Compliance What are the Requirements? Information Session](https://reader036.vdocument.in/reader036/viewer/2022062803/56649c995503460f94955596/html5/thumbnails/20.jpg)
… nothing is more important than keeping your customer’s payment card data secure