Payment Card Industry Data Security Standards (PCI-DSS) Training
8 Slides2.28 MB
Payment Card Industry Data Security Standards (PCI-DSS) Training
What is PCI-DSS? PCI-DSS is broken down into 12 requirements and helps to secure credit/debit card information. PCI-DSS applies to all entities that store, process, and/or transmit cardholder data.
PCI Requirements The majority of these requirements are handled by ITS, Office of Cashiering, & department managers. You need to focus on Requirement 3.
Requirement 3: Protecting Cardholder Information What is Cardholder Information? Cardholder data refers to any information on a customer’s payment card: Primary Account Number (PAN) – number printed or embossed on the front of the card Expiration date of the card Cardholder name Any magnetic stripes embedded on the back of the card Data chips within the card Security code on the card
Accepting Credit/Debit Cards In order to process a card, we need the following information: Cardholder’s Name 16 digit card number (Visa, MasterCard, or Discover) Expiration Date Billing zip code Telephone number Note: We do not need the security code to process a card. Please do not ask for or store this information. For security, all cardholder information should be processed in the cashiering system immediately.
Accepting Credit/Debit Card Don’ts
Accepting Credit/Debit Card Don’ts Card numbers should never be faxed or emailed because they travel through a public network and transmissions are not encrypted. Card numbers should never be unsecured for any period of time. If payments are not processed immediately, they should be locked in a secure location with limited access. Please do not leave this information lying around on desks or printers. Card numbers should never be saved on PCs, laptops, smart phones, etc. Card numbers should never be mailed from one department to another. Please hand deliver this information to the Office of Cashiering. If you must store information that contains card numbers, the numbers must be blacked out or deleted (if using an electronic source) before storing. Cashiering accounts should never be shared. Only process payments on your account.
Consequences for not being PCI Compliant The entire university will lose the ability to accept credit and debit cards as a form of payment. It is very important that we keep cardholder information secure.