1 / 12

Payment Card Acceptance

Payment Card Acceptance. Mark McCulloch mmccullo@uoregon.edu June 2018. Content. How Payments Work Card Fraud Risk Policy Procedures Annual Self Assessment Security Awareness Training Campus Guard Penetration Testing. 1. How Payments Work. 3 . Card Fraud. 2. Risk.

Ava
Download Presentation

Payment Card Acceptance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Payment Card Acceptance Mark McCulloch mmccullo@uoregon.edu June 2018

  2. Content • How Payments Work • Card Fraud • Risk • Policy • Procedures • Annual Self Assessment • Security Awareness Training • Campus Guard • Penetration Testing

  3. 1. How Payments Work

  4. 3. CardFraud

  5. 2. Risk Card fraud is tracked by issuing banks. They can identify the merchant responsible for exposing card data. If a breach involves large number of cards, the brand will fine the merchant bank, who can pass the fine on to the merchant and order a forensic investigation. Press coverage may damage university reputation • Verizon evaluated 2216 data breaches in 2017 • 76% were financially motivated, 15% point of sale(hacking and RAM scraping), 5% skimming(ATMs and payment card terminals)

  6. 4. Payment Card Acceptance Policy • UO Policy Library

  7. 5. Payment Card Acceptance Procedures • BAO Websiteunder cashiering or • Search from UO home page

  8. 6. Annual Self Assessment • Because UO processes under 1M transactions we can self-assess • We attest to our merchant Bank US Bank/Elavon • Merchant self assessments are due March 31st each year • Campus Guard Portal

  9. 7. Security Awareness Training • Required annually • Search for PCI in the MyTrack Learning Library • Two versions: • PCI SAT for card present transactions (for cashier staff)or • PCI SAT for all transaction types (for supervisors, budget mgrs, and IT)

  10. 8. Campus Guard • Services; portal, scanning, 40 hours, one on-site • $16,800 annually (BAO, IS, Parking, Athletics, Student life, and Housing) • Penetration Testing • On-site visit (Parking, Bach, Athletics)

  11. 9. Penetration Testing Required • Athletics (Chris Butler): • Mo Center concessions • Autzen concessions • Hatfield Dowlin Training Table • Health Center and Pharmacy (Charles Holland) • EMU (Cleven Mmari) • Outdoor Program • PE and Rec • Scheduling and Event Services • Parking (Bill Anderson) • Luke pay stations • Amano (this pay in lane payment application requires more involved penetration testing but will be replaced at some point)

  12. Questions ? Mark McCulloch mmccullo@uoregon.edu June 2018

More Related