Payment Card Industry (PCI) Compliance. Jay Baucom, Chief Information Officer Arthur Hohnsbehn, Director of Information Technology Jason Godfrey, Security Manager North Carolina Community College System. Payment Card Industry (PCI) Compliance. The PCI Security Standards Council is
Jay Baucom, Chief Information Officer
Arthur Hohnsbehn, Director of Information Technology
Jason Godfrey, Security Manager
North Carolina Community College System
The PCI Security Standards Council is
an open global forum for the ongoing
development, enhancement, storage,
dissemination and implementation of
security standards for account
The PCI Security Standards Council’s
mission is to enhance payment
account data security by driving
education and awareness of the PCI
Security Standards. The organization
was founded by American Express,
Discover Financial Services, JCB
International, MasterCard Worldwide,
and Visa, Inc.
Datatel e-Commerce requires:
Determining My PCI Validation Type - SAQ
Type 1 (SAQ A) – All cardholder data is outsourced.
Type 2 (SAQ B) – Imprint only, no electronic cardholder data is stored.
Type 3 (SAQ B) – Standalone dial-out terminals only, no electronic cardholder data is stored.
Type 4 (SAQ C) – POS or payment system connected to the Internet, no electronic cardholder data is stored.
Type 5 (SAQ D) – All other merchants and all service providers.
With exception of payment card transactions processed utilizing a stand alone dial-up terminal where paper receipts are kept for refund purposes; all other payment card transactions within Colleague (CREN) or utilizing Datatel’s e-Commerce would require a college to submit SAQ D.
What is the impact to the colleges?
Arthur to provide some insight to what the colleges will be doing in addition to their normal processes.
Accepting Payment via Telephone (TREG)
Server via DMI
Accepting Payment via WebAdvisor (WA)
Accepting Payment via Colleague (CREN)
Side Terminal (CC entered via CREN)
Develop a policy for maintaining payment card data. Non e-Commerce should be purged via COCD.
Purge payment card information in Production before cloning the Production environment to Test using COCD.
If troubleshooting e-Commerce with the DMI listener in debug ( -t –v options), remove the log immediately after the debug information has been obtained. You are not compliant with debug turned on.
Work with your Bookstore provider to determine compliance.
PCI Security Standards Council
Datatel AnswerNet Document #4397 - How to remove sensitive credit card data for PCI Compliance http://www.datatel.com
NC Office of the State Controller
NC Office of State Controller
NCCCS System Office
Jay Baucom - (919) 807-6988
Jason Godfrey - (919) 807-7054
Kim Van Metre - (919) 807-7071
General Questions – (800) 363-1621