e learning module credit debit payment card acceptance and security n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
e-Learning Module Credit/Debit Payment Card Acceptance and Security PowerPoint Presentation
Download Presentation
e-Learning Module Credit/Debit Payment Card Acceptance and Security

Loading in 2 Seconds...

play fullscreen
1 / 35

e-Learning Module Credit/Debit Payment Card Acceptance and Security - PowerPoint PPT Presentation


  • 143 Views
  • Uploaded on

e-Learning Module Credit/Debit Payment Card Acceptance and Security. OBFS-Treasury Operations-Merchant Card Services February 26, 2011 Instructor and Moderator, Rebecca Kornegay. Welcome. Introduction.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

e-Learning Module Credit/Debit Payment Card Acceptance and Security


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    e learning module credit debit payment card acceptance and security

    e-Learning ModuleCredit/Debit Payment Card Acceptance and Security

    OBFS-Treasury Operations-Merchant Card Services

    February 26, 2011

    Instructor and Moderator, Rebecca Kornegay

    introduction
    Introduction
    • University of Illinois departments accepts and processes thousands of credit or debit card payment sales daily.
    • Departments are required to comply with payment card industry data security standards (PCI DSS) of Visa, MasterCard, American Express, and Discover to secure cardholder information at all times.
    why are we doing this
    Why Are We Doing This?
    • University students, parents, and customers trust that their card information will be protected at the University of Illinois.
    • To protect the University from a card security breach and monetary fines.
    what will you learn
    What Will You Learn?
    • Anatomy of a Payment Card
    • Required Guidelines as Best Practices for Handling Payment Card Information
    • Payment Card Security
    anatomy of a payment card
    Anatomy of a Payment Card

    Credit/Debit Card –Data Embossed Front

    Bank Card Brand

    Verification Number

    (American Express Only)

    Account Number

    Expiration Date

    Bank Card Logo

    Cardholder Name

    anatomy of a credit debit payment card
    Anatomy of a Credit/Debit Payment Card

    Credit/Debit Card –Data Imprinted Back

    Magnetic Stripe

    Signature Panel

    Security Code

    (Visa, MasterCard, Discover)

    payment card acceptance and processing
    Payment Card Acceptance and Processing

    Payment card transactions must be accepted using one of the following methods and technologies,

    • Methods
      • Face to Face (card present)
      • Mail, Telephone or Fax (card NOT present)
      • University-approved internet application (card NOT present)
    • Technologies
      • Terminal
      • Point-of-Sale (POS) system
      • e-Commerce
    secure methods
    Secure Methods

    Mail or Telephone Orders (MOTO)

    Fax

    Phone

    Mail

    not secure methods
    Not Secure Methods

    Instant Messaging or Chat

    Wireless Devices

    Staff entering a cardholder’s card information into computer or a website from their workstation computer.

    PDA Device

    email not a secure method
    Email Not A Secure Method

    If a customer sends their card information via email,

    • Delete the email from your inbox and deleted box, then send a message of response.
    • If you reply to the original email, remove the card information before sending the message.
    • Send a response that the card information is not accepted via email and provide alternative methods for sending their card information by fax, mail, phone, etc.
    card present transactions
    Card Present Transactions

    Accepting a payment card from face-to-face

    card present transactions1
    Card Present Transactions

    If You Handle Card Present Transactions,

    • The payment card must be swiped through the terminal or POS system card magnetic stripe reader.
    • Do not keep any card information after the transaction has been authorized.
    • Keep the payment card within the customer’s view and shield from the view of others.
    card not present transaction
    Card NOT Present Transaction
    • The physical payment card is not provided for processing.
    • Requires manual entry of the card number into a processing technology.
    card not present transaction1
    Card NOT Present Transaction

    In addition to manually entering the Cardholder Account Number, for card NOT present transactions you must enter,

    • Expiration Date, 02/14
    • Card Billing Address Street Number, 3775
    • ZIP code, 61821
    • Verification Number (front of AMEX Card)
    • Security Code, CVS, CVV2, CID (Visa, MasterCard, & Discover Cards)
    card not present transaction2
    Card NOT Present Transaction

    Sensitive Security Authentication Data,

    must NEVER be stored after the transaction

    authorized.

    • Security Code and Verification Number
    • PIN Numbers
    • Expiration Date
    • Payment Card Full Magnetic Stripe Data
    card not present transaction by phone
    Card NOT Present Transaction By Phone

    Payment Card Data Acceptance Requirements

    • Phone
    card not present transaction by phone1
    Card NOT Present Transaction By Phone

    Payment Card Data Acceptance Requirements

    • Phone
    card not present transaction by fax
    Card NOT Present Transaction By FAX

    Payment Card Data Acceptance Requirements

    • Fax
    card not present transaction by fax1
    Card NOT Present Transaction By FAX

    Payment Card Data Acceptance Requirements

    • Treat a fax the same way as you would treat cash

    $100 Bills

    card not present transaction by mail
    Card NOT Present Transaction By Mail

    Payment Card Data Acceptance Requirements

    • Mail

    $100 Bills

    card not present transaction by paper based forms
    Card NOT Present TransactionBy Paper Based Forms

    Payment Card Data Acceptance Requirements

    • Paper Based Forms
    card not present transaction by paper based forms1
    Card NOT Present TransactionBy Paper Based Forms

    If paper records containing card account numbers,

    • Remove all but the last four digits to be rendered unreadable by blackening the numbers with china marker grease pencil or with character replacements of *, #, X.
    card not present transaction by paper based forms2
    Card NOT Present TransactionBy Paper Based Forms

    Designing Order, Registration, or Invoice Forms

    • Form area capturing card information must be,
      • Placed at bottom of form
      • Remove card information
      • After processing payment, cut or tear form bottom to be shredded
      • Printed receipts or invoices distributed outside the unit must show only the last four digits of account number.
    card not present transaction by paper based forms3
    Card NOT Present TransactionBy Paper Based Forms

    If paper records containing card account numbers,

    • Disposing of Paper Based Forms
    accessing and storing payment card information
    Accessing and Storing Payment Card Information

    Required Procedures for Accessing Card Information

    • Limit access to documents and reports
    • Never share logins and/ or passwords with others, including coworkers.
    accessing and storing payment card information1
    Accessing and Storing Payment Card Information

    Required Procedures for Storing Card Information

    • Databases, spreadsheets and other electronic systems must ONLY store the last four digits of the card account number.
    • NEVER store the card expiration date, verification number, or security code in ANY electronic spreadsheet, database or system.
    accessing and storing payment card information2
    Accessing and Storing Payment Card Information

    Required Procedures for Storing Card Information

    • Store all materials containing cardholder account information in a secure and restricted area.
    payment card transactions delayed processing
    Payment Card Transactions Delayed Processing

    Best practice is to process payment card information immediately for the transaction to be authorized.

    • If a delay is required,
      • Do not store the card information in electronic format.
      • Card information must be kept secure and with restricted access until the payment is processed for authorization.
    payment card transactions delayed processing1
    Payment Card Transactions Delayed Processing
    • Secure the paper form containing payment card information following the same guidelines used for securing cash transactions.
    • Treat delayed processing paper containing card information as if it were cash.
    security reminder phishing
    Security ReminderPhishing

    Securing Payment Card Information

    • Be aware of phishing methods that attempt to trick you into providing card data for malicious purposes.
    • Never provide a customer’s payment card information to anyone.
    • Merchant Card Services and the University’s bank processor, Global Payments, will never contact a department to request for you to provide card information.
    what happens if payment card information is lost or stolen
    What Happens if Payment Card Information is Lost or Stolen?
    • Stolen card data might be used to make counterfeit cards.
    • Can be sold for illegal purposes, such as facilitating identity theft.
    • An expensive forensic investigation may result.
    • The University will be fined for the breach and other associated costs, such as the forensic investigation.
    payment card security breach consequences
    Payment Card Security Breach Consequences

    The consequences of a security breach,

    • A forensic investigation will determine the amount of data lost and how the loss occurred.
    • All fines, monetary penalties, and other associated costs related to the breach are paid by the department merchant that experienced the breach.
    • Increased processing restrictions or loss of processing privileges for the department.
    payment card security breach consequences1
    Payment Card Security Breach Consequences

    Breach in security could result in,

    • Significant monetary fines to the University.
    • Potential loss of reputation and trust from students, parents, and customers.
    • The entire University could lose the privilege to accept and process credit/debit cards due to a department’s payment card security breach.
    thank you
    Thank you!

    Questions, contact Rebecca Kornegay at University of Illinois Merchant Card Services Office,

    by PHONE: 217-244-9384 or E-MAIL: kornegay@uillionois.edu