pci compliance n.
Skip this Video
Loading SlideShow in 5 Seconds..
PCI Compliance PowerPoint Presentation
Download Presentation
PCI Compliance

Loading in 2 Seconds...

play fullscreen
1 / 17

PCI Compliance - PowerPoint PPT Presentation

  • Uploaded on

PCI Compliance. Data Security Standard. Points of Interest. What Is PCI ? Who Does I t Apply T o ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?. What is PCI ?. PCI ( Payment Card Industry )Standards Council

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PCI Compliance

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
pci compliance

PCI Compliance

Data Security Standard

points of interest
Points of Interest
  • What Is PCI ?
  • Who Does It Apply To ?
  • Who Is Involved With the Compliance Process ?
  • How We Can Stay Compliant ?
what is pci
What is PCI ?

PCI (Payment Card Industry)Standards Council

Responsible for the development, management, education, and awareness of the PCI Security Standards, including the Data Security Standard (PCI DSS) requirements.

pci s purpose
PCI’s Purpose
  • Manage risk associated with credit card activity
  • Protect card data
  • Avoid Punitive measures/damages
  • Minimize cost for non-compliance
who does pci apply to
Who Does PCI Apply To?
  • Standard applies to:

- Merchants (Departments)

- Service Providers (3rd Party, Gateways)

  • Applies if you:

- Store Cardholder Data

- Transmit Cardholder Data

- Process Cardholder Data

  • Applies to:

- Electronic Transactions

- Paper Transactions

how do we comply
How Do We Comply?

Complete the PCI Self- Assessment Questionnaire (SAQ)

  • Ensures Cardholder Data Is protected

- Encrypt Transmission of data

  • Implements Strong Access Controls

- Restrict physical access to data

  • Maintain Security Policy

- Policy that addresses information security for all personnel

why do we comply
Why Do We Comply ?

UT Merchants and Usage

- UT has over 125 merchants University Wide

- Over 960,000 transactions

- $165 Million in revenue

Potential Fee Assessments

  • $500,000 per data security incident
  • $50,000 per day for non-compliance with PCI
  • Liability for all fraud losses incurred from compromised account numbers
  • Liability for the cost of re-issuing cards associated with a compromise of data
  • Suspension of Merchant Account
major players
Major Players
  • UT System Administration (UTSA) – Information Security Office
  • I.T. (System & Campus)
  • Chief Business Office (CBO)
  • Treasurer’s Office
  • Merchant (Departments)
compliance roles
Compliance Roles

UTSA (University of TN System Administration)

Information Security Office

  • Consulting, guidance, and oversight related to PCI compliance and IT Security controls
  • Review technical implementations related to PCI
  • Incident response coordination
  • Quarterly security scan coordination
  • Validate SAQs annually
compliance role
Compliance Role

IT Position of Authority

  • Provide compliance support & consulting
  • Identify & review systems in PCI scope
  • Provide technical guidance
  • Ensure a segmented cardholder data environment exists
compliance role1
Compliance Role

Chief Business Officer

  • Approve the business need for Merchant ID’s
  • Attest to SAQ (signature of CBO)
  • Monitor PCI compliance
compliance role2
Compliance Role

Treasurer’s Office

  • Oversee credit card accounting for approved merchant
  • Manage the Merchant ID approval process
  • Maintain the relationship with the University’s credit card processor
compliance role3
Compliance Role

Merchant (Departments)

  • Complete SAQ annually
  • Have internal procedures in place
  • Update terminal software every 18 months
  • Notify UTSA in the event of a data breach
  • Financially responsible for cost associated with compliance (Fees, fines, remediation)
saq deadline
SAQ Deadline

All completed forms due in Bursar’s by the close of business, April, 15th, 2014

  • Byron Porter 448-4847 bporter3@uthsc.edu
  • Nadia Hussey 448-2914 njoneshu@uthsc.edu

Bursar’s Office

Hyman Building

62 S. Dunlap Rm. 103