PCI PAYMENT CARD INDUSTRY DEBITCREDIT CARD INFORMATION ACCEPTING
PCI – PAYMENT CARD INDUSTRY DEBIT/CREDIT CARD INFORMATION
ACCEPTING PAYMENT CARDS You MUST have approval from Financial Services and the PCI Committee, if a department wants to accept payment cards • Directly, • Via a third-party system, or • Have a third party collect/sell on their behalf You MUST have approval from Financial Services and the PCI Committee (as well as ITCS) prior to signing any contract with a vendor for any of the following, which involves the processing of debit/credit card payments • Software, • Hardware, or • Services
PCI SECURITY, TRAINING Banner Security Request – one time PCI Security Awareness Training – annual PCI Standards and Procedures – annual New hires – initiate process by submitting the Banner Security Request Termination/Transfer – notify Financial Services of employee’s departure so security can be removed Change in job duties – submit security request or notify Financial Services
DO NOT… × …Email cardholder data (delete it & do not process) × …Allow faxes with cardholder data on a networked copier/fax First & Last 4 digits are safe to store electronically and hard copy × …Store full card numbers electronically × …Store full card numbers (hard copies/paper) AFTER processing, unless you have a documented business need × your business need and storage process must be approved by Financial Services & the PCI Committee × …Process any payments or allow others to submit transactions on a computer in your department, unless it has been approved and secured for PCI × …Process transactions on mobile devices(phones/tablets) - Wi-Fi is NOT secure × …Surplus old credit card terminals/devices – contact Financial Services to have it destroyed properly × …Allow any employee to access cardholder data or equipment/software to process payments, unless they have submitted a Banner Security Request and completed PCI Security Awareness training
WHAT OPTIONS ARE AVAILABLE? Touchnet U-store (registration/payments online) Touchnet U-Pay (links with Touch. Net partners) POS terminal (credit card terminals connected to ECU wired network) Cellular POS/Clover Flex – mobile (processes on cellular network) • Available for ECU departments to rent for university business Clover Station (register with cash drawer available) FD 150 & RP 10 Clover Flex Clover Station with cash drawer and printer
WHAT’S NEW Contactless (NFC) • 75% of campus can accept contactless – Apple Pay, Google Pay, Cards with “tap” symbol • Tap phone, watch or card near NFC area on terminal or pin pad
PCI/ECOMMERCE REQUESTS All requests for PCI and e. Commerce support should be submitted through the ITCS Help Desk Ticket System – Team Dynamix https: //ecu. teamdynamix. com/TDClient/Requests/Service. Catalog? Catego ry. ID=9077
QUESTIONS? WANT MORE INFORMATION? Contact Robin Mayo mayoro@ecu. edu
- Slides: 8