Add to collection(s) Add to saved
  1. Business
  2. Accounting

Data Security Standard

advertisement 
Data Security Standard
• What Is PCI ?
• Who Does It Apply To ?
• Who Is Involved With the Compliance Process ?
• How We Can Stay Compliant ?
PCI (Payment Card Industry)Standards Council
Responsible for the development, management, education, and
awareness of the PCI Security Standards, including the Data
Security Standard (PCI DSS) requirements.
•
•
•
•
Manage risk associated with credit card activity
Protect card data
Avoid Punitive measures/damages
Minimize cost for non-compliance
Standard applies to:
- Merchants (Departments)
- Service Providers (3rd Party, Gateways)
 Applies if you:
- Store Cardholder Data
- Transmit Cardholder Data
- Process Cardholder Data
 Applies to:
- Electronic Transactions
- Paper Transactions
Complete the PCI Self- Assessment Questionnaire (SAQ)

Ensures Cardholder Data Is protected
- Encrypt Transmission of data

Implements Strong Access Controls
- Restrict physical access to data

Maintain Security Policy
- Policy that addresses information security for all personnel
UT Merchants and Usage
- UT has over 125 merchants University Wide
- Over 960,000 transactions
- $165 Million in revenue
Potential Fee Assessments
 $500,000 per data security incident
 $50,000 per day for non-compliance with PCI
 Liability for all fraud losses incurred from compromised account
numbers
 Liability for the cost of re-issuing cards associated with a
compromise of data
 Suspension of Merchant Account
• UT System Administration (UTSA) – Information Security Office
• I.T. (System & Campus)
• Chief Business Office (CBO)
• Treasurer’s Office
• Merchant (Departments)
UTSA (University of TN System Administration)
Information Security Office
- Consulting, guidance, and oversight related to PCI
compliance and IT Security controls
- Review technical implementations related to PCI
- Incident response coordination
- Quarterly security scan coordination
- Validate SAQs annually
IT Position of Authority
- Provide compliance support & consulting
- Identify & review systems in PCI scope
- Provide technical guidance
- Ensure a segmented cardholder data environment exists
Chief Business Officer
- Approve the business need for Merchant ID’s
- Attest to SAQ (signature of CBO)
- Monitor PCI compliance
Treasurer’s Office
- Oversee credit card accounting for approved merchant
- Manage the Merchant ID approval process
- Maintain the relationship with the University’s credit card
processor
Merchant (Departments)
- Complete SAQ annually
- Have internal procedures in place
- Update terminal software every 18 months
- Notify UTSA in the event of a data breach
- Financially responsible for cost associated with compliance
(Fees, fines, remediation)
All completed forms due
in Bursar’s by the close of
th
business, April, 15 , 2014
• Byron Porter 448-4847 bporter3@uthsc.edu
• Nadia Hussey 448-2914 njoneshu@uthsc.edu
Bursar’s Office
Hyman Building
62 S. Dunlap Rm. 103
Related documents
PCI DSS Primer
PCI DSS Primer
cts-software-engineer-junior
cts-software-engineer-junior
System Integration Engineer
System Integration Engineer
US Department of Defense and Intelligence Community Clients.
US Department of Defense and Intelligence Community Clients.
Software Engineer
Software Engineer
NAVIS RESOURCES – Accessible from your reporting group account. Payment Flow Diagram
NAVIS RESOURCES – Accessible from your reporting group account. Payment Flow Diagram
Payment Card Industry Security Standards
Payment Card Industry Security Standards
PCI SSC Getting Started with PCI DSS
PCI SSC Getting Started with PCI DSS
Educause+PCI+briefing+4-19-2016
Educause+PCI+briefing+4-19-2016
Data Security Standard - PCI Security Standards Council
Data Security Standard - PCI Security Standards Council
Self-Assessment Questionnaire P2PE and Attestation of Compliance
Self-Assessment Questionnaire P2PE and Attestation of Compliance
Instructions and Guidelines Document
Instructions and Guidelines Document
Download
advertisement