Add to collection(s) Add to saved
  1. Business
  2. Management

Online PCI Awareness Information

advertisement 
Langara College
PCI Awareness Training
Have you heard of PCI?
•
Due to the increase of credit card fraud and identity theft, major credit card
companies like Visa, MasterCard and Amex have formed a security council
called the Payment Card Industry Security Standards Council (PCI-SSC).
•
PCI-SSC’s mission is to enhance payment card data security to minimize
credit card fraud worldwide.
•
For more information about PCI-SSC please visit their website at:
https://www.pcisecuritystandards.org/
PCI-SSC
• The PCI Council was formed to protect cardholder data
by educating merchants & the public about PCI Security.
• PCI has established 12 high level security standards
consisting of up to 254 stringent requirements that
merchants worldwide must achieve and maintain.
Awareness is key for preventing payment card fraud!
Welcome to PCI awareness training
• Welcome to Payment Card Industry (PCI) awareness training on
secure credit and debit card handling practices at Langara College.
• PCI Data Security Standards (PCI DSS) encompasses both credit
and debit cards.
• For the purposes of this training, reference is made to payment
cards, which means both credit and debit cards.
• This training will provide you with information on what you need to
know as a Langara employee, and also how to protect your own
payment cards.
Who needs training?
To achieve and maintain PCI compliance
requirements, the following training must be
completed annually by:
– New and existing employees that handle and/or
process payment cards.
– New and existing employees that MAY come in
contact with payment card numbers or information.
You play a crucial role in protecting
Langara from credit and debit card fraud
To ensure we process payment card transactions safely
and securely, we developed this training to educate
employees on:
1.
Why credit and debit card security is important
2.
What the PCI project is all about
3.
What the risks might be if Langara experienced a breach
4.
What precautions employees should take when handling payment
card information
Have you ever thought about…
• How many credit cards you have in your wallet?
• How often you use your credit or debit card to purchase goods or
services?
• How many credit cards you process or
handle each day?
• If you’re using a credit card safely?
Why should secure payment card
handling be important to you?
•
Every year 540,400 Canadians suffer financial loss due to credit card fraud
•
The convenience of online purchasing has increased the exposure of credit card
information and personal data to hackers
•
Victims of fraud can experience huge financial losses, invasion of privacy and identity
theft
•
Safe and secure credit card handling is everyone’s responsibility
Is your information secure?
Between April and September 2014, Home Depot was hacked by unauthorized user(s)
compromising over 56 million credit cards and user accounts.
Other notable cases:
40 million
customers affected
1.16 million credit
cards affected
2.6 million credit
cards affected
36% of Canadian
companies in a
study had
experienced one
or more cyber
attacks in 2014
How do hackers steal information?
Techniques:
 Phishing - emails that direct you to enter your
personal information in a fake website that
“looks” legitimate.
 Spyware - to intercept or take control of your
computer.
 Skimming – RFID readers can be used to
create a duplicate of your credit card.
 Hacking – unauthorized access of your
computer network
How does PCI apply to my work?
College Policy establishes guidelines to protect Langara from
possible repercussions of non-compliance including:
• Revocation of credit card acceptance privileges and
resulting effects on business operations
• Fraudulent manipulation of cardholder data
• Damage to Langara’s reputation
• Potential legal issues and insurance claims
• Substantial card issuer fines
• Loss of customer trust
Help protect the college’s business and reputation
by recognizing your responsibilities in safe
credit card handling!
Why is PCI important?
•
Departments such as the Registrar’s Office, International Education, Continuing
Studies, the Bookstore and Financial Services accept credit and debit card payments.
•
To protect the Langara community, every business unit that comes into contact with
payment card transactions must follow secure card handling procedures
•
In order to continue accepting payment cards,
we must adhere to the security standards
established by the PCI Council.
Why is PCI important? (Cont’d)
94%
$100K+
$5.5M
2.35 years
of PCI DSS compliant
companies say
compliance
improves their
relationship with
business partners
Potential cost of
monthly fines for
non-compliance PCI
requirements
Average cost of a
data breach
Average time it
takes merchants to
become PCI
compliant
How do we process credit cards?
• Langara uses PIN Pads for in-person
transactions and various third-party applications
to process online credit card payments.
• A PIN Pad is an electronic device used to input
and encrypt the cardholder’s Personal
Identification Number (PIN) for debit and credit
card transactions
• PIN Pads are also know as: Stand-alone
terminals, Credit/debit machines, POS
device/Point of Sale terminal, Moneris device
Keeping our PIN Pads & Payment
Processing Equipment Secure
To help keep our PIN Pads and payment processing equipment secure:
•
Check daily to ensure the PIN Pad is safeguarded against
tampering or replacement with a fraudulent device
•
Only allow authorized staff to operate credit card handling
equipment
•
Ensure the credit card terminal truncates the card account
number so that only the last 4 digits are visible
Do Not Store Payment Card Data
NEVER save and store payment card data in:
– Electronic files such as Excel, Word, PowerPoint or email
– Shared drive folders, on your desktop or personal folders
– A document - if you write down
a credit card number, destroy
or delete it immediately after
the transaction
Phone Transactions
When accepting credit card information over the
phone, ensure:
– The credit card number is entered into a PIN Pad
device or online third party payment application
– If written down, the credit card number is destroyed
or deleted immediately after processing the
transaction
– The credit card number is not saved in a document
In-person transactions
In-person credit card payments require,
•
The credit card be present at the time of payment.
•
The credit card be inserted into the PIN Pad device if it contains chip technology and a PIN is
entered.
•
Swiping the card if it does
not have chip technology,
and a signature is provided.
•
That credit card numbers not
be manually entered into a
PIN Pad device for in-person
transactions.
Keeping current on PCI
It is important for all Langara employees that handle or may come in contact with credit
card information to keep up with any changes that effect credit card security by reviewing
this online information annually.
Langara has current policy and procedures for handling credit and debit cards
(http://www.langara.bc.ca/departments/financial-services/procedures.html)
The best way to ensure you’re up to date is to visit Langara’s PCI website
(http://www.langara.bc.ca/departments/financial-services/pci-standards.html). You can
also check out the PCI website at: https://www.pcisecuritystandards.org/
If you are aware of any areas or new processes where cardholder data exists and/or is
not being adequately secured please talk to your manager and review Langara’s current
policy and procedures (see link above).
Keeping current on PCI:
PCI Project
The project objectives are to ensure Langara is compliant with PCI requirements by
implementing new, or enhancing current processes to secure credit and debit card
transactions.
One of the strategies for PCI compliance is to outsource the processing of credit card
information to a third party, which reduces the work that Langara must do to ensure
compliancy.
If a credit card breach were to occur, the consequences will affect all business units within the
college.
Current project status (as of July 2015):
•
•
•
•
Initial assessment complete
Analysis and documentation of non-compliant areas complete
Employee Security awareness training started in Fall 2015
Analysis and implementation of solutions for non-compliant areas in progress
For more information, please visit the project website: http://www.langara.bc.ca/informationtechnology/projects/pci.html
Congratulations!
•
You have completed your annual PCI online awareness information
review.
•
By reviewing this online module you acknowledge and understand the
information presented.
•
If you have any questions regarding the information provided in this
online module or do not understand the implications of the policy, please
contact Financial Services.
Related documents
cts-software-engineer-junior
cts-software-engineer-junior
System Integration Engineer
System Integration Engineer
US Department of Defense and Intelligence Community Clients.
US Department of Defense and Intelligence Community Clients.
US Department of Defense and Intelligence Community Clients.
US Department of Defense and Intelligence Community Clients.
Cloud Developer (Java)
Cloud Developer (Java)
transradial percutaneous coronary angioplasty
transradial percutaneous coronary angioplasty
Download
advertisement