1 / 16

PCI Team

PCI Team. Tuesday May 21 st 2019. Agenda. Card Activity Trend Merchant compliance status 2019 Payment Card Acceptance policy and procedures QSA Services A nnual Treasury Institute PCI meeting Talech /iPad Point of Sale AmEx Acceptance

llaw
Download Presentation

PCI Team

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PCI Team Tuesday May 21st 2019

  2. Agenda • Card Activity Trend • Merchant compliance status 2019 • Payment Card Acceptance policy and procedures • QSA Services • Annual Treasury Institute PCI meeting • Talech/iPadPoint of Sale • AmEx Acceptance • Elavon Level 3 and Small Ticket Program Savings • PCI Program Audit Baker Tilly • Tagging PCI devices on the network • Security awareness training

  3. 1. University Card Activity Trend

  4. 2. Merchant Compliance Status 2019

  5. 2. Merchant Compliance Status 2019…

  6. 3. Policy and Procedures • Review policy • Review procedures

  7. 4. QSA Services • Campus Guard • Services: portal, scanning, consulting, annual visit (May 29) • Cost $16,800/year, $4200/quarter shared by (BAO, IS, Athletics, Housing/Dining, Parking, Student Life)

  8. 5. Annual Treasury Institute PCI meeting • 133 Colleges and Universities • 3G cellular terminals losing connectivity, 4G terminals coming • Strategy: P2PE, dedicated hw, SP that is MOR, anything from acquirer • Ohio State ourtsources their PCI program admin for $95K • HECVAT cloud vendor assessment tool • Common Point of Purchase CPP • Create One Drive folder for list of SPs, unit procedures… • RudolpheSimonetti Verizon Payment Security Report, Requirements 10 logging (outsource) and 11 scan and pen testing have lowest compliance. Is PCI still relevant ? • Card transaction volumes rising • Easiest data to turn to cash • P2PE and EMV help secure card present but not ecommerce

  9. 5. Annual Treasury Institute PCI meeting… • UW notified level 2 and told to be compliant by year end. Created new four person merchant services office. • U Central Florida meets with GC and PCS annually to review PCI data security addendum • Cornell 6% annual increase in card spend, PCI tabletop facilitated by Campus Guard • Bluefin does mobile P2PE w/o EMV. Have many partners certified on their gateway. • FBI, Business Email Fraud losses $1.3B in 2018 (doubled each of last 3 years). Property related losses huge in Florida. • UNC analog phone lines being replaced with VOIP so switching from dedicated hw to P2PE with NFC • Apple Card no number, uses chip and name and generates single use numbers • Princeton using Venmo (Peer2Peer) with Braintree account for alumni donations • NJ, Philly, MA ban cashless, NY and San Fran considering same

  10. 6. Talech/iPad Point of Sale • Jaqua Café • JSMA Gift Shop

  11. 7. AmEx Acceptance • Elavon made a change that made reconciling AmEx easier • Asked Elavon about cost of accepting AmEx relative to Visa/MCard • Public Sector Education interchange category lower cost • Enabled all ecommerce channels and payment card terminals mid April, Micros/FreedomPay end April 2019

  12. 8. ElavonInterchange Savings Programs • Executed two addendums to our contract with US Bank/Elavon in Dec 2018, enrolling us in Elavon’s small ticket and level 3 interchange reduction programs. • Elavon negotiated small ticket program directly with Visa and Mcard • Applies only to our parking merchant accounts, unfortunately food and beverage merchants not eligible. • Savings of $1500/month split between University Parking and Elavon

  13. 8. ElavonInterchange Savings Programs • The Level 3 program is available to all processors. Elavon enrolls any of our merchants it is able to provide level 3 three data for.

  14. 9. PCI Program Audit Baker Tilly • Audit conducted in April • Report being finalized • Will share with team • Anticipate incorporating PCI program in some way into new IS Information Security Framework

  15. 10. Tagging PCI devices • IS security team created a process for merchants to tag their devices • This gives IS visibility of card data flow on network • Helps us segment and document our Card Data Environment (CDE)

  16. 11. PCI Security Awareness Training • Merchant requirement 12.6 • Two online classes in My Track • Short version for payment processors • Longer version for business/management/IT • If SANS cyber security awareness training becomes required for all employees we could shorten the PCI versions

More Related