1 / 17

PCI Compliance

PCI Compliance. Data Security Standard. Points of Interest. What Is PCI ? Who Does I t Apply T o ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?. What is PCI ?. PCI ( Payment Card Industry )Standards Council

magee
Download Presentation

PCI Compliance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PCI Compliance Data Security Standard

  2. Points of Interest • What Is PCI ? • Who Does It Apply To ? • Who Is Involved With the Compliance Process ? • How We Can Stay Compliant ?

  3. What is PCI ? PCI (Payment Card Industry)Standards Council Responsible for the development, management, education, and awareness of the PCI Security Standards, including the Data Security Standard (PCI DSS) requirements.

  4. PCI’s Purpose • Manage risk associated with credit card activity • Protect card data • Avoid Punitive measures/damages • Minimize cost for non-compliance

  5. Who Does PCI Apply To? • Standard applies to: - Merchants (Departments) - Service Providers (3rd Party, Gateways) • Applies if you: - Store Cardholder Data - Transmit Cardholder Data - Process Cardholder Data • Applies to: - Electronic Transactions - Paper Transactions

  6. How Do We Comply? Complete the PCI Self- Assessment Questionnaire (SAQ) • Ensures Cardholder Data Is protected - Encrypt Transmission of data • Implements Strong Access Controls - Restrict physical access to data • Maintain Security Policy - Policy that addresses information security for all personnel

  7. Why Do We Comply ? UT Merchants and Usage - UT has over 125 merchants University Wide - Over 960,000 transactions - $165 Million in revenue Potential Fee Assessments • $500,000 per data security incident • $50,000 per day for non-compliance with PCI • Liability for all fraud losses incurred from compromised account numbers • Liability for the cost of re-issuing cards associated with a compromise of data • Suspension of Merchant Account

  8. Major Players • UT System Administration (UTSA) – Information Security Office • I.T. (System & Campus) • Chief Business Office (CBO) • Treasurer’s Office • Merchant (Departments)

  9. Compliance Roles UTSA (University of TN System Administration) Information Security Office • Consulting, guidance, and oversight related to PCI compliance and IT Security controls • Review technical implementations related to PCI • Incident response coordination • Quarterly security scan coordination • Validate SAQs annually

  10. Compliance Role IT Position of Authority • Provide compliance support & consulting • Identify & review systems in PCI scope • Provide technical guidance • Ensure a segmented cardholder data environment exists

  11. Compliance Role Chief Business Officer • Approve the business need for Merchant ID’s • Attest to SAQ (signature of CBO) • Monitor PCI compliance

  12. Compliance Role Treasurer’s Office • Oversee credit card accounting for approved merchant • Manage the Merchant ID approval process • Maintain the relationship with the University’s credit card processor

  13. Compliance Role Merchant (Departments) • Complete SAQ annually • Have internal procedures in place • Update terminal software every 18 months • Notify UTSA in the event of a data breach • Financially responsible for cost associated with compliance (Fees, fines, remediation)

  14. Please Post Near Terminal

  15. SAQ Deadline All completed forms due in Bursar’s by the close of business, April, 15th, 2014

  16. Contacts • Byron Porter 448-4847 bporter3@uthsc.edu • Nadia Hussey 448-2914 njoneshu@uthsc.edu Bursar’s Office Hyman Building 62 S. Dunlap Rm. 103

  17. Questions ?

More Related