Credit Cards Merchant Information - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

Credit Cards Merchant Information

Description:

104 Airport Dr, Suite 3200 T 919.962.1363. Campus Box 1270 F 919.962.4140 ... State of NC Contract with SunTrust Merchant Services (First Data Merchant Services) ... – PowerPoint PPT presentation

Number of Views:133
Avg rating:3.0/5.0
Slides: 25
Provided by: unc
Category:

less

Transcript and Presenter's Notes

Title: Credit Cards Merchant Information


1
Credit Cards -Merchant Information
  • Finance Division Training Workshop
  • April 26, 2006

2
Stan Koziol, CPAFinancial Controls Manager104
Airport Dr, Suite 3200 T
919.962.1363Campus Box 1270
F 919.962.4140Chapel Hill, NC
27599-1270stan_at_unc.edu
http//www.unc.edu/finance/controller/fc/

3
TODAYS AGENDA
  • Merchants at UNC Chapel Hill
  • Master Service Agreement
  • PCI Data Security Standard
  • Whats Next?

4
UNC Chapel Hill Environment
  • merchant IDs 130 and rising
  • Admissions
  • Undergraduate
  • Graduate
  • Professional Schools
  • Cashiers
  • OneCard
  • Various Centers
  • Performing Arts

5
INTERESTING MERCHANTS
  • Mouse Distribution
  • Society of International Limnology ????

6
LIMNOLOGY
  • The scientific study of the life and phenomena of
  • fresh water, especially lakes and ponds.

7
TYPES OF PROCESSING
  • Point of Sale (POS) Swipe Terminal
  • POS Terminal (software)
  • Yahoo Storefront
  • Proprietary Internet Site

8
CREDIT CARD PROCESSING SERVICE
  • State of NC Contract with SunTrust Merchant
    Services
  • (First Data Merchant Services)

9
Payment Card IndustryData Security Standard (PCI
DSS)
10
Who Made the Rules?
  • PCI Payment Card Industry
  • Requirements of Visa MasterCard
  • Effective June, 2005

11
PCI Security Standard
Reference USA VISA.com
12
Target-Rich Environment
  • Universities typically function in a
    decentralized manner
  • University networks contain vast amounts of
    personal information
  • Universities cultivate free exchange of ideas
  • Universities are vulnerable to internal attacks
    from pool of technologically savvy individuals
    (primarily students)
  • Reference Ambiron TrustWave, Payment Card
    Information Security for Higher Education

13
Forecast for 2006
  • Data Security Breaches Despite best efforts,
    there are likely to be more security-related
    issues affecting credit cards in 2006. While
    these breaches do not reflect poorly on PCI from
    a technical or enforcement standpoint, they are
    likely to continue and result in additional
    scrutiny of the industry's efforts to secure
    payment data. Moreover, the media tends to
    "sex-up" these incidents by labeling any
    situation that results in the theft or loss of
    sensitive information from credit card data to
    social security numbers as "identify theft."
    While assuming someone else's identity is a
    serious offense and is on the increase in our
    society, it is a distinctly different crime from
    breaking into a database of credit card numbers
    and seeking to profit from that information
    through fraud. Regardless, data security breaches
    are going to continue to make headlines.
  • Reference AmbironTrustWave Trusted News

Reference Brian Koerner, Identity Theft
14
Compliance Penalties
  • Loss or theft of account information
  • A member or the member's service provider, or a
    merchant or the merchant's service provider must
    immediately report the suspected or confirmed
    loss or theft of any material or records that
    contain Visa cardholder data.
  • If a member knows or suspects a security breach
    with a merchant or service provider, the member
    must take immediate action to investigate the
    incident and limit the exposure of cardholder
    data.
  • If a Visa member fails to immediately notify Visa
    USA Fraud Control of the suspected or confirmed
    loss or theft of any Visa transaction
    information, the member will be subject to a
    penalty of 100,000 per incident.
  • Members are subject to fines, up to 500,000 per
    incident, for any merchant or service provider
    that is compromised and not compliant at the time
    of the incident.
  • Safe Harbor
  • Safe harbor provides members protection from Visa
    fines and compliance exposure in the event its
    merchant or service provider experiences a data
    compromise. To attain safe harbor status
  • A member, merchant, or service provider must
    maintain full compliance at all times, including
    at the time of breach as demonstrated during a
    forensic investigation.
  • A member must demonstrate that prior to the
    compromise their merchant had already met the
    compliance validation requirements, demonstrating
    full compliance.
  • It is important to note that the submission of
    compliance validation documentation, in and of
    itself, does not provide the member safe harbor
    status. The entity must have adhered to all the
    requirements at the time of the compromise.

Reference USA VISA.com
15
PCI Compliance Committee
Joint effort between University Controllers
Office and Information Technology Services
16
WHATS NEXT ?
  • Policies and Procedures
  • New University Contact
  • Training
  • Self Assessment

17
SUMMARY
  • Wide variety of merchants at UNC Chapel Hill
  • Mandated to use the State contract for credit
    card processing
  • Achieving compliance to the PCI Standard is a
    priority and represents a high risk area
  • Announcement of new Policies and Procedures
  • Training and Self Assessments will be available

18
The Goal!
19
More Information?
  • Visit the
  • Credit Cards - Merchant Information Site
  • linked from the Controllers Office page.
  • http//www.unc.edu/finance/controller/

20
(No Transcript)
21
Questions?
22
FRAUD REPORT QUIZ
  • True or False
  • Most frauds are detected by audits and internal
    controls.
  • FALSE
  • Tips

23
SUSPECT FRAUD ?
  • Contact
  • UNC Chapel Hill Internal Audit Department
  • Office of the State Auditor Hotline
  • (800) 730-TIPS

24
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com