Document Sample
Credit_and_Debit_Card_Acceptance_Policy_and_eTransact Powered By Docstoc
					Presented by : Vivian Eberhardt, Supervisor Cash and
                  Credit Operations
 Credit and Debit Card         eTransact
 Acceptance and                    Overview of eTransact
 Electronic Commerce                application
 Policy                            Benefits of using
   Why do we need a                eTransact
    policy?                        How to get started
   What is PCI DSS?               Questions
   Highlights of the policy
   Plan for validating PCI
    DSS compliance
   Questions
    Why do we need a policy?
 The use of credit and debit cards as the preferred
 method of payment continues to grow

 Schools and departments increasingly want the ability
 to accept credit and debit cards, particularly by
 utilizing e-commerce (internet based transactions)

 Policy provides the guidelines and expectations for
 schools and departments that accept credit and debit
 cards as a method of payment including the need for
 PCI DSS compliance
              What is PCI DSS?
 Payment Card Industry Data Security Standard
 It is a “set of comprehensive requirements developed by
  American Express, Discover Financial Services, JCB
  International, MasterCard Worldwide and Visa Inc. Inc.
  International, to facilitate the adoption of consistent data
  security measures on a global basis.”
 The PCI DSS is intended to help organizations proactively
  protect customer account data.
 The PCI DSS is managed by the PCI Security Standards
  Council. The Council will modify the PCI DSS as needed
  to keep pace with emerging payment security risks.
      High Level Look at the PCI DSS
At its core, the
PCI DSS is really
based on the best
network security
and information
security that
departments and
schools already
  High Level Look at the SAQs
questionnaire –
4 different SAQs,
your business
process will
determine which
SAQ you
               Policy Highlights
 Each school or department is responsible for policy
  compliance. A main contact responsible for compliance
  must sign the policy acknowledgement form and return to
  Cash and Credit Operations

 Merchant ID numbers and/or electronic commerce
  capabilities must be obtained from Cash and Credit
  Operations. eTransact is the preferred method of
  processing electronic commerce transactions

 Only the Controller’s Office can authorize the use of a
  convenience fee. The University does not accept credit or
  debit cards for tuition payments
         Policy Highlights (cont.)
 Complete annual PCI DSS questionnaire (SAQ)
 Develop remediation plans for any compliance issues
 Background checks for employees functioning as cashiers
    with access to one card number at a time while facilitating
    a transaction is a recommendation only
   Background checks are required for employees with access
    to multiple card account numbers at one time
   Review third party contracts for PCI DSS compliance
   Report potential security breaches according to the
    Security Breach Response referenced in the policy
   Read and enforce the twelve requirements of the PCI DSS
        Plan for PCI DSS compliance
 Finalized credit and debit card acceptance and e-commerce
   Selected an approved scanning vendor (ASV) to perform
    required quarterly network scans (Coalfire)
   Selected vendor for eTransact (CASHNet)
   In 2010, we will require campus merchants to provide us
    with completed SAQs
   Once, we have completed SAQs and quarterly scans, we
    will submit to our merchant bank to validate compliance
   Questions?
 eTransact is the preferred method of electronic
  commerce at the University. We have partnered with a
  PCI DSS compliant third party vendor to process credit
  and debit card transactions for the University.

 Public Affairs has created a website for eTransact that
  can provide information to schools and departments
  as well as to customers.

   Benefits of eTransact
 Transactions processed through eTransact do not
  require receipt vouchers to be completed. There is a
  direct feed to AIS overnight to post the income to your
  general ledger account
 Storefronts can be setup quickly with little use of your
  technology resources
 Reporting tools, report groups, customizable pages
 Unlimited license for storefronts and checkouts
 Benefits of eTransact (cont.)
 No monthly fee or cost to activate - normal credit card fees still

 Two different types of applications possible
    Storefront – website/application/form hosted on third party site
    Checkout – website/application/form hosted on Washington
     University servers, but customer passed to third party to enter credit
     card data

 Helps to achieve PCI DSS compliance by limiting the scope of
  PCI, keeping sensitive data off WU networks, and not storing
  cardholder data

            How to get started
 Read the Credit and Debit Card Acceptance & Electronic
  Commerce Policy
 Your department’s business manager (or equivalent) will be
  responsible for ensuring compliance with the policy and
  compliance with PCI DSS requirements
 The business manager (or equivalent) must sign the
  acknowledgement at the end of the Credit Card Acceptance
  and Electronic Commerce Policy indicating their
  understanding of the requirements
 Complete the application for merchant ID (PDF) found at
  ml and return to Cash and Credit Operations – Campus
  Box 1147
Examples and Current Status
 Ten departments live with eTransact – five storefront
  and five checkout
 Five departments under construction
 Cashiering module is the next phase we will consider.
  This will allow similar processing only for point of sale
  machines as opposed to electronic commerce

 Questions?

Shared By: