1 / 11

Accounting and Financial Services

Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council. Accounting and Financial Services. What is PCI-DSS?. PCI-DSS is an acronym for the Payment Card Industry-Data Security Standard

wardah
Download Presentation

Accounting and Financial Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services

  2. What is PCI-DSS? • PCI-DSS is an acronym for the Payment Card Industry-Data Security Standard • PCI DSS is the global data security standard that any business of any size must adhere to in order to accept payment cards, and to store, process, and/or transmit cardholder data.

  3. About the Council • The Payment Card Industry Security Standards Council, or PCI SSC – often termed simply “the Council” – is an open global forum, launched in 2006, that develops, maintains and manages the PCI Security Standards, which include the Data Security Standard (DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) Requirements. • The Council’s five founding global payment brands -- American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc. • The Council does NOT validate or enforce any organization’s compliance with its PCI Security Standards, nor does it impose penalties for non-compliance. These areas are governed by the payment brands and their partners.

  4. PCI-DSS Requirements

  5. Merchant Levels

  6. Report on Compliance • The Report on Compliance (ROC) is produced during onsite PCI DSS assessments as part of an entity’s validation process. • The ROC provides details about the entity’s environment and the assessment methodology, and documents the entity’s compliance status for each PCI DSS Requirement.

  7. UCD/UCDHS Level 2 Merchant • 2,508,716 combined transactions processed 2013 • $129,479,579.00 in sales processed in 2013 • UCD is the 2ndLargest in UC System • UCLA and UCSD are also Level 2 Merchants • 203 Merchants must comply collectively with the PCI-DSS

  8. PCI Merchant Types and SAQ (Self Assessment Questionnaire) 5 Different SAQ Forms; each drives to higher levels of validation complexity UCD/UCDHS have a combined 203 merchants • SAQ “A” Fully Outsourced Merchant (47) • SAQ “B” Dial-Out Terminal, Card Imprint Merchant (146) • SAQ “C” Internet Connected Payment Application Merchant (3) • SAQ “C-VT” Internet Connected Virtual Terminal Merchant (4) • SAQ “D” All Others (POS Point of Sale System) (3)

  9. PCI NON-Compliance • The fines can vary based on level of non-compliance • Visa/MC have the discretion to determine those fines • Visa/MC have indicated that UCD could be required to pay $5000.00 per month in fines for every month of non-compliance

  10. UCD Credit Card Breach Impact • Average cost per credit card compromised is $188.00 • Significant fees, fines, and penalties • Cost of Forensic Audit • Litigation • Regulatory notification requirements • Negative image for UC Davis brand

  11. Campus Compliance Efforts • Sylvia Montgomery (University Cashier & Credit Card Coordinator) is leading our compliance efforts. • Coalfire, our QSA, is working with our largest merchants on gap analysis reports. • Merchants are addressing risks and preparing for the ROC. • The ROC is scheduled for early October.

More Related