Welcome
Welcome to the Credit Card Processing Security course.
As someone involved in payment card transactions, at least once per year, you must complete awareness education about the Data Security Standard (or DSS) developed by the Payment Card Industry (or PCI) Security Standards Council.
At the end of this course, you should be able to:
☐ State the importance of payment card information security for the University
☐ Describe the consequences of non-compliance
☐ Identify the best practices required to keep sensitive information secure and how to apply them.
Purpose
The purpose of this course is to familiarize you with payment card security standards.
It is important to understand that the threat of a data breach to the University is real and has serious consequences. With a rich trove of customer data, student data, and research information, colleges and universities are a top target for cyber criminals. As these criminals have started to become more and more successful in hacking universities, they become an even larger target.
A university that suffers a data breach that includes payment card information has a long road ahead of them, including an average of $245 per record stolen. With only 100,000 records stolen, which would be a small drop in the bucket for the University, the fines, fees, and other costs could total well over $25 million dollars.
More importantly, the University’s reputation is on the line. Seeing the University’s name in the headlines for a data breach impacts the confidence of our students, parents, alumni, and community.
Fortunately, the University is investing in this training to help prevent a data breach on campus. By understanding and adhering to the PCI compliance standards, we can work together to protect our customer’s cardholder data and, in turn, protect the University.
Table of Contents
Card Handlers
Managers/Supervisors
IT Staff
Treasury Operations
2. What is PCI DSS?
PCI DSS Defined
PCI DSS Requirements
Cardholder Data Defined
Point-to-Point Encryption (P2PE)
3. How to Comply
Handling Payments...
In Person
By Phone
By mail, fax, or email
Online
Managing Operations...
Check Devices for Tampering
Monitor for Fraud and
Security Breaches
Maintain a Security Policy
Report security incidents
4. Conclusion
What Happens If You Don’t Comply
with Security Standards?
What are your next steps?
Resources
Attestation