This document provides training on proper handling of credit card information according to PCI compliance standards. It begins with an overview of why security is important when processing credit cards due to the sensitive customer information involved. It then outlines 10 rules for securing credit card data, such as not processing cash refunds, matching signatures, and securely storing documents with cardholder data. The document educates on parts of the credit card like the PAN and CVV2 numbers to help verify identities during transactions.
Data Breach Prevention - Start with your POS Terminal!Halo Metrics
2015 is a year of major changes in the US credit card and payment industry. There are new regulations for PCI compliance and a liability shift for businesses that do not upgrade their payment system to CHIP technology. Halo Metrics has been working with retailers and business to protect POS terminals from attacks and fraud attempts. Review our presentation for more information about this crime and what you can do to prevent it. Visit our websites below as well:
www.halometrics.com | stopdatabreach.today
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 3 Electronic Payment System)
Payment in Ecommerce/Mcommerce
Traditional vs. Electronic Payment System
Credit Card
Debit Card
Smart Card
Charge Card
Net Banking
Electronic Fund Transfer (EFT)
E-Wallet
RuPay
Data Breach Prevention - Start with your POS Terminal!Halo Metrics
2015 is a year of major changes in the US credit card and payment industry. There are new regulations for PCI compliance and a liability shift for businesses that do not upgrade their payment system to CHIP technology. Halo Metrics has been working with retailers and business to protect POS terminals from attacks and fraud attempts. Review our presentation for more information about this crime and what you can do to prevent it. Visit our websites below as well:
www.halometrics.com | stopdatabreach.today
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 3 Electronic Payment System)
Payment in Ecommerce/Mcommerce
Traditional vs. Electronic Payment System
Credit Card
Debit Card
Smart Card
Charge Card
Net Banking
Electronic Fund Transfer (EFT)
E-Wallet
RuPay
Dealing with the hassles of credit card fraud or identity theft can be frustrating and time consuming. This training will provide tips on how to protect yourself, your clients and your loved ones.
A slang phrase for credit cards, especially when such cards used to make purchases. The "plastic" portion of this term refers to the plastic construction of credit cards, as opposed to paper and metal of currency. The "money" portion is an erroneous reference to credit cards as a form of money, which they are not. Although credit cards do facilitate transactions, because they are a liability rather than an asset, they are not money and not part of the economy's money supply.
source:net
THIS EXPLAINS THE INTERNET BANKING AND ITS JOURNEY IN INDIA, BENEFITS OF INTERNET BANKING, OBJECTIVES OF INTERNET BANKING IN INDIA, INTERNET BANKING BOOM, PROCESS OF INTERNET BANKING
Dealing with the hassles of credit card fraud or identity theft can be frustrating and time consuming. This training will provide tips on how to protect yourself, your clients and your loved ones.
A slang phrase for credit cards, especially when such cards used to make purchases. The "plastic" portion of this term refers to the plastic construction of credit cards, as opposed to paper and metal of currency. The "money" portion is an erroneous reference to credit cards as a form of money, which they are not. Although credit cards do facilitate transactions, because they are a liability rather than an asset, they are not money and not part of the economy's money supply.
source:net
THIS EXPLAINS THE INTERNET BANKING AND ITS JOURNEY IN INDIA, BENEFITS OF INTERNET BANKING, OBJECTIVES OF INTERNET BANKING IN INDIA, INTERNET BANKING BOOM, PROCESS OF INTERNET BANKING
This infographic depicts the relationship of Student Learning Outcomes/Objectives SLOs with the measurable objectives and course content for Las Positas College CNT 54 Administering Windows Client. This course aligns with Microsoft exam 70-698 Installing and Configuring Windows 10.
In a 2009 poll "PCI Compliance" was found to be the most boring two-word combination in the English language. Building applications that stand up to the Machiavellian standards that are PCI compliance is just the beginning. The rest will put you to sleep; and could put you out of business!
The aim of this talk is to "hipsterify" PCI standards and create application toolkits that make passing PCI a breeze.
This talk will be exciting, fast paced, and humorous. It won't, however, make PCI fun.
Are you trying to wrap your head around PCI security requirements, how to securely manage payment card data and what types of credit card fraud to watch out for? This session is for you!
Learn more about the implications of PCI-DSS requirements, best practices around securely storing credit card data and how to put tools in place to prevent costly (and frustrating) credit card fraud at your organization. Be prepared, get informed and don’t let the bad guys win!
PRESENTER
Patricia O'Connor – Partner Account Manager
iATS Payments (@iATSPayments) provides payment processing products and services to over 10,000 nonprofit organizations around the world. It 's not one of the things we do - it's the only thing we do
This session will provide information on some common fraud schemes relevant to most entities and provide examples of controls you can implement in your organization to decrease the risk of fraud. We will also provide an overview of the Internal Control Guidelines issued by the State Controller's Office.
Presenters David Alvey, CPA Audit Partner and Katherine Yuen, CPA, Audit Partner
Conversational Commerce and Magento 2: Breaking new ground with Facebook, Ale...Phillip Jackson
In this presentation given at ZendCon 2016 I detail the approach to building worthwhile conversational commerce experiences for Alexa and Facebook Messenger on Magento 2.
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Lane Huff
I'm Cuckoo for Malware provides an introductory overview to Cuckoo Sandbox and Malware Analysis. This talk walks through discussing different types of malware and what they do, to explaining how Cuckoo Sandbox works and how to get the best results from it. The talk will cover how to harden your sandbox against Malware authors attempts to avoid analysis and give ideas for listeners wanting to set up custom environments of their own. The goal of the talk is to allow listeners with enough information so that they can begin analyzing malware in their own Cuckoo-based sandbox environment.
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Accepting card payments means never turning away a customer again. However, too many small business owners are missing out because they don't know where to get started. This free guide explains all you need to know to get going with card payments for your business.
Small Businesses: Tips to Avoiding Fraudulent Chargebacks- Mark - Fullbright
Compiled and designed by Mark Fullbright , Certified Identity Theft Risk Management Specialist™ (CITRMS) as a free guide for merchants to protect themselves online & POS and to reduce their exposure to chargebacks and losses due to fraud.
• Company names mentioned herein are the property of, and may be trademarks of, their respective owners and are for educational purposes only.
Guide to Understanding Credit Card Processing for MerchantsChloeBeckham
How important are credit card sales to your business's growth? Our credit card processing guide will help you understand how to accept credit cards and what to look for in a credit card processor.
veryone's heard about the Target breach at the end of last year; some of you may have been affected. One way to understand this breach - to borrow a phrase from Deep Throat talking about the Watergate Scandal in "All The President's Men" - is to follow the money.
This webinar will do that. It will detail what we know about the Target breach and how it happened. But it will place particular emphasis on the money trail - not only in terms of how the bad guys turn the data into cash, but also who ends up footing the bill, the role insurance can play, the likelihood of lawsuits, and so on. As such, this webinar represents a powerful opportunity to learn what really goes down as a breach unwinds from a respected professional who has been in the trenches for decades.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Mark Rasch, Chief Privacy Officer, SAIC
This graphic explains what PCI compliance is, that is required for all companies that accept credit card transactions, and outlines the PCI Compliance Process.
Similar to Payment Card Cashiering for Local Governments 2016 (20)
Cybersecurity is important for local government. Understand the reasons why cybersecurity is so important for local governments. Includes statistics on cyber crime.
Ransomware is a threat that is growing exponentially is your organization ready? Learn what we know about the perpetrators, what they typical attack vectors are, who the typical victims are. What step you can take to protect and mitigate the risk along with the cost considerations. We will also cover some alarming statistics and predictions for the future.
2016 Maze Live Changes in Grant Management and How to Prepare for the Single ...Donald E. Hester
Are you ready for the new Single Audit rules and requirements? In this session, we will go over the new Uniform Guidance to Federal Awards with a high level background and overview on the latest updates on the new single audit requirements. We will discuss how the Uniform Guidance will affect the planning considerations for year-end single audits. We will also discuss how you can successfully prepare for the single audit and comply with the new Uniform Guidance for Federal Awards.
Presenters Nikki Apura, Audit Supervisor and Mark Wong, CPA, Audit Partner
2016 Maze Live Cyber-security for Local GovernmentsDonald E. Hester
Is your organization doing enough to reduce the risk of cyber threats? Cyber-security is more than compliance with credit card processing. What risks does your organization have? Cyber-security is a prime concern today and in this session we will cover what local governments can do to reduce risk. Presenter Donald E. Hester, CISA, CISSP, Director
How did your implementation go last year? In this session, we will cover issues that we or our clients encountered during the implementation of GASB 68 and 71. We will also cover anticipated challenges, new information from actuaries, as well as sample journal entries in this first year after implementation. Presenter Amy Myer, CPA, Audit Partner
Implementing GASB 72: Fair Value Measurement and ApplicationDonald E. Hester
In this session, we identify the impacts of GASB 72 for financial statement presentation purposes and be exposed to updated footnote tables and other pertinent footnote disclosures. Other topics include: valuation techniques, reporting requirements and definitions related to the Statement. Presenters Cody Smith, CPA, Audit Supervisor and Amy Myer, CPA, Audit Partner
Are you wondering what is down the pike for GASB implementation? In this session we will cover the new GASB pronouncements for the upcoming years, including those addressing tax abatement disclosures and retiree healthcare benefits. Presenter David Alvey, CPA Audit Partner
Annual Maze Live Event 2016 – GASB Updates & Best Practices Donald E. Hester
Hosted by the City of San Leandro
Topics covered:
GASB Update
Implementing GASB 72: Fair Value Measurement and Application
GASB 68 and 71 Planning for the Second Year
Cyber-security for Local Governments
Changes in Grant Management and How to Prepare for the Single Audit
Fraud Environment
Presentation by Jared Jageler, David Adler, Noelia Duchovny, and Evan Herrnstadt, analysts in CBO’s Microeconomic Studies and Health Analysis Divisions, at the Association of Environmental and Resource Economists Summer Conference.
Jennifer Schaus and Associates hosts a complimentary webinar series on The FAR in 2024. Join the webinars on Wednesdays and Fridays at noon, eastern.
Recordings are on YouTube and the company website.
https://www.youtube.com/@jenniferschaus/videos
ZGB - The Role of Generative AI in Government transformation.pdfSaeed Al Dhaheri
This keynote was presented during the the 7th edition of the UAE Hackathon 2024. It highlights the role of AI and Generative AI in addressing government transformation to achieve zero government bureaucracy
Russian anarchist and anti-war movement in the third year of full-scale warAntti Rautiainen
Anarchist group ANA Regensburg hosted my online-presentation on 16th of May 2024, in which I discussed tactics of anti-war activism in Russia, and reasons why the anti-war movement has not been able to make an impact to change the course of events yet. Cases of anarchists repressed for anti-war activities are presented, as well as strategies of support for political prisoners, and modest successes in supporting their struggles.
Thumbnail picture is by MediaZona, you may read their report on anti-war arson attacks in Russia here: https://en.zona.media/article/2022/10/13/burn-map
Links:
Autonomous Action
http://Avtonom.org
Anarchist Black Cross Moscow
http://Avtonom.org/abc
Solidarity Zone
https://t.me/solidarity_zone
Memorial
https://memopzk.org/, https://t.me/pzk_memorial
OVD-Info
https://en.ovdinfo.org/antiwar-ovd-info-guide
RosUznik
https://rosuznik.org/
Uznik Online
http://uznikonline.tilda.ws/
Russian Reader
https://therussianreader.com/
ABC Irkutsk
https://abc38.noblogs.org/
Send mail to prisoners from abroad:
http://Prisonmail.online
YouTube: https://youtu.be/c5nSOdU48O8
Spotify: https://podcasters.spotify.com/pod/show/libertarianlifecoach/episodes/Russian-anarchist-and-anti-war-movement-in-the-third-year-of-full-scale-war-e2k8ai4
Many ways to support street children.pptxSERUDS INDIA
By raising awareness, providing support, advocating for change, and offering assistance to children in need, individuals can play a crucial role in improving the lives of street children and helping them realize their full potential
Donate Us
https://serudsindia.org/how-individuals-can-support-street-children-in-india/
#donatefororphan, #donateforhomelesschildren, #childeducation, #ngochildeducation, #donateforeducation, #donationforchildeducation, #sponsorforpoorchild, #sponsororphanage #sponsororphanchild, #donation, #education, #charity, #educationforchild, #seruds, #kurnool, #joyhome
What is the point of small housing associations.pptxPaul Smith
Given the small scale of housing associations and their relative high cost per home what is the point of them and how do we justify their continued existance
A process server is a authorized person for delivering legal documents, such as summons, complaints, subpoenas, and other court papers, to peoples involved in legal proceedings.
Payment Card Cashiering for Local Governments 2016
1.
2.
3.
4. While processing credit cards
you will be exposed to a lot of
sensitive information.
This training will show you how
to handle credit card
information in a safe and
secure manner.
5. Albert Gonzalez, 28
With accomplices, he was involved in data
breaches of most of the major data breaches:
Heartland, Hannaford Bros., 7-Eleven, T.J.
Maxx, Marshalls, BJ’s Wholesale Club,
OfficeMax, Barnes & Noble, Sports Authority,
Dave & Busters, Boston Market, Forever 21,
DSW and others.
Customers trust that we will
keep their account
information safe from crooks
like these.
17. 1. Securing the IT environment
2. Managing and retaining data
3. Managing IT risk and compliance
4. Ensuring privacy
6. Managing System Implementations
7. Preventing and responding to computer fraud
10. Managing vendors and service providers
http://www.aicpa.org/InterestAreas/InformationTechnology/Resources/TopTechnologyInitiatives/Pages/2013TTI.aspx
Orange text are all
PCI related
20. Data Element Storage
Permitted
Protection
Required
PCI DSS 3.4
Cardholder
Data
Primary Account
Number (PAN)
Yes Yes Yes
Cardholder Name Yes Yes No
Service Code Yes Yes No
Expiration Date Yes Yes No
Sensitive
Authentication
Data
Full Magnetic
Stripe Data
No N/A N/A
CVC2 / CVV2 / CID
/ CAV2
No N/A N/A
PIN / PIN Block No N/A N/A
21. • Acquirer (Merchant Bank)
Bankcard association member that initiates
and maintains relationships with merchants
that accept payment cards
• Hosting Provider
Offer various services to merchants and
other service providers.
Card Brand
Acquirer
Hosting
Provider
Merchant
Cardholder
22. Maintain standards for PCI
to provide quarterly scans
Card
Brands
PCI SSC
QSA
ASV
23.
24. Own and manage PCI DSS, including maintenance, revisions,
interpretation and distribution
Define common audit requirements to validate compliance
Manage certification process for security assessors and network
scanning vendors
Establish minimum qualification requirements
Maintain and publish a list of certified assessors and vendors
32. Merchants may be subject to fines by the card associations if deemed
non-compliant. For your convenience fine schedules for Visa and
MasterCard are outlined below. (Banks no longer publish fines)
http://www.firstnationalmerchants.com/ms/html/en/pci_compliance/pci_data_secur_stand.html
33.
34.
35. Category Criteria Requirements Compliance date
Level 1
•Any merchant that has suffered a hack or an attack that resulted in
an account data compromise
•Any merchant having more than six million total combined
MasterCard and Maestro transactions annually
•Any merchant meeting the Level 1 criteria of Visa
•Any merchant that MasterCard, in its sole discretion, determines
should meet the Level 1 merchant requirements to minimize risk to
the system
•Annual Onsite Assessment1
•Quarterly Network Scan conducted by an ASV2 30 June 20123
Level 2
•Any merchant with more than one million but less than or equal to
six million total combined MasterCard and Maestro transactions
annually
•Any merchant meeting the Level 2 criteria of Visa
•Annual Self-Assessment4
•Onsite Assessment at Merchant Discretion4
•Quarterly Network Scan conducted by an ASV2
30 June 20124
Level 3
•Any merchant with more than 20,000 combined MasterCard and
Maestro e-commerce transactions annually but less than or equal to
one million total combined MasterCard and Maestro e-commerce
transactions annually
•Any merchant meeting the Level 3 criteria of Visa
•Annual Self-Assessment
•Quarterly Network Scan conducted by an ASV2 30 June 2005
Level 4 •All other merchants5 •Annual Self-Assessment
•Quarterly Network Scan conducted by an ASV2 Consult Acquirer
60. • Clearly primary account number (16 digit PAN)
• Valid thru date
• Holographic security emblem
• Card logo (Visa)
• Cardholder's name
(Click on the credit card to check your answers)
Look at the above card. Can you find
each of the parts listed below?
Front side of card
First, lets look at the
front side of a typical
credit card.
Valid thru date
Holographic
emblem
Card logo
PAN
61. Now, look at the back
side of a credit card.
• Signature panel
• A 3 digit security code also called the
CVV2 number
• Magnetic stripe
(Click on the credit card to check your
answers)
Can you find each of the parts listed
below on the above card?
Back side of card
CVV2
Signature
Panel
Magnetic Strip
62.
63. Have you ever
wondered what
is encoded in the
magnetic strip? • Cardholder name and address
• Account number
• Expiration date
• Special security information to detect
fraudulent cards
Once the card is swiped, this
information is electronically
relayed to the card issuer, who
then uses it to authorize the sale.
The magnetic strip contains:
64.
65.
66.
67. Now that you know the
anatomy for Discover,
MasterCard, and Visa
cards, lets explore
American Express
card.
CID Code
The American Express card has the same safety
features as Discover, MasterCard and Visa, but a
little different structure.
The American Express's equivalent to the 3 digit
CVV2 security code is a 4 digit CID security code
which appears on the face of the card.
American Express Card
68. The Security number
ensures the caller actually
has a credit card in hand
when making the
purchase.
CVV2/CID number
When a customer physically hands you their card
and you swipe it in a credit card terminal, you will
not need to use the security number. This is
because when swiped through the card reader, the
terminal reads and transmits data from the
magnetic stripe which includes the CVV2/CID
security code.
CAV2/CVC2/CVV2/CID
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80. Check out these 10
rules for credit card
security.
Credit Card Security Rules
1. Do not process transaction for other businesses or entities.
2. Don’t process cash refunds.
3. Keep the card in the customer’s line of sight.
4. Match signatures on the signed receipt to the back of the card and
the last four digits of the PAN (card number).
5. Accept only the major credit cards, or those identified by your
department. Honor customer’s choice.
6. Obtain the security code on the back of the card for all telephone
sales.
7. Write cardholder information only on designated forms.
8. Store all documents containing card holder data in a secure locked
area.
9. Never send or receive card data through e-messaging
10.Never share cardholder information outside your work environment.
Some of these rules may not
apply to your department. Each
department has a different
business process, so remember
to double check with your
supervisor if you have any
questions.
83. Refunds must be
placed on card used
for the initial
purchase.
What if someone does not have their
original card?
If a customer doesn’t have their original
card, inform them a check will be issued
for the refund amount.
Internet Transactions
It's much simpler for internet transactions
since the cardholder’s information and
card number are linked to the sale. A
refund will be automatically issued based
on the original transaction and card used.
Never enter the customer’s card information over
the phone to issue a refund for an internet
transaction.
84. Rule 3 applies to any
sales situation where
a customer hands
you a credit card.
Keep the card in the customer's line of sight at all times.
Do this:
• Place the card on the counter as you log
into the POS terminal.
• Hold the card up in front of you or
keeps it on the counter if you needs
both hands.
NOT this:
• Place the card below the counter
• Walk away from your station with the
customer's card
• Place the card in the drawer
• Place the card behind an object that
blocks the customer's view
85. Rule 4 requires you
to make sure the
signatures match.
Check the following items:
• A signature appears on the card.
• The signatures on the card and receipt look similar.
• The signature area on the card is intact and not voided.
• Color markings appear on the signature stripe.
If the signatures do not match or you have
a concern about the authenticity of the card,
call your supervisor.
Match signatures on the signed receipt to
the back of the card.
86. For magnetic-stripe card transactions, match
the name and last four digits of the account
number on
the card to those printed on the receipt.
92. Accept only the
credit cards your
organization has
approved.
Make sure the logos above appear
on the card. Your department may
even limit which of these 4 cards
they accept, so make sure you find
out.
93. This is your last line of
defense for preventing
the fraudulent use of a
card via internet or
phone.
Obtain the security code on the back of
the card for all telephone sales.
• When you (the merchant) ask for this number, you are validating the
card is in the physical possession of the cardholder (purchaser).
• If the security number does not match the issuing bank's file, the
transaction will be declined and you will receive a message saying the
security code does not match.
The CCAV2/CVC2/CVV2/CID number should never be written down on any paper document. It can only be entered through a
terminal.
95. This rule pertains mostly
to telephone sales but
should be kept in mind
for all credit card
transaction.
Write cardholder data only on designated forms.
• Follow your department’s policy for
MOTO (Mail/Telephone order)
transactions.
• If MOTOs are allowed in your
department, always record the
customer's name, phone number, and
credit card number on the designated
form.
• Once the order has been placed or
recorded, all paper documents are
securely stored and destroyed when no
longer needed.
96. This rule applies when cardholder
data is received by mail, fax, or phone.
(Any physical copies of PAN)
Store all documents containing card holder data in a secure
locked area.
Place all order forms in a designated
restricted area under lock and key. These
documents will remain here until they are
later destroyed by designated staff.
To secure cash and credit card receipts:
• Organize credit card receipts into a
stack.
• Place the receipts inside the cash bag.
• Deliver the bag to the safe or cash
room.
100. Under no
circumstances should
cardholder information
be sent via any
electronic format.
Never send card data through e-messaging
This includes all electronic
communication such as
emails, attachments to
emails, text messaging and
chat rooms.
101. Never discuss a
customer's personal
card information
outside of work.
Never share cardholder information
outside your work environment.
You can discuss at a high
level about your work with
credit cards, but never
mention specifics.
Customers are trusting you
with their sensitive account
information! Treat their
information as if it were your
own. Including SSN and
other information.