ÃÈÃÃÉçÇø

1. Credit cards we accept
2. Compliance
   • What are the PCI DSS Security Standards?
   • What is card holder data?
   • Do you store paper documents that have the CAV2 / CVC2 / CVV2 / CID code on them?
   • Does your terminal display the full PAN or card number on the machine and print the full PAN or card number on the receipt?
   • What is a QSA (Qualified Security Assessor)?
   • Who is the QSA Company for UM System?
   • What is an Approved Scanning Vendor?
   • Who is the Approved Scanning Vendor for UM System?
   • What is a convenience fee or surcharge?
   • Can I charge a Convenience Fee  or Surcharge to my customers?
3. New Retail Merchant Information 
   • What is a merchant?
   • What is the process for having a new merchant established?
4. Existing Merchant Updates
   • What is the process for having an existing merchant updated?
5. Requesting a new credit card machine
   • How to request a new credit card machine?
   • What do I do with my old machine?
   • Do new machines have warranties?
   • What is the setup for a new machine
   • What terminals can take EMV or contactless payments?
6. Using your machine
   • Duplicate invoice error
   • What is the ECC and how does it work?
   • How to use the invoice function to post revenue to the GL using different MO Codes per transaction?
   • Can I set it up so that each user has to log in before processing payments?
7. Can I request a loaner machine?
8. Is there a reporting system that I can have access to in order to view my merchant credit card transactions?
9. E-Commerce Frequently Asked Questions
10. What are internal controls and where can I find more information?
11. What is the records retention policy for credit card receipts?
12. What do I do if I suspect that my payment card operation has experienced a breach?
13. What are the rules for processing credit card refunds?
14. What are the credit card costs?
15. Is there an EMV Chip and PIN corporate travel credit card available for University travel overseas?

 

 

Credit Cards we accept

• Visa
• MasterCard
• Discover
• American Express (in the process of fully implementing, and the merchants will be notified when completed)

What are the PCI DSS security standards?

• The PCI DSS (Payment Card Industry Data Security Standards), a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.
• The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.

What is card holder data?

Account Data consists of Cardholder Data plus Sensitive Authentication Data, as follows:

 

 

Cardholder Data Includes:	Sensitive Authentication Data Includes:
Primary Account Number (PAN)	Full magnetic stripe data or equivalent on a chip
Cardholder Name	CAV2 / CVC2 / CVV2 / CID
Expiration Date	PINs / PIN blocks
Service Code

 

 

 

The following table illustrates commonly used elements of cardholder and sensitive authentication data, whether storage of each element is permitted or prohibited, and whether each data element must be protected.  This table is not exhaustive, but is presented to illustrate the different types of requirements that apply to each data element.

 

 

		Data Element	Storage Permitted	Render Stored Account Data Unreadable per Requirement 3.4
Account Data	Cardholder Data	Primary Account Number (PAN)	Yes	Yes
		Cardholder Name	Yes	No
		Service Code	Yes	No
		Expiration date	Yes	No
	Sensitive Authentication Data	Full Magnetic Stripe Data	No	Cannot Store
		CAV2 / CVC2 / CVV2 / CID	No	Cannot Store
		PIN / PIN Block	No	Cannot Store

 

 

 

 

Do you store paper documents that have the CAV2 / CVC2 / CVV2 / CID code on them (3 or 4 digit code on the back of the card)?

• Per PCI DSS requirements, you are not allowed to store this information electronically or in paper form.  If you have current paper storage with the CVV code stored you need to remove the CVV.  You cannot just mark it out with a "sharpie" but, if you marked out and then photo copy the marked-out original keeping the photo copy and cross-cut shred the original then you have successfully remediated your CVV2 paper storage problem.

 

Does your terminal display the full PAN or card number on the terminal display and / or does it print the full PAN or card number on the printed receipt?

• Please contact John Layman, 573-882-3318