2,654
edits
Bank Card Processing: Difference between revisions
Jump to navigation
Jump to search
no edit summary
(Created page with "<table style="background:#F8FCFF; text-align:center" width="100%" cellspacing="0" cellpadding="0" border="0"> <tr> <td style="padding:0.5em; background-color:#e5e5e5; font-siz...") |
No edit summary |
||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 20: | Line 20: | ||
<td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF" | <td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF" | ||
width="20">[[Intellectual Property]]</td> | width="20">[[Intellectual Property]]</td> | ||
<td style="border-bottom:2px solid #A3B1BF" width="3"> </td> | |||
<td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF" | |||
width="20">[[Faculty]]</td> | |||
</tr> | </tr> | ||
</table> | </table> | ||
<br /> | <br /> | ||
[[General Accounting]] | [[SBIR/STTR Program Participation]] | [[Supplemental Compensation Plan]] | [[Facilities Management/Planning]] | [[Purchasing]] | [[Public Affairs]] | [[Facility Identification]] | [[Serving Alcoholic Beverages]] | [[Travel and Reimbursement]] | [[State Vehicles]] | [[Reproducing Copyrighted Materials]] | [[Bank Card Processing]] | [[Student Training Agreement]] | [[Volunteer]] | [[Cash Handling]] | [[Fraud]] | [[Assigning Research Lab Space]] | [[Space Scheduling]] | [[ | [[General Accounting]] | [[SBIR/STTR Program Participation]] | [[Supplemental Compensation Plan]] | [[Facilities Management/Planning]] | [[Purchasing]] | [[Public Affairs]] | [[Facility Identification]] | [[Serving Alcoholic Beverages]] | [[Travel and Reimbursement]] | [[State Vehicles]] | [[Reproducing Copyrighted Materials]] | [[Bank Card Processing]] | [[Student Training Agreement]] | [[Volunteer]] | [[Cash Handling]] | [[Fraud]] | [[Assigning Research Lab Space]] | [[Space Scheduling and Fundraising]] | [[Academic Personnel Records]] | [[Cellular Phone]] | [[Off-campus Graphic Design and Related Printing]] | [[Off-campus Photography]] | [[Tax Exempt Financing and Tracking of Both Qualified Use and Non-Qualified Use of Research Space]] | [[Secondary Logos]] | [[Social Media]] | [[Sensitive Equipment Tracking]] | [[International Visitors]] | [[Accounts Receivable Management]] | [[Internal Audit]] | [[Regulations on the Use of University Facilities and Grounds]] | ||
<br /><br /> | <br /><br /> | ||
Policy No.: '''6050'''<br /> | Policy No.: '''6050'''<br /> | ||
Effective Date: '''01/10/07'''<br /> | Effective Date: '''01/10/07'''<br /> | ||
Revised Date: ''' | Revised Date: '''DRAFT'''<br /> | ||
Reviewed Date: | Reviewed Date: <br /> | ||
'''<big>Bank Card Processing Policy</big>''' | '''<big>Bank Card Processing Policy</big>''' | ||
== Basis for Policy == | == Basis for Policy == | ||
| Line 47: | Line 49: | ||
**Periodically inspect terminal surfaces to detect tampering (for example, addition of card skimmers to devices), or substitution (for example, by checking the serial number or other device characteristics to verify it has not been swapped with a fraudulent device). | **Periodically inspect terminal surfaces to detect tampering (for example, addition of card skimmers to devices), or substitution (for example, by checking the serial number or other device characteristics to verify it has not been swapped with a fraudulent device). | ||
**Personnel involved with bank card transactions must document knowledge of their awareness to attempted tampering or replacement of devices by completing the UNMC PCI 3.0 Point of Sale training material, which will be retained by the Finance Cashier. | **Personnel involved with bank card transactions must document knowledge of their awareness to attempted tampering or replacement of devices by completing the UNMC PCI 3.0 Point of Sale training material, which will be retained by the Finance Cashier. | ||
*Under no circumstances should bank card information be stored on any computer system. | *Under no circumstances should bank card information be stored on any computer system. Once a transaction is completed all digital information should be deleted from the computer in box and computer delete box. All paper information should be shredded including, but not limited to, all paper forms, printed emails, telephone memos, faxes, etc. | ||
*UNMC outsources e-commerce bank card processing. UNMC ITS Application Services has a module which is utilized to bridge the web application which accepts a bank card payment and the card processing company. | *UNMC outsources e-commerce bank card processing. UNMC ITS Application Services has a module which is utilized to bridge the web application which accepts a bank card payment and the card processing company. | ||
**All bank card transactions processed by UNMC Staff, on behalf of the customer, must go through the bank card terminals provided by the Finance Cashier. Under no circumstances, shall a UNMC Staff member enter a bank card number into a UNMC Web Application on behalf of the cardholder. | **All bank card transactions processed by UNMC Staff, on behalf of the customer, must go through the bank card terminals provided by the Finance Cashier. Under no circumstances, shall a UNMC Staff member enter a bank card number into a UNMC Web Application on behalf of the cardholder. | ||
| Line 53: | Line 55: | ||
All bank card transactions will be reviewed periodically and confirmed annually to assist in maintaining proper accountability and internal control. In addition, written departmental bank card procedures will be reviewed for conformity with UNMC policies, State Treasurer regulations, and Payment Card Industry Data Security Standards. | All bank card transactions will be reviewed periodically and confirmed annually to assist in maintaining proper accountability and internal control. In addition, written departmental bank card procedures will be reviewed for conformity with UNMC policies, State Treasurer regulations, and Payment Card Industry Data Security Standards. | ||
==Technical Controls== | ==Technical Controls== | ||
All bank card transactions will be processed in conformance with the Payment Card Industry Data Security Standards. A secure network environment is established for processing | All bank card transactions will be processed in conformance with the Payment Card Industry Data Security Standards. A secure network environment is established for processing bank card transactions. A vulnerability management program is in place to ensure that the technical controls are functioning properly. Technical controls are in place to ensure that identity and access management is limited to those with a need to access the data in order to perform their job duties. Appropriate audit logging is enabled in order to track and monitor access. In the case of an information security event is found (such as an unauthorized wireless access point), the organization will follow the Incident Response Security Procedure. All members of UNMC complete annual information security compliance training. | ||
==Additional Information== | |||
*Contact the [mailto:bfegley@unmc.edu Controller] | |||
*See the [[Bank Card Handling Procedures]]<br /> | |||
This page maintained by [mailto:dpanowic@unmc.edu dkp]. | This page maintained by [mailto:dpanowic@unmc.edu dkp]. | ||