instructions for completing your fy15...

Post on 30-May-2020

2 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

• Please use the link and login credentials provided in the email received along with this presentation from Treasury to complete your FY15 Self-Assessment Questionnaires.

– Please note: If you have MIDs under more than one Processor (ie: Elavon or Global Payments), you will receive separate logins to complete separate SAQ’s, for each processing type by Processor.

• This means, depending on your current environment, you could receive up to (but no more than) 6 login credentials to complete 6 separate SAQs

• The following slides will help you navigate through completing your

SAQs once you’ve logged into Trustkeeper.

• Should you have any questions along the way that are not already addressed within this presentation, please reach out to Katie Todd – 212.854.9694 or send a note to creditcards@columbia.edu.

INSTRUCTIONS FOR COMPLETING YOUR FY15 SAQ’S

PCI DSS is NOT

“check-the-box security”

Yes, there are checkboxes on the SAQ…

But if you do it without reading the instructions, Or if you do it without gathering the documentation…

You’re doing it wrong!

Before you begin the SAQ, you should review and familiarize yourself with the most recently updated Payment Card Industry Data Security Standard (PCI-DSS) v 3-1. Copy & paste the following URL into a browser to open the PCI-DSS v3.1

http://finance.columbia.edu/files/gateway/content/treasury/PCI_DSS_v3-1.pdf

BEFORE YOU BEGIN…

Upon completing your SAQ, you will be asked to verify that you have read the PCI-DSS and recognize that you must maintain PCI DSS

compliance at all times.

WHEN YOU’RE READY TO BEGIN… Be sure to login to Trustwave using the credentials provided

to you by Treasury to complete the SAQ’s.

• Once logged in, click ‘Start’ as indicated below

Select only ONE from the options below. Remember if you accept credit cards by more than one of the below means, you will receive separte login credentials to complete more than one SAQ.

*You will complete one SAQ per processing type*

(So if you accept credit cards by all three types, you will complete 3 SAQ’s, under each processor)

How do You Accept Credit Cards?

The next few questions depend on how you answered the previous question. **Be sure to read the descriptions and understand each before choosing

More Details on How you Accept Credit Cards…

Occasionally, depending on how you answer specific questions, you may see a pop-up with additional questions. Be sure to answer them accurately. If you are unsure, choose “I’m not sure” for your answer.

SIDE NOTE…

Once you click Next as shown below, you will confirm details about your Merchant Profile and Business Environment.

Next Steps…

• Be sure all of your General Info is correct here. – Especially your address

• Make any corrections as necessary.

Merchant Profile

The Company Name should be the Processing Type for the MIDs you’re completing this SAQ for. (ie: Website, Mail/Telephone or In Person)

Under ‘Additional Info’:

• A Service Provider can be any of (but not limited to) the following: – Payment gateways (CyberSource or Virtual Merchant), – A Web Hosting provider – Any consultants – Any calendar/event application software Providers

• **An Acquirer is your Processor:

– Elavon – Global Payments – Chase

**PLEASE NOTE: Even if you have Merchant Accounts with more than one of the above Acquirers/Processors, you must still select ‘No’ under ‘Multiple Acquirers’. As you will complete a separate SAQ for each Acquirer/Processor.

Merchant Profile cont.…

• The person that “completed the Wizard” is whomever answered all the previous questions regarding processing type. – If this is different from the individual already listed, type your name

where applicable, under the Second or Third Person section…

• Then click ‘Next’

Merchant Profile cont.…

If any MIDs are missing OR if you see any MIDs listed that should not be listed here because they process differently, please contact the following to discuss and correct:

creditcards@columbia.edu

Merchant Profile cont.…

On this screen, be sure that if you have multiple MIDs with the same Processing Type, that they are ALL listed here:

• You can make any changes by clicking on ‘Previous’ or ‘Change’ • Or If no changes are required, click ‘Next’

• You must verify that this screen reflects your credit card acceptance program as you described in previous sections for each of the MID(s) listed on the previous screen.

Business Environment

• Any terminals (ie: Verifone, Synergy, Hypercom, etc) , or online software applications (ie: CyberSource, Virtual Merchant,

Paymentech, TrustCommerce) must be listed here.

• To list your products, click ‘Add Product’

**All products for each of your MIDs listed under the ‘Merchant Profile’ must be listed here**

Business Environment Cont.….

After you’ve clicked , start typing your product name in space provided, when you see your product name, select that product.

Adding Products

**If your product does not pre-populate after typing it in, click and enter the info for your product as instructed.

…You MUST list all terminals, software applications, etc. used for each of those MIDs here

SIDE NOTE…

For every MID that you saw listed under your Merchant Profile…

If you selected ‘WEBSITE’, when describing how you accept credit cards earlier…

You must list all URLs where customers can register and pay for products, services, events, et al. by clicking ‘Add Web Site’ and entering the website links, one by one.

Business Environment Cont.….

SIDE NOTE…

For every MID that you saw listed under your Merchant Profile that is an e-commerce MID…

…You MUST list a URL for each here:

Here you will list all of your Service Providers, click ‘Add Service Provider’

Service Providers include: • Processors (Elavon, Global Payments, et

al) • Web hosting vendors • Consultants • Call centers • Bill collectors • Web developers

*If you have any Service Providers not already provided in the list, click ‘Add New’

Business Environment Cont.….

QUESTIONNAIRE

Select the ‘Step-by-Step’ method and click ‘Next’

The next few slides provide helpful guidance for navigating through the

Questionnaire.

QUESTIONNAIRE

The specific questions that will follow will vary significantly, based on your answers to previous questions, and must be answered as accurately as possible.

• Click on the for information on the importance of the question.

• Hover over items in bold print for further clarification

HELPFUL GUIDANCE

Read descriptions carefully to ensure you answer the questions as accurately as possible

HELPFUL GUIDANCE

This list should include: • the make and model of the device • the location • and a serial number or other

identifier

Equipment Inventory You are required to maintain a list of all of your payment equipment.

Please upload your documented list by following the instructions on the next slide.

***You may choose to upload your documentation at a later time***

To upload documentation, click on the tab along the top of the Trustkeeper site

Then click and follow the prompts for uploading your documents.

Uploading Required Documentation

***You may choose to upload your documentation at a later time***

If you use a Point of Sale terminal to accept credit cards, please designate someone to partake in the

following training… Fraud Prevention for Merchants

Manually Inspecting Terminals

(Right click on the above and click ‘Open Hyperlink’ to access the training)

There are some security functions that are managed centrally by CUIT…

If you reach any questions that involve any of the following topics, please contact creditcards@columbia.edu for assistance:

• Network Security • Secure Communications • Device & Computer Security • Secure Management & Monitoring

For any questions related to your Websites' configuration,

please reach out to your IT / developers for assistance. Or contact creditcards@columbia.edu

Confirming your Self-Assessment Please review the descriptions for each SAQ type on the

following slide to confirm you have completed the correct SAQ before checking the box highlighted below.

SAQ DESCRIPTIONS

Acknowledgement

This MUST be completed by the SBO for the department

top related