Campus Banking & Merchant Services works with UA Information Security(UA Information Security) to provide guidelines and resources for our banking and merchant departments. The University of Arizona seeks to ensure that all individuals using, accessing, storing, transmitting, controlling, or managing University information assets understand their responsibility in reducing the risk of compromise, and take appropriate security measures to protect those assets. For information security resources, go to: http://security.arizona.edu
All merchants that utilize bank/credit cards to collect funds for goods and services must meet Payment Card Industry Data Security Standards (PCI-DSS) set by the banks and payment card brands such as Visa, MasterCard, Discover and American Express. The PCI standards can be found at https://www.pcisecuritystandards.org/. The mandatory standards are set to prevent or reduce risk of credit card information being stolen. If card numbers are taken without authorization through the merchant systems or processes, it is considered a breach and the Merchant department is held responsible and accountable.
Reputational impact and financial ramifications of a breach include damaged public trust, forensic costs, fines from card brands, replacement of breached customer credit cards, payment of credit monitoring for each customer for a year, and annual report of compliance assessments by a qualified security assessor. It has been reported that a minimal breach event would cost $250,000.
PCI-DSS compliance is taken very seriously at the UA. Each merchant must assign a merchant responsible person (MRP) to monitor, document and manage credit card processes and security. All systems and processes that "touch," control, or have the potential to affect the credit card customer experience are within compliance guidelines.
Compliance documentation is essential. Campus and Merchant Services have developed documentation guidelines and templates to assist each merchant department. The following PCI-DSS compliance documents are to be available for auditor/assessor review at all times:
Campus Banking & Merchant Services is available to assist in developing and maintaining PCI-DSS compliance.
Please contact merchants [at] fso [dot] arizona [dot] edu for further information or assistance.
UA Information Security and campus stakeholders have established policies, standards, procedures and guidelines to assist departments in meeting their security obligations.
Suspected incidents must be reported to both UA Information Security and Campus Banking and Merchant Services.
The best fraud prevention is the individual. Awareness is the key to preventing fraud from occurring. The following steps will help stop credit card fraud:
A card may have been altered if you see one or several of the following things on a card: