Notes
Slide Show
Outline
1
Handling Customer Credit Cards Safely
  • Requirements for
  • Northern Virginia Community College Staff
2
Use Common Sense on Your Computer
  • Do not use vendor-supplied defaults for system passwords.
  • Make sure antivirus software definitions are always up to date.
  • Never share your ID or password—everyone must use their own.
  • Keep software patches up to date.
  • Don’t let strangers use your computer.
3
Physically Protect Cardholder Data
  • Make sure stored cardholder data is physically well protected.
  • Restrict access to cardholder data to only those who have a legitimate need to know.
  • Restrict physical access to stored cardholder data.
  • Encrypt transmission of cardholder data.
  • LOCK IT UP or Do Not Save it At All.
4
"Be sure management approves all..."
  • Be sure management approves all movement of sensitive data before it is removed from a secure area.
  • Exercise strict control over access to any storage area with cardholder data.
  • Destroy cardholder data as soon as it is no longer needed.
  • Cross-cut, incinerate or pulp hardcopy materials.
5
Restrict Access by Others
  • Outside Vendors should only access the system during specified times and when specifically requested.
  • Restrict access to computers by cleaning crews or other outside employees.
  • NEVER leave printouts with cardholder data unlocked and unattended.
6
Things You NEVER Should Do
  • Do not store the full contents of any track from the magnetic strip on the back of the card.
  • Do not store the card-validation code or value (three or four digit number).
  • Do not store the PIN or encrypted PIN block.
  • NEVER store data on a USB device, CD, or disk.
  • NEVER Print the entire card number.
7
Use the Web Carefully
  • Always be sure to use the SSL layer when sending over the WEB (https and the lock symbol).
  • Never send numbers through email.
  • Close your browser when not at your desk.
  • Turn off your computer overnight.
8
Special Concerns Working from Home
  • When using home PCs, keep antivirus and software patches up to date.
  • NEVER store cardholder data on a home PC.
  • NEVER store cardholder data on a USB device, CD or DVD.
  • NEVER print cardholder data at home.
  • Print to a file on the server, not to a remote printer where sensitive data may be exposed.
9
"Always use your home PC..."
  • Always use your home PC as a terminal with the files left on a college server.
  • When finished working at home, clear “Temporary Internet Files” from your browser.
  • NEVER save your password on your home PC, even if it is easier to login.
10
Protecting Cardholder Data is everyone’s number one job
  • Use common sense on your computer.
  • Physically protect cardholder data.
  • Restrict access by others.
  • Know things you should never do.
  • Use the Web carefully.
  • Use special care when working from home.