Personal tools
Navigation
Tools

Difference between revisions of "Payment Card Services Policy"

From Appalachian State University Policy Manual

Jump to: navigation, search
(Cardholder Data)
(Policy and Procedure Statements)
Line 49: Line 49:
 
== Policy and Procedure Statements  ==
 
== Policy and Procedure Statements  ==
  
=== Example policy 1 ===
+
=== Payment Card Oversight Committee ===
  
 +
A Payment Card Oversight Committee shall be formed under the authority of Business Affairs with ITS support to provide oversight of all University payment card processing.
 +
Representation on this committee will include but not be limited to: Business Affairs, Internal Audits, and the ITS ­ Office of Information Security.  This committee is charged with providing review and advisement concerning:
 +
● Payment Card Services and Solutions
 +
● Changes To Authorized Payment Card Services and Solutions
 +
● Compliance Assessment and Reporting
  
=== Example policy 2 ===
 
  
 +
 +
=== Example policy 2 ===
  
 
== Additional References ==
 
== Additional References ==

Revision as of 18:55, 4 August 2015

Policy 503.8

1 Introduction

1. Appalachian State University requires that campus units be formally authorized to accept payment cards based on their compliance with this policy and related standards.

2 Scope

2. This policy is binding and applies to all Appalachian State University employees and service providers who transmit or process payment card transactions.

3 Definitions

3.1 Payment Card

A card that can be used to make a payment for a purchase or in payment of some other obligation.

3.2 Customer

An individual or other entity that makes a payment to the University for goods or services.

3.3 ITS

Means the University’s Information Technology Services.

3.4 Merchant

A campus unit that accepts payment cards as a method of payment.

3.5 NCOSC

Means North Carolina Office of State Controller.

3.6 Payment Card Services

Services that enable a Merchant to accept a transaction payment by use of a customer's payment card.

3.7 Payment Card Industry Data Security Standard (PCI DSS)

A proprietary information security standard developed by the PCI Security Standards Council for organizations that handle cardholder information for the major debit, credit, prepaid, e­purse, ATM, and POS cards.

3.8 Merchant ID (MID)

An account established for a campus unit to credit sales amounts and debit processing fees.

3.9 Service Providers

Companies that provide services to campus merchants or other services providers that control or could impact the security of cardholder data.

3.10 Primary Account Number

Payment card number (credit or debit) that identifies the issuer and the particular cardholder account.

3.11 Cardholder Data

Full magnetic stripe from a payment card or the Primary Account Number(PAN) plus any of the following:
Cardholder name
Expiration date
Service Code or other Authentication Data

3.12 University

Appalachian State University

4 Policy and Procedure Statements

4.1 Payment Card Oversight Committee

A Payment Card Oversight Committee shall be formed under the authority of Business Affairs with ITS support to provide oversight of all University payment card processing. Representation on this committee will include but not be limited to: Business Affairs, Internal Audits, and the ITS ­ Office of Information Security. This committee is charged with providing review and advisement concerning: ● Payment Card Services and Solutions ● Changes To Authorized Payment Card Services and Solutions ● Compliance Assessment and Reporting


4.2 Example policy 2

5 Additional References

6 Authority

7 Contact Information

8 Effective Date

9 Revision Dates