Payment Card Services Policy: Difference between revisions
Line 49: | Line 49: | ||
== Policy and Procedure Statements == | == Policy and Procedure Statements == | ||
=== | === Payment Card Oversight Committee === | ||
A Payment Card Oversight Committee shall be formed under the authority of Business Affairs with ITS support to provide oversight of all University payment card processing. | |||
Representation on this committee will include but not be limited to: Business Affairs, Internal Audits, and the ITS Office of Information Security. This committee is charged with providing review and advisement concerning: | |||
● Payment Card Services and Solutions | |||
● Changes To Authorized Payment Card Services and Solutions | |||
● Compliance Assessment and Reporting | |||
=== Example policy 2 === | === Example policy 2 === | ||
== Additional References == | == Additional References == |
Revision as of 18:55, 4 August 2015
Policy 503.8
Introduction
1. Appalachian State University requires that campus units be formally authorized to accept payment cards based on their compliance with this policy and related standards.
Scope
2. This policy is binding and applies to all Appalachian State University employees and service providers who transmit or process payment card transactions.
Definitions
Payment Card
- A card that can be used to make a payment for a purchase or in payment of some other obligation.
Customer
- An individual or other entity that makes a payment to the University for goods or services.
ITS
- Means the University’s Information Technology Services.
Merchant
- A campus unit that accepts payment cards as a method of payment.
NCOSC
- Means North Carolina Office of State Controller.
Payment Card Services
- Services that enable a Merchant to accept a transaction payment by use of a customer's payment card.
Payment Card Industry Data Security Standard (PCI DSS)
- A proprietary information security standard developed by the PCI Security Standards Council for organizations that handle cardholder information for the major debit, credit, prepaid, epurse, ATM, and POS cards.
Merchant ID (MID)
- An account established for a campus unit to credit sales amounts and debit processing fees.
Service Providers
- Companies that provide services to campus merchants or other services providers that control or could impact the security of cardholder data.
Primary Account Number
- Payment card number (credit or debit) that identifies the issuer and the particular cardholder account.
Cardholder Data
- Full magnetic stripe from a payment card or the Primary Account Number(PAN) plus any of the following:
- Cardholder name
- Expiration date
- Service Code or other Authentication Data
University
- Appalachian State University
Policy and Procedure Statements
Payment Card Oversight Committee
A Payment Card Oversight Committee shall be formed under the authority of Business Affairs with ITS support to provide oversight of all University payment card processing. Representation on this committee will include but not be limited to: Business Affairs, Internal Audits, and the ITS Office of Information Security. This committee is charged with providing review and advisement concerning: ● Payment Card Services and Solutions ● Changes To Authorized Payment Card Services and Solutions ● Compliance Assessment and Reporting