USU and Payment Card News
REDUCING PCI SCOPE
As of May 1, 2016, all devices being purchased, when possible, must include P2PE solution to reduce PCI Scope.
What conversations have you had with your vendor about reducing your PCI scope? Leveraging new technology, P2PE, End to End Encryption, or Direct to Gateway, can help reduce your PCI scope.
EMV LIABILITY CHANGE
As of May 1, 2016 USU requires all new devices to include an EMV component.
Read more: EMV Liability Change
CREDIT CARD POLICY CHANGE
As of May 1, 2015, USU's Credit Card Handling Policy was retired and Utah State University Cash Handling Policy #530 was implemented. Cash is defined in this policy, which includes credit card payments. Please note that merchants will need to submit their cash handling procedures to Treasury Services. The PCI Compliance Officer will assess Cash and Credit Card Handling as part of the annual merchant assessment.
TWO FACTOR AUTHENTICATION
All credit card systems requires Duo, our two-factor authentication process for system admins, back end users accessing the server environment, and remote access users. The Information Security Office has purchased your user licenses. Please email or call Matt Lorimer to implement this process.
Contact: firstname.lastname@example.org, ext. 7-4242
PCI SECURITY TRAINING
USU employee who have access to cardholder data needs to participate in the Cash Handling training. This training is required annually. New hires have to participate in training prior to them recieving their credentials. Link to Cash and Credit Card Handling training.
With changes to the PCI DSS 3.0 requirements, USU has decided that we will no longer be accepting credit card payments in paper form as of June 30, 2015. Please adjust your conference registration, fundraising, and any communication out to your customers to reflect this. All sales must be directly entered into a Point-of-Sale device or an e-commerce website to process payments.