In a guest post for National Cyber Security Month, Glenn Morgan, an IT Security Specialist with the Information Security Office at UNC-Chapel Hill, explains what the Payment Card Industry Security Standards Council is and what the organization is doing to protect cardholder information.
In the early 1900s when someone asked Willie Sutton why he robbed banks, he said, “Because that’s where the money is.” Nowadays the money is in many ways much easier to get — it’s on your credit card with you! Which explains why credit card fraud is such a big deal.
Payment card industry supports security efforts
In recent years, you may have heard or even experienced credit card fraud. Your card information may have been stolen from T.J.Maxx, Target or even skimmed at a gas pump or other location. To combat this growing problem the payment card industry (Visa, MasterCard, American Express and Discover) have banded together to form the Payment Card Industry Security Standards Council (PCI SSC). The focus of PCI SSC is to assist the entire payment card industry in developing, enhancing, disseminating and assisting with the security standards for the card industry.
100+ merchants across campus
At UNC-Chapel Hill, there is a significant focus on compliance. Did you know there are more than 100 merchant accounts across the campus, from book stores to dining to athletic facilities? These merchants take in a lot of money via credit card transactions. UNC-Chapel Hill takes PCI compliance very seriously, because failing to meet security standards can result in fines, loss of business and reputation. Like any security effort at UNC-Chapel Hill, it is everyone’s job to protect credit cards, even the card users.
The PCI data security standard, also called PCI-DSS, provides the framework for protection of cardholder data. The PCI-DSS provides for technical, physical and procedural protections based on the nature of the card transaction. Card transactions most commonly take place via point of sale terminals, web portals and manual entry. These card transactions must be protected. Physical devices that touch the card must be secure, and not tampered with. Websites with card entry portals must be properly configured and monitored as well. Even manual records made via swipe are protected. UNC-Chapel Hill business units do a great deal on their part, as does Finance and ITS.
Cardholders need to be vigilant
So, you too can be a valued part of PCI compliance at UNC-Chapel Hill. If your work environment accepts credit cards as payment for goods and services, make sure to visit the UNC Finance site for more detailed information on how to achieve and maintain PCI compliance (you can just go to finance.unc.edu and search for “PCI”). If you are a cardholder, you can help also by keeping an eye out for card readers that appear to be tampered with, or websites with PCI related data that appear to be insecure or fraudulent!