SAMPLE DATA FLOW DIAGRAMS for MERCHANT ENVIRONMENTS

Similar documents
Understanding the SAQs for PCI DSS v3.0

COLUMBIA UNIVERSITY CREDIT CARD ACCEPTANCE AND PROCESSING POLICY

Wirecard CEE Integration Documentation

C&H Financial Services. PCI and Tin Compliance Basics

Merchant Services What You Need to Know. Agenda 6/5/2017. Overview of Merchant Services. EMV, Tokenization/Encryption, and PCI (Oh My!

Payment Processing Solutions for MEDICAL OFFICES

Online Payment Services

Payment Card Industry Compliance. May 12, 2011

CREDIT CARD MERCHANT POLICY. All campuses served by Louisiana State University (LSU) Office of Accounting Services

PCI Requirements Office of Business and Finance Issued July 2015

FI0311 Credit Card Processing

TennisCollect For Square

EpayFlow Guidebook THAIEPAY 2009 THAIEPAY. [EpayFlow : System Connection]

Best Practices for Securing E-commerce

Card Present. User Guide for Resellers

PAYMENT CARD INDUSTRY DATA SECURITY STANDARD SELF-ASSESSMENT QUESTIONNAIRE (SAQ) A GUIDE

PCI Requirements Office of Business and Finance Issued July 2015

Maintenance and Service Interruption Alerts (archived)

Maintenance and Service Interruption Alerts (archived)

Integrating Payments: Design Principles For A Cashless Future. Monojit Basu, Founder and Director, TechYugadi IT Solutions & Consulting

EMBEDDING THE PAYMENTS PROCESS: 3 STEPS FOR INTEGRATION AN EBOOK BY

Attestation of Compliance, SAQ A, Version 3.1

Self-Assessment Questionnaire (SAQ) A and Attestation of Compliance Guidance Document. Self-Assessment Questionnaire A

What Do Merchants Need to Be Successful Online?

Payment Gateway Overview. Get familiar with credit card processing & our platform

Payment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Onsite Assessments Service Providers. Version 1.

Payment Card Industry Data Security Standard Self-Assessment Questionnaire B Guide

PCI COMPLIANCE PCI COMPLIANCE RESPONSE BREACH VULNERABLE SECURITY TECHNOLOGY INTERNET ISSUES STRATEGY APPS INFRASTRUCTURE LOGS

The easiest all-in-one platform for online payments. Payrexx Merchant Factsheet Q1 2019

The Fork in the Road to PCI Compliance

Data Integrity New Edits and Updates

Tokenization: The Future of Payments

Virtual Terminal User Guide

The top five benefits of outsourcing B2B payments processing

Test Token Management

Version 7.4 & higher is Critical for all Customers Processing Credit Cards!

Ken Sinarski BC Worsley Devin Herod

esocket POS Integrated POS solution Knet

Policies and Procedures

One click payments. Axcess Merchant Services. How merchants can benefit. Prepared by: Date Issued:

Semi-Integrated EMV Payment Solution

Nexo 2016 Annual Conference Arnaud Crouzet. Lessons learned in implementing and deploying standards

PCI BLOG. P2PE, EMV, Tokenization, Oh My!

At a Glance: The Payment Ecosystem. Powering Subscription Success

AUTHORIZE.NET SAQ ELIGIBILITY WHITE PAPER NICK TRENC CISSP, CISA, QSA, PA- QSA. North America Europe coalfire.

EPAY BROCHURE. Contact Epay. Website: Tel: Wechat: caramel0808 Skype:

PROTECT AGAINST A DATA BREACH & ADDRESS PCI DSS COMPLIANCE WITH TRUSTCOMMERCE

MYOB EXO BUSINESS WHITE PAPER

Covering Your Assets: Payment Landscape and Technology

How to Guide. &FAQ s

Introduction. Scott Jerabek. The CBORD Group. Product Manager

The University of South Carolina MarketPlace E-Commerce Guidelines

FUTURE OF CREDIT CARD PAYMENT APPLICATION SECURITY:

BEANSTREAM PAYMENT GATEWAY

Electronic Payments: PayPal vs. Credit Cards

Fort Bend ISD Summer School

WHO, WHAT, WHY: PCI. Tess Casey Flanagan Senior Manager and Counsel, Global Compliance Operations

112 th Annual Conference May 6-9, 2018 St. Louis, Missouri

First Data (FD) Mobile Pay FAQs ISO Channel

10+ M EFTPOS TERMINALS M Software Solution TransLink.iQ OPERATIONS PER MONTH WITHIN OUTSOURCING PROJECTS

GACE Teacher Leadership Registration Quick-reference Guide Last Updated July 1, 2015

EMV 3-D Secure provides the path to fast, frictionless authentication

Payments - EMV Review. EMV Functionality Inside OpenOne

HELLENIC CONFEDERATION OF COMMERCE&ENTREPRENEURSHIP

Getting Started Guide MobilePay via Netaxept

Getting Started Guide MobilePay via Netaxept

First Data Merchant Solutions EFTPOS. 8006L2-3CR Integrated PIN Pad. User Guide

FIS Global Retail Payments. Centralize your enterprise with ONE trusted partner.

PAX Technology, Inc.

CCV s self-service payment solutions drive PCI-DSS-compliant security

OHIO TURNPIKE AND INFRASTRUCTURE COMMISSION 682 Prospect Street Berea, Ohio 44017

FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION

The Changing Landscape of Card Acceptance

TOKENIZATION OF A PHYSICAL DEBIT OR CREDIT CARD FOR PAYMENT

FusionPOS for Sage 100

falanx Cyber PCI-DSS: How can your organisation achieve and maintain compliance?

Before continuing it is important the reader understands the key differences between Mobipaid and other forms of mobile payments :

Proxama PIN Manager. Bringing PIN handling into the 21 st Century

Overview. Advanced multi-supplier solution for IT Resellers ecorner - the smarter way to sell online. (For Merchants)

Receivables and Secure Payment Processing

... Office Supply Program For

Credit and Debit Card Fraud

Protecting Payments Throughout the Ecosystem. Emma Sutcliffe Senior Director, Data Security Standards PCI Security Standards Council

Security enhancement on HSBC India Debit Card

The e-commerce solution. Your key to successful online business

Payment Card Industry (PCI) Payment Applicaton Data Security Standard (PA-DSS) Attestation of Validation Version 2.01

Introduction. Thank you for choosing SuperSalon Point of Sale software for your business and welcome to our growing family of valued clients.

Digital Payments STEP BY STEP INSTRUCTIONS FOR VARIOUS MODES OF PAYMENT: Cards, BHIM and UPI, e-wallets, USSD, AEPS,

Getting Started Guide Vipps via Netaxept

PCI Toolkit

Volume PLANETAUTHORIZE PAYMENT GATEWAY. SugarCRM Payment Module. User Guide

Questions to Ask Your Processor: Making the Right Decision

TAS CASHLESS 3.0 FOCUS ON. The absolute framework for electronic payment management. CASHLESS 3.0: the ultimate. payment experience

Payment Card Industry Data Security Standard Compliance: Key Players and Relationships. By Jason Chan

PCI Information Session. May NCSU PCI Team

Getting Out of PA-DSS Scope and Eliminating the High Cost of EMV: What you need to know

MODELS OF MOBILE PAYMENTS

The Verifone Best Practice Guide to e-commerce

Request for Proposal. Cosmos Sports & Entertainment - Toronto. Ticketing System. November 28, 2017 Proposals Due: 5:00 pm (EST), December 15, 2017

First Data EFTPOS. User Guide. 8006L2-3CR Integrated PIN Pad

Transcription:

SAMPLE DATA FLOW DIAGRAMS for MERCHANT ENVIRONMENTS To protect your environment against payment data theft, you first have to understand how you accept payments. What kind of equipment do you use, who are your Processors and other technology service providers, and how do these things all fit together? Per CU Policy, all CU Merchants must maintain a Data Flow Diagram illustrating the flow of Cardholder Data (CHD) through the CU Merchant s Cardholder Data Environment (CDE). The diagram must begin with where CHD is captured and include all components within the CU Merchant CDE, such as people, POS devices, payment gateways, databases, web servers, and any other necessary payment components. These sample diagrams will help you get started on building a diagram showing the flow of CHD and all components used through your own Merchant environment, as required by CU Policy. *These illustrations are examples only and are not all inclusive. You must successfully investigate and identify all pieces of your environment to ensure proper security is in place. On the following page, select the type of Environment that best describes your Merchant Environment, you will be taken to the Sample Diagram of your choice. Fill in the diagram details with data spcific to your Merchant Environment where indicated in red. BEFORE YOU BEGIN TO CREATE A NEW DIAGRAM, ONE MIGHT ALREADY EXIST FOR YOUR ENVIRONMENT. BE SURE TO ASK AROUND, ESPECIALLY YOUR IT DEPARTMENT TO SEE IF ONE ALREADY EXISTS.

MERCHANT ENVIRONMENTS Click on the payment channel description below that best describes your specific Merchant Environment. PAYMENT CHANNEL DESCRIPTIONS: IN PERSON (CARD PRESENT) Stand-alone payment terminal connected to dedicated phone line. Payments sent to Processor via dial-up phone line. IN PERSON (CARD PRESENT) Handheld payment terminal with cellular connection. Payments sent to Processor via cellular network only. IN PERSON (CARD PRESENT) P2PE Solution, connected to Internet. Payments are sent to Processor via Internet. OVER THE PHONE AND/OR BY MAIL (CARD-NOT-PRESENT) Merchant uses a stand-alone payment terminal connected to dedicated phone line. Payments are sent to Processor via dial-up phone line. OVER THE PHONE AND/OR BY MAIL (CARD-NOT-PRESENT) Merchant usese a P2PE Solution, connected to Internet. Payments are sent to Processor via Internet. OVER THE PHONE AND/OR BY MAIL (CARD-NOT-PRESENT) Merchant uses virtual payment terminal accessed via Internet browser to send payments to Processor via Internet. ONLINE/WEBSITE OVER THE INTERNET (CARD-NOT-PRESENT) Merchant has a website where cardholders enter their credit card data on Merchant's own managed payment page. Payments are sent to Processor via Internet by Merchant. ONLINE/WEBSITE OVER THE INTERNET (CARD-NOT-PRESENT) Merchant has a website where cardholders enter their name and contact info, but are redirected to PCI compliant 3rd party payment page to enter credit card data. Payments are sent to Processor via Internet by 3rd party. ONLINE/WEBSITE OVER THE INTERNET (CARD-NOT-PRESENT) Merchant has fully outsourced their website and payment page to a PCI compliant 3rd party. Payments are sent to Processor via Internet by third-party service provider.

IN PERSON (CARD PRESENT) Stand-alone payment terminal connected to dedicated phone line. Payments sent to Processor via dial-up phone line. TERMINAL The payment terminal is connected to Processor by a dedicated dial-up telephone line Choose your Processor here: terminals: PHONE LINE If you have multiple terminals within your Merchant Environment, enter the details for each below TID: TID: TID: TID:

IN PERSON (CARD PRESENT) Handheld payment terminal with cellular connection. Payments sent to Processor via cellular network only. TERMINAL HANDHELD PAYMENT TERMINAL CELLULAR NETWORK Choose your Processor here: terminals: Payment terminal encrypts card data (for example, using PCI s Secure Reading & Exchange of Data SRED) connects to cellular network ALWAYS BE SURE TO:

IN PERSON (CARD PRESENT) P2PE Solution, connected to Internet. Payments are sent to Processor via Internet. TERMINAL terminals: Obtain diagram provided by P2PE provider.

OVER THE PHONE AND/OR BY MAIL (CARD-NOT-PRESENT) Merchant uses a stand-alone payment terminal connected to dedicated phone line. Payments are sent to Processor via dial-up phone line. TERMINAL Merchant Authorized User workstations: Names of all users with access to Terminal The payment terminal is connected to Processor by a dedicated dial-up telephone line PHONE LINE ALWAYS BE SURE TO:

OVER THE PHONE AND/OR BY MAIL (CARD-NOT-PRESENT) Merchant usese a P2PE Solution, connected to Internet. Payments are sent to Processor via Internet. TERMINAL workstations: Obtain diagram provided by P2PE provider. ALWAYS BE SURE TO:

OVER THE PHONE AND/OR BY MAIL (CARD-NOT-PRESENT) Merchant uses Virtual Payment Gateway Terminal accessed via Internet browser to send payments to Processor via Internet. Gateway: workstations: Names of all users with access to Payment Gateway: MERCHANT PC VIRTUAL PAYMENT GATEWAY TERMINAL FROM PCI DSS COMPLIANT PAYMENT FIREWALL Citrix Server INTERNET ALWAYS BE SURE TO: Use strong passwords

ONLINE/WEBSITE OVER THE INTERNET (CARD-NOT-PRESENT) Merchant has a website where cardholders enter their credit card data on Merchant's own managed payment page. Payments are sent to Processor via Internet by Merchant. Select a Payment Gateway: Homepage URL: Payment Page URL: MERCHANT E-COMMERCE HOME PAGE MERCHANT SHOPPING CART or REGISTRATION PAGES MERCHANT PAYMENT PAGE ROUTER/FIREWALL INTERNET

ONLINE/WEBSITE OVER THE INTERNET (CARD-NOT-PRESENT) Merchant 8 has a website where cardholders enter their name and contact info, then redirected to PCI compliant 3rd party payment page to enter credit card data. Payments are sent to Processor via Internet by 3rd party. Select a Payment Gateway: Enter name of Third Party Service Provider: Homepage URL: Payment Page URL: MERCHANT E-COMMERCE HOME PAGE MERCHANT SHOPPING CART or REGISTRATION PAGES THIRD-PARTY PAYMENT PAGE THIRD-PARTY WEB SITE ROUTER/FIREWALL INTERNET

ONLINE/WEBSITE OVER THE INTERNET (CARD-NOT-PRESENT) Merchant has fully outsourced their website and payment page to a PCI compliant 3rd party. Payments are sent to Processor via Internet by third-party service provider. Select a Payment Gateway: Enter name of Third Party Service Provider: Homepage URL: Payment Page URL: Obtain diagram provided by your Third-Party Service Provider.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback