Finance > Departments > Treasury > About PCI

PCI Standards

What We Are Doing

SFU needs to ensure that all our business processes and systems that handle credit card information meet security standards to protect the information. For that reason, a PCI team was formed to ensure that all departments that accept process, store or transmit credit card data and/or operate point of sale (POS) systems must comply with the PCI Data Security Standards. Our goal is to comply with the standards by April 2010.

Payment Services Resources


Leadership Team

We have a senior level team to provide direction and monitor progress. The team consists of:

Pat Hibbitts  

VP, Finance and Administration

Bill Krane

AVP, Academic

Jay Black  

Chief Information Office

Michael Murdock

Director Treasury

Janet Backe

Director, Enterprise Systems and Project Management

Our Approach

We are working on several activities to get to compliance and stay compliant going forward.

  • Assessment – finding and reviewing all the business processes and systems handling credit cards
  • Remediation – fixing or addressing processes that are not compliant
  • Policy – introducing policy direction to ensure that SFU initiatives  recognize and follow compliance practices
  • Control – establishing steps in our business to ensure that we do not violate or undermine compliance
  • Compliance – producing the annual compliance attestation for audit and acceptance

Best Practices

Common Best Practices are as follows:

  • Only employees who have a legitimate business authority should have access to cardholder information.
  • Only retain credit card information long enough to reconcile payments.
  • Never e-mail credit card information.
  • Blackout credit card numbers on any document (first 12 digits) before making a copy. Shred the original and retain the copy.
  • If credit card information is stored online, ensure that the online storage is secured.
  • Protect computer networks with firewall and intrusion detection.
  • Maintain all OS and antivirus updates.
  • Lock computer terminals and paper cabinet areas when unattended.
  • Shred documentation containing credit card information when it is no longer needed for business or legal reasons.

 

Best Practices suggested by PCI DSS official website:

Skimming Prevention

 Overview of the PCI SSC Skimming Prevention

To protect cardholder data:

 PCI Storage Do’s and Don’ts

Myth, facts and explanation:

 Ten common myths of PCI DSS

For more information and updates on the best practices please refer to this fact sheets in the official PCI DSS website and FAQ.

Contact Us

To contact SFU PCI team or ask a question, please send an email to pci_info@sfu.ca  

Search Finance

PeopleSoft LInks

myInfo
FINS
FAST

OTHER Links

Finance calendar
VP Finance & Administration
Chief Facilities Officer/University Architect
Chief Information Officer
Chief Safety Officer
Executive Director Ancillary Services
Questions or Comments