Introduction & Guiding Ideas
1.01
Oklahoma State College views digital commerce as a further outlet for contact with future alumni, school, workers, and the general public. OSU encourages Schools and auxiliary departments to make the most of digital commerce as a element of present enterprise features and interactions.
1.02
Using bank cards or debit playing cards is a typical and broadly accepted follow of conducting fee transactions. Oklahoma State College permits departments inside the college to ascertain themselves as bank card retailers to extra absolutely take part in e-commerce at OSU.
1.03
The aim of this coverage is to ascertain pointers and minimal necessities to be adopted when accepting e-Commerce funds, particularly credit score and debit card funds.
1.04
The Workplace of the Affiliate Vice President for Administration and Finance may have oversight accountability for institutional provision that outline digital commerce, e-Commerce requirements and procedures, and enforcement of fee card trade information safety requirements at Oklahoma State College.
Definitions
2.01 e-Commerce
Enterprise transactions over digital means. This usually means the web, however can embody any digital interplay – together with automated cellphone banks, contact display screen kiosks, and even ATMs. Transactions can embody debit/bank cards (traditionally the main methodology of e-Commerce fee), but additionally embody any digital switch of funds through ACH.
2.02 Cost Card Trade Information Safety Normal [PCI DSS]
A consolidated normal from the foremost bank card issuers detailing service provider necessities when accepting credit score/debit playing cards. The necessities embody community, safety (bodily/logical), and monitoring parts, amongst others.
2.03 Cardholder Information
Cardholder information is any personally identifiable info related to a person of a credit score/debit. Major account quantity [PAN], title, expiry date, and card verification worth 2 [CVV2] are included on this definition.
Scope
3.01
This coverage applies to all College departments, staff, authorised distributors, consultants, and different individuals related to the College wishing to conduct e-Commerce through any and all media and supply mechanisms.
3.02
Particular person items throughout the College could outline ‘circumstances of use’ for info sources beneath their management. These statements should be according to this total coverage, however could present further element, pointers, and/or restrictions. Such insurance policies could not loosen up or subtract from this coverage. The place such ‘circumstances of use’ exist, enforcement mechanisms outlined therein shall apply. These further insurance policies will be topic to overview and approval by the Workplace of the Affiliate Vice President for Administration and Finance.
Coverage
4.01
Any digital commerce related to Oklahoma State College will need to have a foundation in College mission. Unrelated e-Commerce exercise can’t make the most of the college community or related methods. A Cost Card Trade Safety Requirements Council (PCI SSC) validated Level to Level Encryption (P2PE) resolution is required to make the most of the College community for fee processing.
4.02
Any transaction, system, software, or course of related to e-Commerce (together with credit score/debit card transactions) can be carried out in compliance with the PCI DSS, OSU requirements and procedures for e-Commerce, and retain ongoing approval of the Workplace of the Affiliate Vice President for Administration and Finance.
4.03
E-Commerce exercise can be carried out throughout the centralized options supplied by Oklahoma State College administration except a written exception is granted by the Workplace of the Affiliate Vice President for Administration and Finance.
4.04
The retailers grandfathered in as SAQ-C and SAQ-D ranges will rent exterior assessors to validate compliance with PCI DSS. The division liable for the service provider will be required to pay for the assessor’s report.
Compliance Failure Penalties
5.01
Failure to adjust to this coverage could have the next penalties:
- Revocation of bank card acceptance for the affected unit.
- Fines (as much as $500,000.00) assessed to the accountable department or division.
- Authorized motion by injured events.
- Prosecution for legal violations.
Particular Notifications
6.01
Following OSU Insurance policies and Procedures, Oklahoma legal guidelines and relevant federal legal guidelines, OSU strives to guard private privateness and the confidentiality of knowledge. Departments partaking in e-Commerce are liable for safeguarding confidential info used within the processing of e-Commerce exercise.
6.02
Cardholder info can by no means be transmitted throughout a community unsecured. Transport Layer Safety 1.2 [TLS] on the very minimal is required to transmit cardholder information. Emailing unencrypted bank card numbers is rarely acceptable.
6.03
As part of the OSU community, wi-fi connectivity is on the market to be used in the identical method as a wired community jack. Nonetheless, particular issues and extra safety necessities from a PCI DSS standpoint are essential when connecting to a wi-fi community for e-Commerce actions. For these causes, Oklahoma State College has not licensed the usage of any wi-fi community for e-Commerce actions.
6.04
The foremost regulatory physique related to bank card transactions is the PCI safety Requirements Council and promulgates the principles and laws OSU adheres to within the bank card surroundings.
Questions or Feedback
7.01
Any questions or feedback relating to this coverage must be directed to:
Workplace of the Affiliate VP for Administration & Finance
207 Whitehurst
Stillwater, OK 74078
405-744-4188
[email protected]