Vendors focus on security
March 18, 2009
Credit card security has become a concern at universities and Sacramento State is now working with Visa and MasterCard to ensure that vendors on campus are compliant with security policies.
The extra security precautions were prompted after an incident at CSU, Stanislaus, where credit card numbers and cardholder names were stolen in January 2008.
Sac State hasn’t had any security breaches, but if there was a breach, students could have their information stolen when they slide their card on the credit card machine.
To prevent this type of credit card fraud on campus, Visa and MasterCard are working with Sac State to require vendors to comply with the Payment Card Industry’s standards.
The PCI standards were created by the credit card industry to help protect cardholder information, reduce fraud and identify security vulnerabilities.
According to Sac State’s Information Security website, vendors must pass a self-assessment test which checks on managing servers and securing networks to achieve PCI compliance.
Vendors must receive 100 percent on the assessment in order to be PCI-compliant.
The PCI self-assessment is a set of questions that require yes-or-no answers to address issues such as making sure vendors have up-to-date antivirus software installed.
On Thursday, employees from campus departments and program centers attended a training session in the library to ensure compliance with the PCI standard.
Marketing Service Director Celexsy Adame said University Enterprises, Inc., is working closely with the office to make sure vendors are PCI-compliant.
Kristin Olsen from Stanislaus’ Public Affairs Office said there has not been a security breach since the vendors became PCI-compliant.
“The university now requires that all campus vendors demonstrate PCI compliance and also takes appropriate steps to ensure that all external vendors are compliant with the university’s security measures,” Olsen said.
Jeff Williams, Sac State’s Information Security Officer, said there has been an increase of people stealing credit or debit card information on a national level.
He said Sac State has a great network to prevent security breaches, but there is a lot of openness in the university’s computing resources that hackers are attracted to.
Vendors, such as Java City, monitor activity on their networks. If there is a security breach, they then notify the people whose information was stolen from.
Williams said that if hackers collect the credit card numbers and make purchases with them, Visa and MasterCard will be notified where the purchases were made, and may find out who breached the network.
Williams said Sac State’s college departments and merchants such as the Hornet BookStore are compliant.
However, Williams said Information Security sends out surveys to take the PCI assessment periodically because even small programs taking one credit card have to be PCI-compliant.
Catherine Robledo can be reached at [email protected].