300.00 Cashier Activity

 
  • Table of Contents
  • 310.00   Introduction
  • 310.10     Location and Hours of Business
  • 310.20  Duties 
  • 320.00   University Petty Cash Fund 
  • 320.10     Purpose
  • 320.20     Exclusions
  • 320.30     Procedures
  • 330.00   Departmental petty Cash and Change Funds 
  • 330.10     Introduction
  • 330.20     Request to Establish a Petty Cash or Change Fund
  • 330.30     Custodian
  • 330.40     Disbursement of the Fund
  • 330.50     Reimbursement of the Fund
  • 330.60     Audit
  • 340.00   Payment of Student Fees
  • 350.00   Deposit of Monies 
  • 350.10     Check Endorsements
  • 350.20     Timely Deposits
  • 350.30     Security
  • 350.40     Income
  • 350.50     Expenditure Abatement
  • 350.60     OSP Deposits
  • 360.00   Processing Gifts and Transfers to MSU 
  • 370.00   MSU Credit Card Merchant Policy 
  • 370.10     Setup
  • 370.20     Security procedures required for safeguarding  customer information
  • 370.21     Receipting Procedures
  • 370.22     General Guidelines
  • 370.23     Refunds
  • 370.30     UBS responsibilities
  • Appendix A  University  Credit Card Merchant Options
  • Application
  • Questionaire
 

310.00 Introduction

The University Business Services’ Office maintains a cashier function for the purpose of receiving monies due Montana State University.

310.10 Location and Hours of Business

A.    Location - The cashiers are located in the MSU UBS Office on the first floor, Montana Hall. Other locations may be designated as required.

B.    Hours of Business - The cashiers conduct normal business activities from 8:30 - 4:30, Monday through Friday. Other hours may be designated for special purposes.

310.20 Duties

The basic duties of the cashiers are as follows:

A.    Make disbursements from the University Petty Cash Fund.

B.    Receive student Payments.

C.    Receive fees, refunds, and various incomes for University departments and projects.

320.00 University Petty Cash Fund

The UBS Office is responsible for the maintenance of a petty cash fund for immediate cash needs of the University.

320.10 Purpose

To provide petty cash to MSU personnel and departments for reimbursement of cash disbursements for supplies and services, such as:

A.    C.O.D. shipments received by the University.

B.    Small purchases (less than $25.00) of supplies from vendors where charge accounts are not feasible or permitted. State and University purchasing regulations must be followed.

320.20 Duties

The University petty cash fund may NOT be used for:

A.    Travel reimbursements to State employees for more than $25.00.

B.    Salary advances or salary payments to State employees.

C.    Purchase of stamps.

320.30 Procedures

Submit Banner Payment Authorization and original receipts on 8-1/2 x 11 sheet of paper to the UBS Office Accounts Payable section.

1.     After the BPA is processed and approved, the Accounts Payable Office will notify the payee to come to the UBS Office to pick up the reimbursement. Only the payee listed on the BPA may pick up the reimbursement.

330.00 Departmental Petty Cash and Change Funds

330.10 Introduction

Petty cash and change funds will be established only in those exceptional cases where a department need is demonstrated.  Use of these funds must be in accordance with the specifics contained on the request for establishment and University purchasing regulations.  Petty cash and change funds are not to be used for cashing personal checks or for personal loans.  Reimbursements to the funds will be made only by Accounts Payable in University Business Services (UBS).

330.20 Request to establish a Petty Cash or Change Fund

A.    Permanent funds will be requested from the State Treasury while small temporary funds are provided by Accounting UBS.

B.    Funds will be established only upon approval by the Director of Accounting.  Request forms are available in the Accounting UBS office or on the UBS web page.

C.    The approved request form is retained by UBS until the funds are returned.  Temporary change fund forms are retained by the cashiers, permanent change fund and petty cash fund requests are retained by UBS Accounting until the funds are returned.

330.30 Custodian

A.    Custody of a petty cash or change fund is not transferable and is to be established with one person, preferably not the same person handling cash transactions.  If the petty cash or change fund is no longer required, the monies must be returned to Accounting UBS.

B.    If a change in custodian is necessary the Internal Auditor must be notified and a Change in Custodian Form must be completed. The original is sent to Accounting UBS.

C.    The custodian of a petty cash or change fund is responsible for insuring that it is used in a legal, authorized manner.  The custodian is also responsible for insuring that funds are adequately safeguarded.  Any discrepancies are to be reported to Accounting UBS.  If shortages are recurring or the fund is not maintained in accordance with established procedures, it will be withdrawn by Accounting UBS.  If the need for the fund ceases to exist, the custodian should return the funds to Accounting UBS.

330.40 Disbursement of the Fund

A.    Individual expenditures are restricted to a maximum of $25.00.

B.    Under no circumstances are expenditures to be made out of petty cash funds for capital items, personal services, or travel.

C.    Expenditure of these funds requires an invoice containing the following:

1.     Date

2.     Vendor

3.     Amount

4.     Description of good or services

If handwritten invoices are used, they should be marked PAID and signed by the vendor.


NOTE: Change funds are to be used exclusively for making change and not for expenditures. If a petty cash fund is required, as well as a change fund, separate requests must be made.

330.50 Reimbursement of the Fund

The University petty cash fund may NOT be used for:

A.    Department submits properly completed BPA with supporting invoices to Accounts Payable UBS.

B.    Accounts Payable UBS issues a check to reimburse the petty cash fund.

C.    The check will be payable to the fund, then endorsed and cashed for the authorized custodian for the UBS cashier.

D.    Reimbursement can be requested as often as needed, refer to MOM 326, IV-V.

330.60 Audit

Institutional Audit & Advisory Services, or Accounting UBS, will conduct unannounced audit reviews of petty cash and change funds as often as considered necessary.  Copies of the findings of these audits will be distributed as appropriate.

340.00 Payment of Student Fees

Students may go to MYINFO and pay their fees on the web by credit card or e-check or they may come to the UBS Cashier’s window and pay their fees by check in the exact amount of the total due. Students may pay with cash, credit cards, or a combination. The University will NOT accept promissory notes, letters of credit, or make arrangements for the charging of fees. See Section 500 for more information on student fees.

350.00 Deposit of Monies

350.10 Check Endorsements

Checks must be endorsed at the time of initial receipt. The format of the endorsement is:
FOR DEPOSIT ONLY DEMAND ACCOUNT-STATE OF MONTANA-MONTANA STATE UNIVERSITY (MSU DEPARTMENT)

Contact the UBS Office for assistance if your department is interested in obtaining a rubber stamp for endorsing checks.

350.20 Timely Deposits

A.    Departments are required to make deposits each day when either of the following situations exist:

1.     accumulated $200 in cash or

2.     accumulated $750 in cash and checks

B.    Departments are required to deposit all cash and checks at least weekly, regardless of the amount collected.

350.30 Security

A.    Collections should be secure at all times.

B.    Cash deposits of $500 or more must be transported to the UBS Cashier’s Office in locked cash bags. All deposits should be carried in an inconspicuous manner, such as inside a sack or backpack, varying the times, and, if possible, the personnel.

C.    Any departments with deposits containing $1000 or more in cash must request an escort from the University Police if located more than one block from Montana Hall.

350.40 Income

Income is generated from sales of goods or services, investment earnings, rents, gifts, donations, etc. Only indexes/accounts permitted income are eligible to receipt incoming funds. The receipt explanation must describe the transaction as income with the proper income object code (5xxxx).

350.50 Expenditure Abatement

A.    An expenditure abatement is the receipt of amounts erroneously expended from the account being credited, i.e., an expenditure correction. By definition, abatements cannot exceed the original expense. The receipt explanation must refer to the original expense and the object code must be the same as the original expense.

B.    Any deposit using an object code 620000 or greater (expenditure abatement) must reference the document that created the expense being abated (i.e. BPA Ixxxxxx).

NOTE: If a department is charging a fee for course materials, rentals, etc., THESE ARE NOT EXPENDITURE ABATEMENTS but are fees requiring Board of Regents approval to be recorded as income. Contact the Director of Student Accounts if you have any questions.

350.60 Office of Sponsored Program (OSP) Deposits

All deposits into OSP accounts (425XXX-429XXX; 4WXXXX) must be reviewed and initialed by OSP before presenting deposits to the UBS Office cashiers.

360.00 Gift Policy and Foundation Payments

A.    Gift Policy – the gift policy can be found under MSU Policy and Procedures manual at /policy/ under the Financial Affairs section entitled ‘Acceptance and Processing of Gifts Policy’.

B.    Foundation Payment

Checks received from the MSU Foundation will generally be reimbursing more than one department on a single check.  When requesting reimbursement from the Foundation a department will supply the appropriate documentation supporting the reimbursement and a completed MSU cashier’s receipt.  If the Foundation payment:

1.     is a reimbursement: the receipt should include the restricted gift index being reimbursed, account 53950- Miscellaneous Restricted Gifts and the activity code 4000FN;

2.     is for services: then the receipt should include the index, the appropriate account code and the 4000FN activity code.

3.     is for scholarships, the check will be receipted into a clearing fund and UBS accounting personnel will process an entry to distribute from the clearing fund into the individual scholarship funds.

The Foundation will send the check with the accompanying receipts to the UBS cashiers.  The cashiers will deposit the check and enter the receipts into Banner and send a copy of the receipt back to the departments.

370.00 MSU Credit Card Merchant Policy

This policy informs current and potential MSU credit card merchants about responsibilities with respect to safeguarding customer data and receipting payments.  This policy presents options available to current and potential MSU credit card merchants.  Additionally, it lists the responsibilities of University Business Services (UBS) office in maintaining effective internal control processes concerning the acceptance of credit card payments and in providing regular training of credit card merchants in proper safeguarding procedures.

Definitions of industry-specific terms used in this document:

Commerce Manager: this is a third party web application that provides a secure payment gateway for processing credit card payments online via a website application.  This is the main university approved and supported payment gateway for departments that want to take credit card payments online.

Customer financial information:  for purposes of this document includes but is not restricted to name, address, credit card number, the card’s expiration date and its security code.

Manual terminal: this is a terminal that has a magnetic strip reader that captures cardholder information when a credit card’s magnetic strip slides past the reader. Generally this is done by sliding the card through a slot on the terminal.  There is also a key pad for entering cardholder information manually.

Merchant department: a department that has been approved to accept and process credit card payments. 

Merchant number: the number assigned to a department which uniquely identifies its credit card transactions.

Secure location: a location that is accessible only to specific MSU personnel with a business need for access.

Virtual terminal: this is a program that is accessed over the internet and enables credit card charges to be input online by the merchant department.

370.10 Setup

Application and Approval

A department wishing to accept credit card payments must complete an application form and forward it to University Business Services for review and approval.  The application can be found on University Business Services Forms web page and in the following Appendix A

There are three approved standard options for taking credit card payments: a webpage, a virtual terminal and a manual terminal.  Information regarding the options can be found in Appendix A along with a questionnaire to assist departments in determining which option will best meet their needs. 

Upon approval of the department’s application, UBS will request a merchant ID # for your department.  See section 370.24 for UBS Responsibilities. 

All equipment must be ordered through the UBS Accounting Office.  The cost of any equipment and supplies will be charged to the merchant department. Upon receiving manual terminal or other equipment, the department must provide model, make, and serial number to UBS. When equipment is replaced the dept is responsible for sending the updated information to UBS.

A department that chooses the virtual terminal option will need to provide contact information so that their departmental personnel can access the secured web site to process payments online.  Additionally, each computer system utilized to process credit card payments must be secure.  A ‘secure’ system is one that has all security software updates installed, has an active virus scanning program set to update and scan daily and that is kept in a secure location with its screen hidden from casual view.

The website option requires more technical assistance for set up and testing.  UBS will assist with coordinating those efforts and work with the merchant department to determine reporting needs and develop a timeline for implementation. 

The merchant department is responsible for all costs associated with the credit card sales set-up and maintenance, including the telephone connection, work order, web payment development and payment processing costs.

370.20 Security Procedures required for safeguarding customer information

Manual Terminal Merchants

  • Access to a manual terminal will be secured and restricted to trained personnel only.
  • Training for all new merchants is provided by the credit card processor and is available to any credit card merchant upon request any time there is a change in personnel.
  • Manual terminal batches are to be closed daily (if there is activity) and a Banner receipt submitted to UBS with the batch tape and the individual receipts for that batch by 11:00 am the following business day.
  • Printed copies of customer financial information are to be handled only by personnel with a business need to know (for refunding purposes).
  • Printed copies of customer financial information are not to be left unattended on desks, in boxes, etc. at any time.
  • Printed copies of customer financial information are to be shredded after the transaction has been successfully processed.
  • Cardholder data is NOT to be stored electronically.

Virtual Terminal Merchants

  • Virtual terminal access to enter credit card payments will be protected by use of secure passwords which will not be shared.  
  • Only trained personnel will be allowed to enter payments through a virtual terminal connection.
  • Training for all new merchants is provided by the credit card processor and is available to any credit card merchant upon request any time there is a change in personnel.
  • Placement of computer terminals is to be done in such a way as to prevent casual viewing by unauthorized personnel.  They are not to be left unattended with customer information still displayed.  All users must log off their computer terminals or lock them when they are away from their work area.
  • The merchant department is responsible for keeping all systems associated with taking payments, secure, and updated with current operating system security patches, virus scan and spyware updates.  This will be verified annually by ITC.
  • Printed copies of customer financial information are not to be left in the open i.e., on desks or in-boxes if they will be left unattended.
  • Printed copies of customer financial information are to be shredded after the transaction has been successfully processed.
  • Cardholder data is NOT to be stored electronically.

Website Merchants

  • The merchant department is responsible for keeping all systems associated with taking payments, secure, and updated with current operating system security patches, virus scan and spyware updates.  This will be verified annually by ITC.
  • For third-party purchased shopping cart web applications, the vendor supplied defaults for system passwords must be deleted or changed.
  • Both MSU developed website applications and purchased web applications should be tested thoroughly before being put into production; this includes testing security as well as functionality.
  • Weekly the merchant department will check security systems and processes.
  • Cardholder data is NOT to be stored electronically.

Training of staff

  • Only trained personnel will be allowed to process credit card payments. Training of new merchant department staff on manual terminals and virtual terminals will be done by the credit card processor. UBS staff will train new departments on the security procedures listed above and how to apply them to their situation.
  • The university merchant departments will be required to attend training provided by UBS staff annually.

370.21 Receipting Procedures

Manual Terminal Merchants

  • At the end of each business day, the end of day batch process must be run to initiate the process to move money from the customer to our bank.
  • The signed copies (the white copy) of the credit card receipts are to be added (double adding machine tapes) using the total net sales per receipt.
  • These copies and calculator tape plus the batch tapes are to be provided to the UBS cashiers with a three part UBS receipt showing the proper index(es) and account code(s) for the deposit.
  • On the face of the receipt, designate that these were credit card sales.  NEVER combine credit sales with deposits of cash and checks.
  • Credit card sales receipts must be provided to the UBS Cashiers by 11 AM of the following workday. It is critical that the UBS receipt prepared by the merchant department be accurate and legible. 

Virtual Terminal Merchant

  • A virtual terminal report should be run at the end of the day which totals that day’s merchant activity and initiates the process to move the money from the customer to our bank.
  • The report should accompany a UBS three part cash receipt form showing the proper Index(es) and Account Code(s) for the deposit. 
  • On the face of the receipt, designate that these were credit card sales.  NEVER combine credit sales with deposits of cash and checks.
  • Credit card sales receipts must be provided to the UBS Cashiers by 11 AM of the following workday. It is critical that the UBS receipt prepared by the merchant department be accurate and legible.

Website Merchant

  • Payments taken via a departmental website using the approved university standard payment gateway will be automatically batched and receipted for the department by UBS. 

370.22 General Guidelines

Certain processes are required to facilitate reconciliation and to keep merchant fee expenses to a minimum.


Manual and Virtual Terminal Merchants
DOs

  • Close batches daily – this can be set up to happen automatically (ask the processor during training) 
  • Submit receipts to UBS cashiers daily by 11 am the day following the activity.  Regardless of the number of transactions, the activity needs to be receipted to UBS the following business day. 
  • Enter as much information as possible into the virtual terminal application or into a manual terminal (if no card present) as possible; address, the security code, expiration date, etc.  Merchant fees for ‘card not present’ transactions can be in excess of 2.5 %; the more information the lower the merchant fee.
  • For both the virtual and manual terminals, a daily processing cut-off time has been established to be 12:00 AM (midnight).  This means that all transactions processed as of midnight that day must be included in the following daily receipt to the UBS Cashiers.
  • MANUAL TERMINAL MERCHANTS - Make sure the credit card receipt only displays the last 4 digits of the card.  If a manual terminal ever prints out the entire card number, please black out what is printed and close out the batch and immediately call the processor to have the terminal reprogrammed.  There should never be a copy of the entire card number on any receipt or batch tape printed from a card swipe terminal.
  • MANUAL TERMINAL MERCHANTS - Make sure that sales personnel get a signed CREDIT CARD SALES TICKET for each sale.  Write the authorization number on the sales ticket. This will help protect you in certain cases of disputed sales.
  • MANUAL TERMINAL MERCHANTS - Treat CREDIT CARD SALES TICKETS signed by customers like cash.  Keep them in a safe, secure location. Shred all copies of any documentation containing customer financial information other then CREDIT CARD SALES TICKETS after the transactions have been completed.  This will protect your customers and MSU against loss or fraud.
  • It is the merchant department’s responsibility to reconcile their credit card payment activity per the daily batch tape, daily report or end of day report, depending on credit card option used, to the amounts reported in their Banner accounts and to initiate action to locate missing deposits.
  • If you have any questions please call the UBS Office at 994-5727.

DON’Ts

  • DO NOT share your virtual terminal user ID and password with anyone.
  • DO NOT EVER advance cash on a credit card transaction.

Website Merchants

  • Keep your website server computer in a secure location.
  • Keep access to your website application program restricted to authorized personnel.
  • It is the department’s responsibility to check their Banner deposits against their website payment application and to follow up with UBS and their third party vendor if there are discrepancies.
  • If you have any questions please call the UBS Office at 994-5727.

370.23 Refunds

Virtual and Manual Terminal Merchants

  • Process the refund via the terminal available.
  • If the refunded amount is over $500.00 please let UBS know.  You do not need to wait until you have sales that equal or exceed the amount of the refund in order to process the refund, as long as you notify UBS in advance if the amount exceeds $500.00

Online Website Merchants

  • Access to the refund process will be provided to an authorized trained individual in the department who will be designated during implementation.  Procedures will be provided to that individual. 

Call the UBS Office if you have any questions at 5727.

370.30 UBS Responsibilities

Setup

  • Request new merchant numbers from processor.
  • Advise departments on the best option for their needs. 
  • Liaise between technical staff and department and gather business requirement information, including reporting requirements, if applicable.
  • Setup users in Commerce manager (for those using the website option), if applicable.

Ongoing Services

  • Maintain a  list of all university credit card merchants’ information which will include:
    • Department information
      • Location of equipment
      • Address
    • Merchant # and association and associated bank account
    • Model of equipment and serial number, if applicable
  • UBS will order all new manual terminals so that they can maintain the above data. 
  • UBS will provide an annual training to all university credit card merchants
    • Address safeguarding procedures and updates
    • Verify above list
    • Collect security certifications
  • UBS will assist merchant departments in investigating any charge backs and work with processor as necessary

Monthly

  • Distribute monthly charges and merchant fees
  • Reconcile bank statements with processor statements
  • Reconcile bank statements to Banner
 

APPENDIX A.

The university approved standard options for departments accepting credit card payments are listed below with the requirements and the advantages of each option.

1.     Website  (appropriate option for a department that anticipates a large number of sales and needs the payment option available at all hours)

1.     Department requirements

1.     Website development

2.     Communication with UBS and ITC

3.     There are additional related costs associated with this option.  Please contact UBS 994-5727.

2.     Advantages 

1.     The department’s website is linked to a university-screened and approved payment processor. 

2.     The customer inputs cardholder information themselves. 

3.     The service is generally available 24/7. 

4.     Revenue is receipted into Banner daily without any intervention from the department. Although reconciling payment reports to Banner is a must.

2.     Virtual terminal (good option for a department that needs to take payments for a limited amount of time for infrequently occurring events.)

1.     Department requirements

1.     Computer with internet access

2.     Department personnel will enter cardholder information directly to the university payment processor via secure website

3.     Department does a daily closeout which submits the transactions to the processor.

4.     Department must submit a UBS receipt to UBS cashiers for each day there is activity.  THIS IS NOT DONE AUTOMATICALLY.

2.     Department MUST adhere to the required security procedures to properly safeguard customer cardholder information.  Refer to the Virtual Terminal Merchants section of Section 370.20 of the Business Procedures Manual, Security procedures for safeguarding customer information.  Such as:

1.     Virtual terminal access to enter credit card payments will be protected by use of secure passwords which will not be shared. 

2.     Only trained personnel will be allowed to enter payments through a virtual terminal connection.

3.     Placement of computer terminals is to be done in such a way as to prevent casual viewing by unauthorized personnel.  They are not to be left unattended with customer information still displayed.  All users must log off their computer terminals or lock them when they are away from their work area.

4.     The merchant department is responsible for keeping all systems associated with taking payments, secure, and updated with current operating system security patches, virus scan and spyware updates.  This will be verified annually by ITC.

5.     Cardholder data is NOT to be stored electronically on any MSU system.

3.     Advantages

1.     Secure encrypted transmission to the processor

2.     Cardholder data is entered directly to our credit card processor 

3.     No upfront equipment cost, no special supplies to purchase

3.     Manual terminal (good option for a department that has a lot of walk in customers that have their card present.  It is a fast and efficient way to process a payment.)

1.     Department requirements

1.     Department personnel must enter cardholder information into the terminal or have the card present so it can be read by the terminal. 

2.     Requires separate dedicated analog phone line

3.     Department must do a daily batch closeout for each day there is activity.

4.     Department must prepare and submit credit card receipts attached to UBS receipts to UBS cashiers for each day there is activity.

5.     Department must purchase the manual terminal

6.     Department must purchase paper supplies for terminal printer

7.     Department MUST adhere to the required security procedures to properly safeguard customer cardholder information.  See Security procedures for safeguarding customer information in Business Procedures section 370.20

2.     Department MUST adhere to the required security procedures to properly safeguard customer cardholder information.  Refer to the Virtual Terminal Merchants section of Section 370.20 of the Business Procedures Manual, Security procedures for safeguarding customer information.  Such as:

1.     Access to a manual terminal will be secured and restricted to trained personnel only.

2.     Manual terminal batches are to be closed daily (if there is activity) and a Banner receipt submitted to UBS with the batch tape and the individual receipts for that batch by 11:00 am the following business day.

3.     Printed copies of customer financial information are to be handled only by personnel with a business need to know (for refunding purposes).

4.     Printed copies of customer financial information are not to be left unattended on desks, in boxes, etc. at any time.

5.     Printed copies of customer financial information are to be shredded after the transaction has been successfully processed.

6.     Cardholder data is never to be stored electronically on any MSU system, ever if password protected.

3.     Advantages

1.     Faster data entry when card is present

2.     Lower merchant fees when card is present

Application:

Application for Authorization to Process Bankcard Transactions

Questionaire

Which type of Credit Card processing best meets your needs?
Complete the following questionnaire to determine which method best meets the needs of your department;

1.     Do you need to be able to take payments online. 24 hours a day?

1.     If yes, then you need a departmental online website application developed and a link to the approved payment processor setup.  If you do not have in house resources to develop your own web page there is capability within the university’s approved process to accommodate a fairly basic ‘online storefront’. 

1.     Processing costs will be higher using this method, however, they could be significantly if not entirely offset in personnel savings.

2.     In addition this process ensures that the transaction batch gets closed and the information transmitted to the banks daily without manual intervention.

3.     The payment gateway is secure and all data is encrypted.

4.     The cardholder information is verified and authorized automatically.

5.     Deposit into Banner is handled in the UBS office via automated report.

2.     Do you need to take numerous payments quickly but not necessarily online?

1.     If yes, then a manual terminal might be the best fit for your circumstances.

1.     Drawbacks are that a manual closeout process needs to be run daily for the information to get to the bank in a timely manner.  If any payments are taken on a day, the terminal needs to be closed out that day.

2.     The terminal needs specific supplies for printed receipts and batch tapes.

3.     The terminal also needs an analog phone line.

4.     Cashier receipts need to be sent to the UBS office daily along with the batch tapes and supporting receipt documentation.

 

3.     Do you only need to take payments occasionally but there is generally urgency in processing the payment?

1.     An online virtual terminal arrangement might be the least expensive and best fit for your department.

1.     Requires department personnel to enter transaction and cardholder data

2.     Requires a receipt to cashier’s office with daily totals

3.     Requires a computer and an internet connection

Montana State University has adopted the Payment Card Industry Data Security Standards. These are:

I. Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
Requirement 2: Do not use vendor –supplied defaults for system passwords and other security parameters.

II. Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmissions of cardholder data across open, public networks

III. Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update antivirus software.
Requirement 6: Develop and maintain secure systems and application.

IV. Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data to a need-to-know basis
Requirement 8: Assign a unique ID to each person with computer access.
Requirement 9: Restrict physical access to cardholder data.

V. Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data.
Requirement 11: Regularly test security systems and processes.

VI. Maintain an information security policy
Requirement 12: Maintain a policy that addresses information security.

Table of Contents