Page 35 - Learning and Development SOP Handbook
P. 35

PCI



                                    COMPLIANCE






      Purpose
      The purpose of this process is to establish internal control procedures for our agencies
      to follow when accepting credit/debit card payments over the phone. This procedure is
      necessary to be in compliance with the Payment Card Industry Data Security Standards
      (PCI DSS) and to protect our agencies and customers from fraud.
      Applicability
      All of A-MAX employees that transmit and handle payment card information over the
      phone. The Office Manager will act as an overseer for the location to ensure that the
      phone payment procedures are follow and will report any issues to the corresponsive
      department.

      Prerequisites
      none

      Responsibilities
           Agents must ensure that the cardholder data is never stored on any computer,
           devices, notepads, spreadsheet or sticky notes. Shred documents with sensitive
           cardholder data.
           The agents may process payment through third-party Insurance provider (Insurance
           Website) or Authoized.net following the PCI DSS Compliance standards.
           The agent should never solicit cardholder data by email or fax.
           Audits are conducted to ensure we are in compliance and that DSM and RSM are
           responsible for reviewing the tracker and ensuring their team is following the Over
           the phone SOP.


  Procedure:

       Electronic Payment with no Afee
     1. Monthly payments that do not include Afee must be posted directly to the customer’s
       Insurance provides following the PCI Compliance process.
     2. If the customer’s Insurance provider charges a fee to process the credit card payment and
       if the customer declines to pay such fees the agent must process the payment through

       gTalk portal (Authorized.net) to comply with the PCI DSS Standards. Under no
       circumstance, should agents write the customer credit card information on their hand,
       sticky note or a document.


       Electronic Payment with Afee
     1. Down Payments that include Afee must post through gTalk portal (Authorized.net)
       following the PCI DSS Compliance. Under no circumstance, should agents write the
       customer credit card information on their hand, sticky note or a document.
     2. An endorsement that includes Afee must post through gTalk (Authorized.net) following
       the PCI Compliance. Under no circumstance, should agents write the customer
         credit card information on their hand, sticky note or a document.
   30   31   32   33   34   35   36