Lilt - PCI Card Handling 2022

Click on the arrow to begin

Card Handling PCI Policy 2022

Click on the tile below to begin

Policies & Procedures

Click on the arrow to continue

Menu

Our Card Handling PCI policy details the requirements that The Watches of Switzerland Group must meet when dealing with client cardholder data. It ensures that we comply with rules laid out by the Payment Card Industry Security Standards Council, a body created by the major card providers including Visa, Mastercard and AMEX.These rules form the Payment Card Industry Data Security Standard; an information security standard for organisations that handle branded credit cards from the major card schemes. The Standard was created to reduce credit card fraud. Compliance with the standard is audited regularly and must be maintained to protect ourselves and our clients from potential fraud and to avoid the risk of significant fines.

Card Handling PCI Policy 2022

Click on the arrows to continue or return to the previous page

Menu

Our Card Handling PCI policy describes how we need to manage client credit and debit card data and also details the daily checks that must be carried out for payment terminals (PEDs). The full policy can be found in the IT Policies section of Policies & Procedures on ONE. Please click on the link icon to view the policy.

Card Handling PCI Policy 2022

Click on the arrows to continue or return to the previous page

Menu

Who and What Does the Policy Apply to? The policy applies to all employees, contractors, consultants, temporary and other workers at The Watches of Switzerland Group and applies to all uses of cardholder information whether in electronic or paper form. What is Cardholder Data? The following information is classified as sensitive cardholder data according to PCI scheme rules and as such must be protected whilst being used. Click on the images below to learn more.

Card Handling PCI Policy 2022

Click on the arrows to continue or return to the previous page

Menu

Under PCI rules, exposure to sensitive cardholder data should be kept to a minimum. Information for processing a client transaction should only be used for authorisation processing and should not be retained or stored after this. Click on the images below to learn more

Card Handling PCI Policy 2022

Click on the arrows to continue or return to the previous page

Menu

The Pin Entry Devices (PED) terminals in every store are sensitive devices that ensure safe handling of cardholder data. Under no circumstances should you attempt to tamper with or change the operation of the installed PED device. All installations and maintenance to the PEDs should be completed by members of The Watches of Switzerland Group IT Team only. If in doubt about a device or an installer, please seek authentication from the IT Service Desk.

Pin Entry Devices (PED)

Click on the arrows to continue or return to the previous page

Menu

If you notice any suspicious activity or changes to the installed PED device immediately notify the IT Service Desk.The PED devices should be checked daily as part of End of Day procedures. Any signs of tampering, changes to the operation or appearance of the PED, or if the PED serial number does not match that on your EOD paperwork, should be reported immediately to the IT Service Desk.

Pin Entry Devices (PED)

Click 'NEXT ACTIVITY' to confirm your learning

Click on the arrow to return to the previous page

Menu

To Prevent Unauthorised Access to the Device:

• Keep WiFi payment terminals out of reach of clients whenever possible

• Beware of distraction techniques that lead to the PED being left unattended with a client

• If someone loiters near a PED terminal, bring them away from the device while you talk to them.

Pin Entry Devices (PED)