You are here:
Home > Virtual Terminal > Requirements

Virtual Terminal Requirements

ePayment Virtual Terminal is subject to both UBC and PCI DSS polices and procedures. These polices and procedures apply to all stages and aspects of the payment process, from how you obtain the credit card information to what computer (Virtual Terminal machine) is used to process the payment. You, other Virtual Terminal users within your department/unit, and your IT administrator must adhere to all the polices and procedures at all times.

Procedural:

  • You and all other Virtual Terminal users must attend all required PCI DSS/Virtual Terminal training sessions.
  • You and all other Virtual Terminal users must agree to ePayment Virtual Terminal Terms of Use
  • Credit card information can only be obtained via regular posted mail, paper faxes in a secure location or over the phone. Other methods such as email, voice mail, etc. are NOT permitted.
  • Data security incidents surrounding Virtual Terminal machine(s), credit card information, and so on, must be reported immediately per UBC IT’s Incident Response Plan (IRP).
  • All changes to Sophos settings must be logged and documented by your IT adminstrator
  • All VT machines must be clearly labeled; stickers will be distributed during PCI DSS/Virtual Terminal training sessions or requested from ePayment support.

Security:

  • ePayment Virtual Terminal must be accessed only on Virtual Terminal machine(s).
  • No generic logins permitted on Virtual Terminal machines(s) and the actual Virtual Terminal; everyone must have their own individual login ID.
  • Sharing of Virtual Terminal machines only permitted among trained, authorized Virtual Terminal and trained, authorized non Virtual Terminal users.
  • No electronic storage or transmission of credit card information, ie no emails, digital faxes, spread sheets on a computer, voice mails, etc.
  • Credit card information must be shredded immediately after payment processing (ie you cannot store it for re-occuring payments unless under certain circumstances that must be approved by ePayment Support). It must be a cross-cut shredder which cuts the paper into minute pieces of about 1/4" x 1- a half" in size.
  • Paper storage may be permitted under certain circumstances.

Technical:

  • Virtual Terminal machine(s) must not use wireless.
  • Virtual Terminal machine(s) must not be a laptop.
  • Virtual Terminal machine(s) must not allow remote access (remote desktop).
  • Virtual Terminal machine(s) must have Sophos Endpoint Protection Suite active and running at all times. Note this is not just Sophos Anti-Virus. Sophos must be configured as per PCI DSS requirements
  • Virtual Terminal machine(s) should not have personal software installed (ie anything that is not required for daily operations of your office)
  • You must have a FMS account for ePayment to generate JV entries.
  • External and internal vulnerability scans of the Virtual Terminal machines must be permitted.

PCI DSS

  • You must provide the IPs of each Virtual Terminal machine for vulnerability scans (both internal and external).
  • Each Virtual Terminal machine must be made available for the vulnerability scans.
  • Appropriate firewalls must be opened for the NMC's internal vulnerability scanner.
  • You must provide details on how you are using ePayment Virtual Terminal. If it changes, you will need to inform ePayment Support.
  • You must provide details how you intended to obtain, store, and discard all credit card information.
  • You and your IT adminstrator must comply with all audits required by ePayment Support.
  • You must inform ePayment Support of any staff changes if they are Virtual Terminal users.

A place of mind, The University of British Columbia

UBC Information Technology
6356 Agriculture Road
Vancouver, BC V6T 1Z2,

Emergency Procedures | Accessibility | Contact UBC | © Copyright The University of British Columbia