Virtual Payment Terminal FAQs

Information securityInformation security

Who creates and maintains Virtual Payment Terminals?

University Systems has created the configuration and releases periodic updates as necessary to maintain technical currency.

What is the difference between a Virtual Payment Terminal and a Standard University Systems computer configuration?

A Virtual Payment Terminal is based on a Standard University Systems computer configuration, but adds two additional levels of security:

  1. Data Loss Prevention software: Data loss prevention software helps to manage how confidential information is being used on end-user workstations or by the users of these workstations. It can discover and monitor confidential information and, when required, take actions to protect information from being inappropriately used. For example, it can be used to alert on or prevent an end-user from copying a file containing credit card numbers to a USB flash drive.
  2. Configuration Restrictions: Configuration restrictions prevent changes to the computer that could undermine or compromise the special security configuration that makes it a Virtual Payment Terminal suitable for payment card information processing.

What if a Virtual Payment Terminal's security configuration is too restrictive for normal activities?

A Virtual Payment Terminal prioritizes the secure handling of payment card information above all else. It is expected that using a Virtual Payment Terminal for other purposes will cause issues. For example, online shopping credit card number entry may trigger data loss prevention alerts. This may prove inconvenient for the client.

Can a Virtual Payment Terminal's security configuration be altered to make normal activities more convenient?

Doing so would negate the benefits offered by the Virtual Payment Terminal and therefore put PCI compliance at risk. Instead, a separate computer should be used for normal activities that cannot be satisfactorily conducted on a Virtual Payment Terminal.

What if I cannot dedicate a computer to being a Virtual Payment Terminal?

At this time, a Virtual Payment Terminal is required for handling any 'card not present' payment card transactions.

Can I install other software on a Virtual Payment Terminal?

University Systems assures the configuration of Virtual Payment Terminals. The installation of additional software could pose compatibility issues with the Data Loss Prevention software and Configuration Restrictions. University Systems cannot assure the configuration of a Virtual Payment Terminal if new software is being installed without testing, and it is unsustainable to test all possible software combinations and keep this testing current as new versions as released. Additional, unmanaged software may also risk PCI compliance of the computer as all software must be kept up-to-date.