Accounts Receivable, Merchant Card Program
Payment Cards/PCIDSS Standards Compliance
University of Minnesota departments that accept payment cards as payment for goods and services are contractually obligated to follow the Payment Card Industry Data Security Standards (PCIDSS). The purpose of these standards is to protect cardholder data wherever it resides - ensuring that merchants and service providers maintain the highest information security standard. A listing of these standards can be found at: PCIDSS Standards.
The process of establishing a payment card merchant account can be found on the University of Minnesota's Policy Library. This process includes incorporation of PCIDSS standards into your business processes as well as selection of the proper method of card acceptance based upon your business need.
- Policy: Accepting Revenue Via Payment Cards
- Procedure: Managing Payment Card Acceptance
- Glossary of terminology (docx)
- Required forms and documents for Merchant Account PCIDSS Compliance (docx)
Annual PCI Refresher Training
Self Assessment Questionnaire Training
- SAQ-A training (pptx) July 2012
- SAQ-B training (pptx) July 2012
- SAQ-D training part I (pptx) July 2012
SAQ-D training part II from OIT (pdf) 2012
Merchants who complete Self-Assessment Questionnaire form D (SAQ-D) are strongly encouraged to watch this user-friendly UM Connect training from OIT Security videotaped live in 2011.
A guidance template prepared by the Office of Information Technology (OIT) is available on request for merchants using the SAQ-D form. To receive a copy, contact email@example.com or firstname.lastname@example.org using "OIT Guidance Template" in the subject line of the email.