University of Minnesota
Controller's Office
http://controller.umn.edu/
612-624-1617 or controller@umn.edu

Accounts Receivable Services

Payment Card Program

Payment Cards/PCI DSS Standards Compliance

University of Minnesota departments that accept payment cards as payment for goods and services are contractually obligated to follow the Payment Card Industry Data Security Standards (PCI DSS). The purpose of these standards is to protect cardholder data wherever it resides - ensuring that merchants and service providers maintain the highest information security standard. A listing of these standards can be found at: PCI DSS Standards.

Getting Started

The process of establishing a payment card merchant account can be found on the University of Minnesota's Policy Library. This process includes incorporation of PCI DSS standards into your business processes as well as selection of the proper method of card acceptance based upon your business need.

Resources

Training

To maintain compliance with University Policy and PCI DSS, Payment Card Managers are required to be trained upon assignment as a Payment Card Manager and annually thereafter.  This training consist of the following:

Required Training upon Assignment as a Payment Card Manager

A.     Complete the Payment Card Manager “Security Awareness Training” videos assigned to you by Accounts Receivable Services.  These short (generally about 3 minutes) training videos cover a number of important security topics such as passwords, data security, and encryption.  They also provide an excellent overview of the Payment Card Industry Data Security Standards (PCI DSS), various data security risks you may be exposed to at work and at home, as well as helpful tips on how to remain compliant in this ever-changing environment. Completion of these videos is required prior to transactions being run

B.     Attend the New Payment Card Manager Meeting with the University PCI DSS Compliance Analyst.  This two-hour meeting is set up within two weeks of your assignment as the Payment Card Manager, and provides an overview of the Payment Card Industry Data Security Standards (PCI DSS), the requirements for University of Minnesota Payment Card Managers, and tips on how to remain compliant and secure in this ever-changing environment.  At the conclusion of this meeting, all required compliance documentation will be completed and your area will be ready to start processing payment card transactions.  You are required to attend this meeting prior to transactions being run. 

Required Training Annually Thereafter

A.     Complete the Payment Card Manager “Security Awareness Training Videos” assigned to you by Accounts Receivable Services.  These short (generally about 3 minutes) training videos are assigned in June and cover a number of important security topics such as passwords, data security, and encryption.  They also provide an excellent overview of the Payment Card Industry Data Security Standards (PCI DSS), various data security risks you may be exposed to at work and at home, as well as helpful tips on how to remain compliant in this ever-changing environment.

B.     Attend a “Payment Card Manager Training Session”, which is a two-hour class offered by Accounts Receivable Services. This class provides an overview of the Payment Card Industry Data Security Standards (PCI DSS), the requirements for University of Minnesota Payment Card Managers, and tips on how to remain compliant and secure in this ever-changing environment. For available classes, visit the University’s ULearn website and search for “Payment Card Manager Training”.