PAYMENT CARD
Accepting Credit Cards is an option for University of Utah Departments. Payment Card Acceptance is strictly monitored and regulated by the Payment Card Industry Data Security Standard.
PCI Compliance
The Payment Card Industry Data Security Standard (PCI DSS), created by major credit card companies, protects cardholder data through 12 requirements covering security policies, procedures, and systems. Educational institutions face high breach risks, with a disproportionate number of incidents compared to other sectors.
Compliance is mandatory for universities, merchants, and banks, with breaches potentially incurring fines up to $500,000. At the University of Utah, PCI DSS compliance enhances data security, streamlines processes, and ensures consistency despite staff turnover.
PCI DSS Principles and Requirements
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
Resources
PCI Department Procedure Template
Download PDF
Payment Card Acceptance Policies and Procedures
Visit Page
Ecommerce
Visit Page
Payment Card Forms
New Account Applications
Point of Sale Merchant Application (stand alone terminals/wireless terminals)
Download PDF
Request for Approval to Use a Third Party Vendor
Download PDF
Security
PCI Department Procedure Template
Download PDF
Employee List
Download PDF
PCI Device Inspection Log
Download PDF
WIAN Account Request Form
Download PDF
Miscellaneous
Third Party Vendor Information Sharing Assessment Form
Download PDF
Merchant Account Closure Form
Download PDF
Merchant Account Change Form
Download PDF
Group Training Form
Download PDF