Payment Card Compliance 鈥� PCI

University groups, organizations and departments that want to accept credit card payments need to contact the Credit Card Acceptance Team at ccat@uwm.edu.

All groups, organizations, and departments at 51猎奇 that accept credit card are required to participate in mandator Payment Card compliance activities. These activities include:

Annual completion of a Self Assessment Questionnaire every academic / fiscal year
Participation in in-person assessments of your environment by the 51猎奇 designated PCI Compliance Analyst
Completion of mandatory, annual training in payment card acceptance best practices
Maintaining documentation at the group, organization, and department level of employees who have participated in the annual training, with the ability to produce to the PCI Compliance Analyst upon request
In some instances, maintaining relationships with third party vendors for departmental specific payment applications, to receive compliance documentation from the vendors (AOCs, etc)
Review annually the University Policies and Procedures related to the PCI compliance environment
Maintain accurate lists of individuals within your organization directly involved in the credit card processing environment
Review and submit annual Service Level Agreement to the Controller鈥檚 Office

Merchants must determine the method or application they wish to accept credit card payments through. If it is a solution that 51猎奇 currently doesn鈥檛 use, adequate research needs to be performed by the PCI Compliance Analyst to determine the appropriateness of the application for our environment, in an effort to reduce compliance costs, and most importantly, reduce the risk for 51猎奇.

Contact the Credit Card Acceptance team with a statement of interest to accept credit card transactions. All merchants must be approved by the Controller鈥檚 Office. Email: ccat@uwm.edu
Complete and return the Merchant Card Application
Complete the Service Level Agreement
Identify and coordinate with a project manager with your university group to manage the implementation
Determine the technology you will require
Review the current Policy and Procedures for University Information Security and the Credit Card Operating Regulations

Policies and Procedures have not been updated as we are waiting for PCI DSS 4.0. Below are the most recent Policies and Procedures, approved by the Credit Card Acceptance Committee and the PCI Policy and Procedure workgroup. You are required to review annually and verify with the PCI Compliance Analyst or Controller鈥檚 Office.

The most relevant Policies and Procedures to our current environment are:

Historical Policies and Procedures are:

Merchant Application (MID) 鈥� US Bank merchant application

鈥� Service Level Agreement between the department/unit and Controller鈥檚 Office

鈥� internal 51猎奇 Operating Principles and Responsibilities for accepting credit card activity

鈥� Service Level Agreement between the department/unit and Controller鈥檚 Office

51猎奇 Credit Card Acceptance Committee Team Charter 鈥� Under Review

鈥� Definitions of terms according to the PCI Security Standards Council

For 51猎奇 Employee MANDATORY Cashier鈥檚 Training, please click on the following link: