![]() ![]() SAQ-P2PE (preferred for Retail & MO/TO merchants) Merchants using only standalone, dial-out or cellular terminals with no electronic cardholder data storage. There are currently eight SAQs covering various processing environment, but except in extraordinary circumstances, UCSB only allows systems that qualify for the following (definitions directly from PCI DSS documentation a full list of SAQ types and qualifying factors is available on the PCI SSC website ( ):Ĭard-not-present merchants (e-commerce or mail/telephone-order) that have fully outsourced all cardholder data functions to PCI DSS validated third-party service providers, with no electronic storage, processing, or transmission of any cardholder data on the merchant’s systems or premises. The correct SAQ will be selected in consultation with the Coordinator, the supplier of the POS system in use, our QSA, and through the Coalfire One portal’s selection wizard. Merchants should ensure they meet all the requirements for a particular SAQ before using the SAQ. The PCI DSS self-assessment questionnaires (SAQs) are validation tools intended to assist merchants report the results of their PCI DSS self-assessment. The training takes approximately 30 minutes. To access the training, go to UC Learning Center ( ) and enter “PCI” in the Search field. In addition, every UCSB employee involved with handling cardholder data, including student workers, must complete the PCI DSS Security Awareness Training upon initial hire, and on an annual basis thereafter. The UC Office of the President requires all employees to complete Cyber Security Awareness Training upon hire, and annually thereafter. Security Awareness Education (SAE) Training RequirementsĮach University of California employee is responsible to safeguard the information assets entrusted to us. In addition, employees may be subject to disciplinary action or termination (in accordance with Human Resources policies and procedures) if they fail to adhere to the University’s policies and procedures for payment card acceptance or for the mishandling of cardholder data and/or payment card fraud. The non-compliant UCSB department is liable for all costs associated with a data breach. Additional costly, ongoing PCI DSS reporting requirements.Notifications to all customers affected.A loss of reputation and payment card privileges for the University.Large fines and fees assessed by each card brand.While each merchant is responsible for completing their own SAQ(s), the Coordinator will provide guidance where possible, and/or will arrange for a quote for facilitated assistance from our QSA at UC-negotiated prices.įailure to comply with the PCI DSS can result in:.Each merchant must designate a Primary PCI Contact for each credit card processing environment.An online portal is used for easier and more efficient completion of the assessment. To comply with PCI DSS, campus merchants must validate their compliance by completing an annual self-assessment questionnaire (SAQ).Never make changes to your processing environment (e.g., changing POS security settings, changing terminals, etc.) without considering how the changes might affect PCI compliance, and credit card security in general. However, merchants are obligated as part of the conditions of accepting credit cards, to be compliant at all times (24x7x365). ![]() PCI validation is an annual requirement to attest that at a single point-in-time (the finish date of the validation for that year), a merchant is in compliance with PCI DSS requirements.Non-compliance can also result in fines and other penalties from the card brands and/or our acquiring bank. Merchants must complete their validation by the given date, unless prior arrangements are made with the Coordinator, or will risk having their credit card acceptance privileges suspended or revoked. UCSB works to ensure that all merchants are 100% PCI compliant as validated on a specific date each year.The following is important information for each merchant to know about PCI compliance at UCSB: ![]() Important Information about PCI Compliance at UCSB ![]()
0 Comments
Leave a Reply. |