Payment Card Industry Data Security Standard (PCI DSS)

Payment Card Program: Updated July 31, 2018

University of Minnesota departments that accept payment cards (credit or debit cards) as a form of payment for goods and services are contractually obligated to follow the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS is a multifaceted security standard developed and owned by the major payment card companies that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. The standard comprises 12 requirements that are organized in 6 related groups or “control objectives” to protect cardholder data wherever it resides - ensuring that sensitive payment card information is handled safely and a high information security standard is maintained. A copy of the PCI DSS can be found on the Payment Card Industry Security Standards Council (PCI SSC) website

A. Complete the Payment Card Manager “Security Awareness Training” videos assigned to you by Accounts Receivable Services. These short (generally about 3 minutes) training videos cover a number of important security topics such as passwords, data security, and encryption. They also provide an excellent overview of the Payment Card Industry Data Security Standards (PCI DSS), various data security risks you may be exposed to at work and at home, as well as helpful tips on how to remain compliant in this ever-changing environment.

B. Attend the New Payment Card Manager Training with the Accounts Receivable Services. This two-hour meeting is set up by Accounts Receivable Services after your assignment as the Payment Card Manager, and provides an overview of the Payment Card Industry Data Security Standards (PCI DSS), the requirements for University of Minnesota Payment Card Managers, and tips on how to remain compliant and secure in this ever-changing environment.

Getting Started

The process of establishing a payment card merchant account can be found on the University of Minnesota's Policy Library. This process includes incorporation of PCI DSS standards into your business processes as well as selection of the proper method of card acceptance based upon your business need.





Information about Gramm-Leach-Bliley Act (GLBA)

Information about Red Flags Rule