Payment Card Industry Data Security Standard (PCI DSS)
Payment Card Program: Updated May 1, 2019
University of Minnesota departments that accept payment cards (credit or debit cards) as a form of payment for goods and services are contractually obligated to follow the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS is a multifaceted security standard developed and owned by the major payment card companies that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. The standard comprises 12 requirements that are organized in 6 related groups or “control objectives” to protect cardholder data wherever it resides - ensuring that sensitive payment card information is handled safely and a high information security standard is maintained. A copy of the PCI DSS can be found on the Payment Card Industry Security Standards Council (PCI SSC) website.
- University Payment Card Program (pdf)
This document describes how the University complies with the PCI DSS. All units that handle or maintain customer's cardholder data must follow the Payment Card Program.
If your department or unit wishes to accept payment cards (credit or debit) as a method of payment from your customers, you must meet University policy, state and federal laws, contractual obligations, and rules of the University's banks and financial institutions. This includes meeting compliance with the PCI DSS. Additional information can be found within the policies and procedures below.
- Policy: Accepting Revenue Via Payment Cards
- Procedure: Managing Payment Card Acceptance
- Procedure: Obtaining Approval to Accept Payment Cards
- Procedure: Requesting Changes to Payment Card Accounts
- Procedure: Closing Payment Card Accounts
- Policy: Information Security
- UM 1609 Payment Card Account (PCA) form
- UM 1623 Employee Non-Disclosure Form
- UM 1624 Department Payment Card Manager Form
- UM 1634 Incident Response and Continuity Plan
- Cardholder Data Flow Charts (zip)
- Payment Card Inventory List (Template)
- Payment Card Manager Compliance Certification form (docx)
- Payment Card Operational Procedures (Template)
- Payment Card Terminal Disposal Form
- Payment Card Terminal Loan Program Application Form
- Payment Card Terminal Order Form
- Payment Card Terminal Inspection Log