Payment Card Industry (PCI) Initiative
PCI Compliance
PCI Compliance is an additional level of security that the University of Wisconsin - Eau Claire provides to its valued students, faculty, staff and patrons.
The University of Wisconsin - Eau Claire and all of its subsidiaries are required to be PCI Compliant per UW System Policy. Additionally to ensure the university remains PCI Compliant, internal audits are performed periodically. For questions or help related to PCI, please contact the PCI Team via their email: PCI-Help@uwec.edu
PCI Department Responsibilities
- Daily - Complete the PCI Device Inspection Worksheet
- Monthly - Upload the PCI Device Inspection Worksheet to the PCI Device Inspection eForm
- Annually - PCI Canvas Training
- September - send all student employees/employees who work with credit cards to PCI Compliance Officer (send additional as new employees join your team) - Training MUST be completed by December 15th
- February - send any new Spring semester student employees who work with credit cards to PCI Compliance Officer - Training MUST be completed by May 15th
- September - send all student employees/employees who work with credit cards to PCI Compliance Officer (send additional as new employees join your team) - Training MUST be completed by December 15th
- Annually - SAQ submission in Campus Guard
- September - log into Campus Guard and complete the SAQ for all your assigned elements
- DUE by December 15th
- Failure to be completed on time may result in the department falling out of compliance and may no longer be able to accept credit cards for any payments
- September - log into Campus Guard and complete the SAQ for all your assigned elements
- Annually - AOC up to date
- September - verify the Third Party Service Provider that you use has an updated AOC on file
- Due by December 15th
- September - verify the Third Party Service Provider that you use has an updated AOC on file
- Annually - Update Department Procedures
- June/July - review your current procedures on file and make any necessary adjustments; submit to PCI Compliance Officer when complete
- Due by August 31st
- June/July - review your current procedures on file and make any necessary adjustments; submit to PCI Compliance Officer when complete
- Annually - Internal Audits
- Internal Audits will be conducted annually; please be prepared for a member of the PCI team to contact you to set-up a meeting to ask questions
- Conducted starting in April until complete
- Internal Audits will be conducted annually; please be prepared for a member of the PCI team to contact you to set-up a meeting to ask questions
- As Necessary - Updates/Questions/Concerns
- Updates - contact the PCI Compliance Officer as they occur (department contacts or other updates)
- Questions - contact the PCI team
- Concerns - Afraid you may have had a breach?? Contact the PCI team
Internal Resources
| Group | Link | Description |
| General | General Campus Folder | Link to PCI content in SharePoint site |
| Application / Device Request | PCI Application to Become a Merchant Department e-form |
Form to:
|
| Device Inspection Resources | PCI Device Inspection Worksheet | Daily inspection worksheet to be printed (if your device does not show up in serial number drop down, add it to the inventory e-form as that periodically is used to update the worksheet’s information) |
| PCI Device Inspection e-form | Inspection form archive (enter serial number to prefill fields – periodically done to manage paper inspection sheets) | |
| Device Inventory Resources | PCI Device Inventory e-form | Manage/inventory PCI devices (can update by entering the serial number – known data prefills) |
| Incident Response Process | PCI Incident Response Plan | Incident Response Plan used to guide incident Response |
| Internal PCI Audit | Internal PCI Audit Questions and Notes | List of questions typically asked during an internal PCI Audit |
| Policies | Accepting and processing Payment Cards for University Business - V3.2.1.docx | General University Credit Card Processing Policy |
| PCI Compliance Addendum - V3.2.1.docx | Contract addendum to share with Third-Party Service providers | |
| Patch Management Prolicy - V3.2.1.docx | General patch management policy | |
| Procedures | Payment Device Verification Procedure - V3.2.1.docx | Credit card reader verification steps / information |
| Ratified Department Procedures folder | Department specific credit card handling procedures | |
| SAQ | Frequently Asked Questions |
SAQ frequently asked questions and answers |
| Third Party Service Provider List |
Current list of Third Party Service providers used by the University |
|
|
New portal to enter SAQ information SAQ portal from last documentation period - Resource to be used as a reference. |
||
|
|
||
| Contact Information | PCI-Help@uwec.edu |
Email account monitored by the PCI Team |
* Having trouble accessing these resources, let us know by emailing us at PCI-Help@uwec.edu
PCI Updates
PCI Operating Process Tips:
See Something - Say Something - If you observe suspicious activity with regard to payment processing in your area, please report it to your manager and also to the PCI-Compliance officer (email PCI-Help@uwec.edu)
You can have a speed dial set up on your desk phone to streamline and cut down the wait time for the caller when transferring them to your secure phone line. If interested, send the following information to PCI-Help@uwec.edu and we will set this up for you:
- The phone extensions where the speed dial is needed,
- The specific speed dial(s) position to be configured (# from top down, 1, 2, … etc), and
- The cell phone number itself to be called.
PCI Fun Facts
PCI Contacts
PCI Help
General email - PCI-help@uwec.edu
PCI Compliance Officer
Amanda Brummond - brummoaa@uwec.edu
PCI Team
Tom Sulzer - sulzertj@uwec.edu
Dan Drumm - drumm@uwec.edu
Kent Gerberich - gerberik@uwec.edu
Kristin Schumacher - schumakf@uwec.edu
Tammy Brunschmid - brunsct@uwec.edu
Steve Ranis - ranissb@uwec.edu