Skip to main content

Payment Card Industry (PCI) Initiative

PCI Compliance

PCI Compliance is an additional level of security that the University of Wisconsin - Eau Claire provides to its valued students, faculty, staff and patrons.

The University of Wisconsin - Eau Claire and all of its subsidiaries are required to be PCI Compliant per UW System Policy. Additionally to ensure the university remains PCI Compliant, internal audits are performed periodically. For questions or help related to PCI, please contact the PCI Team via their email: PCI-Help@uwec.edu

PCI Compliant
  • Daily - Complete the PCI Device Inspection Worksheet 
  • Monthly - Upload the PCI Device Inspection Worksheet to the PCI Device Inspection eForm
  • Annually - PCI Canvas Training 
    • September - send all student employees/employees who work with credit cards to PCI Compliance Officer (send additional as new employees join your team) - Training MUST be completed by December 15th
      • February - send any new Spring semester student employees who work with credit cards to PCI Compliance Officer - Training MUST be completed by May 15th
  • Annually - SAQ submission in Campus Guard
    • September - log into Campus Guard and complete the SAQ for all your assigned elements
      • DUE by December 15th 
      • Failure to be completed on time may result in the department falling out of compliance and may no longer be able to accept credit cards for any payments
  • Annually - AOC up to date
    • September - verify the Third Party Service Provider that you use has an updated AOC on file
      • Due by December 15th
  • Annually - Update Department Procedures
    • June/July - review your current procedures on file and make any necessary adjustments; submit to PCI Compliance Officer when complete
      • Due by August 31st
  • Annually - Internal Audits
    • Internal Audits will be conducted annually; please be prepared for a member of the PCI team to contact you to set-up a meeting to ask questions
      • Conducted starting in April until complete
  • As Necessary - Updates/Questions/Concerns
    • Updates - contact the PCI Compliance Officer as they occur (department contacts or other updates)
    • Questions - contact the PCI team
    • Concerns - Afraid you may have had a breach?? Contact the PCI team
Group Link Description
General General Campus Folder Link to PCI content in SharePoint site
Application / Device Request PCI Application to Become a Merchant Department e-form

Form to:

  • Initiate request to take credit card payments
  • Order additional credit card readers
  • Order replacement credit card readers
Device Inspection Resources PCI Device Inspection Worksheet Daily inspection worksheet to be printed (if your device does not show up in serial number drop down, add it to the inventory e-form as that periodically is used to update the worksheet’s information)
PCI Device Inspection e-form Inspection form archive (enter serial number to prefill fields – periodically done to manage paper inspection sheets)
Device Inventory Resources PCI Device Inventory e-form Manage/inventory PCI devices (can update by entering the serial number – known data prefills)
Incident Response Process PCI Incident Response Plan Incident Response Plan used to guide incident Response
Internal PCI Audit Internal PCI Audit Questions and Notes List of questions typically asked during an internal PCI Audit
Policies Accepting and processing Payment Cards for University Business - V3.2.1.docx General University Credit Card Processing Policy
PCI Compliance Addendum - V3.2.1.docx Contract addendum to share with Third-Party Service providers
Patch Management Prolicy - V3.2.1.docx General patch management policy
Procedures Payment Device Verification Procedure - V3.2.1.docx Credit card reader verification steps / information
Ratified Department Procedures folder Department specific credit card handling procedures
SAQ Frequently Asked Questions

SAQ frequently asked questions and answers

Third Party Service Provider List

Current list of Third Party Service providers used by the University

CampusGuard Portal (New)

CampusGuard Portal (old)

New portal to enter SAQ information

SAQ portal from last documentation period - Resource to be used as a reference. 

 

Contact Information PCI-Help@uwec.edu

Email account monitored by the PCI Team

* Having trouble accessing these resources, let us know by emailing us at PCI-Help@uwec.edu

PCI Operating Process Tips:

See Something - Say Something - If you observe suspicious activity with regard to payment processing in your area, please report it to your manager and also to the PCI-Compliance officer (email PCI-Help@uwec.edu)


You can have a speed dial set up on your desk phone to streamline and cut down the wait time for the caller when transferring them to your secure phone line. If interested, send the following information to PCI-Help@uwec.edu and we will set this up for you:

  1. The phone extensions where the speed dial is needed,
  2. The specific speed dial(s) position to be configured (# from top down, 1, 2, … etc), and
  3. The cell phone number itself to be called.

PCI Help 

General email - PCI-help@uwec.edu

 

PCI Compliance Officer 

Amanda Brummond - brummoaa@uwec.edu

 

PCI Team

Tom Sulzer - sulzertj@uwec.edu

Dan Drumm - drumm@uwec.edu

Kent Gerberich - gerberik@uwec.edu

Kristin Schumacher - schumakf@uwec.edu

Tammy Brunschmid - brunsct@uwec.edu

Steve Ranis - ranissb@uwec.edu

We want to hear from you

Please enter your name

Please enter a valid email address

Please enter a valid phone number

Please enter a message