NOTICE: The Finance Policies and Procedures Manual, along with the previous manual, is undergoing changes. These sites are continually updated to reflect changes in business processes. If you cannot find the information you are seeking in these policies, email financecomm@unc.edu for more information.
Policies and Procedures

Procedure 308.6 – Maintaining Payment Card Industry (PCI) Compliance

Effective
July 1, 2006
Last Updated
July 18, 2011
Responsible University Officer
Executive Director and Information Security Officer
Information Technology Services
University Controller
Responsible Unit
Accounting Services

Procedure Statement

Credit card merchant accounts must be compliant with all applicable Data Security Standards (DSS) for their method of payment acceptance. Maintaining Payment Card Industry (PCI) compliance is a continual process. There are several types of Data Security Standards (DSS) that exist and must be met if applicable to the method of payment acceptance by the merchant.

Forms / Instructions

To validate PCI compliance, a credit card merchant account must take the following steps:

1. Contact the Cash Manager in Accounting Services for information regarding the identification of the specific DSS that are required for specific applications.

    • Payment Card Industry Data Security Standards (PCI DSS)
    • Payment Application Data Security Standard (PA DSS)
    • Pin Transaction Standard (PTS)

2. Contact the Cash Manager in Accounting Services for access to TrustKeeper, a compliance validation service. The departmental business contact for the credit card merchant account, as listed on the Merchant Outlet Setup Form, was given access to Trustkeeper when the merchant account was established.

3. Please complete the mandatory PCI online training as detailed in Procedure 308.1 – Establishing a New Credit Card Merchant Account.

Related Data

TrustKeeper Login
PCI Security Standards Council

History

Revised:
July 18, 2010