|
|
|
|
|
UC DAVIS: ACCOUNTING & FINANCIAL SERVICES September 1, 2005 DEANS, DIRECTORS, DEPARTMENT CHAIRS, AND ADMINISTRATIVE OFFICERS RE: Credit Card Merchant Compliance with Payment Card Industry (PCI) Standards All UC Davis units (Davis campus and Health System) must conduct credit card transactions in compliance with Payment Card Industry (PCI) standards, operating guidelines established by the credit card companies and Policy and Procedure Manual Section 330-35. The PCI standards are a set of requirements imposed on merchants to safeguard the security of credit cardholder information. Many units accept credit and debit cards as a form of payment. While accepting credit cards offers convenience to customers, merchants must accept responsibility for conducting transactions in a manner that provides for the security of cardholder information. Recent changes in the regulation imposed on merchants include significant economic penalty for breach of merchant responsibilities, including a fine of up to $500,000. Each merchant that accepts credit cards must demonstrate specific compliance with the PCI standards by completing a self assessment questionnaire administered by an authorized third party contracted by the Office of the President, Ambiron Trustwave. In addition, some merchants may be required to submit to network scans by Ambiron Trustwave. Merchants should assess their business practices and network infrastructure against the PCI standards, operating guidelines and PPM Section 330-35 to ensure that all criteria are met. Compliance with the PCI criteria must by documented through the centralized compliance portal, TrustKeeper, offered by Abmrion Trustwave. Each merchant is required to submit their self assessment questionnaire responses through the Trustkeeper product annually. For those merchants that are required to submit to a network scan, the scans will also be coordinated through the Trustkeeper product. Any merchant that can not demonstrate compliance with PCI standards by September 30, 2005 will be subject to the inactivation of the merchant account until compliance can be demonstrated. If you have any questions, please contact Leslie Beal, Manager-Internal Control, at (530) 757-8513 or John Gregg, Director-Controls & Accountability, at (530) 752-3255. J. Michael Allred Associate Vice Chancellor - Finance/Controller 05-088
 Office of the Chancellor | Contact Information | Current Issues | Speaking Out | Staff and Organization | Philosophy of Purpose | Principles of Community | Administrative Resources Modified: 12/14/2006 12:24:46 PM Comments: |
