University of Nebraska Kearney

Departments Handling Credit Card Numbers

Departments who accept payment cards must comply with the Payment Card Industry Data Security Standards (PCIDSS) https://www.pcisecuritystandards.org.  PCI compliance mitigates risk, protects the University from the costs of a breach, and strengthens overall security. When the University complies with the PCIDSS, it not only protects itself, but also its students, employees, alumni and customers.

The requirements for departments include:

• Approval by the Finance Office prior to acceptance of payment cards as a means of payment regardless of the transaction method or technology used (e-commerce, POS device, in person, telephone, fax or mail).
  
   
• Approval by Information Technology Services of all technology implementation to process any payment card transaction including internet payment service providers such as PayPal.
  
   
• Establish department procedures for safeguarding cardholder information and secure storage of data. An updated copy of these procedures signed by the department head must be submitted to the Finance Office annually.
  
   
• Annual security control attestation to assure understanding of the requirements to comply with payment card merchant safeguards. Attestation form provided by the Finance Office.
  
   
• Breach of security reported immediately to ITS at schroederd@unk.edu, Finance Office at purdyj@unk.edu, and Police and Parking Services at hamakerm@unk.edu. If you suspect loss or theft of any materials containing cardholder data, you are required to report the incident as soon as possible. See policy regarding UNK Information Security Incident Reporting at http://www.unk.edu/offices/its.aspx?id=44686.