PCI DSS - Payment Card Security

The information provided on this page is an overview only.   For detailed guidance based on your department’s payment business process,  please email the UNH PCI DSS Steering Committee at unh.pcisc@unh.edu.  The UNH PCI DSS Steering Committee was established to assist merchants in achieving PCI DSS compliance and reporting compliance status to University governance.

What Is PCI DSS?

  • PCI DSS stands for Payment Card Industry Data Security Standard.
  • The standard is a set of requirements which ensure technical and procedural security in accepting, transmitting and storing payment Card Holder Data (CHD).
  • Payment cards include credit, debit, gift, prepaid, etc.  For purposes of complying to the standard, payment cards do not include UNH P-cards or Cat's Cache.
  • The standard is issued and maintained by the PCI Security Standards Council (PCI SSC) and applies to all entities involved in payment card processing – including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process or transmit CHD.  Complete PCI DSS information can be found at the  PCI SSC website .
  • USNH has contracted with  CampusGuard , a Qualified Security Assessor, to assist UNH in achieving compliance to the standard.

Who must comply with PCI DSS?

Compliance with the standard is required by the USNH contract with the merchant bank, Wells Fargo, and applies to all USNH institutions.  University of New Hampshire departments and employees who offer University services or products for sale and take payment cards as one form of payment, must comply with the requirements of PCI DSS.  University sellers are termed 'merchants' and include in-person, remote and on-line sales.  Compliance to the PCI DSS helps University merchants protect their customers as well as the University itself.

Merchant Responsibilities:

  • Follow UNH and USNH policy to become an approved merchant
  • Be familiar with the UNH Payment Card Industry Data Security Standard Administration Guideline which should be reviewed at least annually
  • Designate a merchant department responsible person (MDRP) to oversee CHD transactions and personnel
  • Document a departmental PCI DSS policy (models are available) to include at a minimum:
    • CHD handling and security
    • Employee authorization
    • Media control (including electronics)
    • Incident response
    • Lapse tracking
  • Provide and document employee PCI DSS training annually
    • Ensure employee's transacting CHD have had a background check
  • Provide dedicated equipment or applications for processing of CHD
    • Fixed or mobile devices incorporating card-swipe or keypad entry which are approved by the PCI SSC
    • Online payment webpages hosted by a PCI DSS compliant service provider
  • Complete a Self-Assessment Questionnaire (SAQ) annually to attest PCI DSS compliance
Employee Responsibilities:
  • Only authorized and trained University employees may accept and handle CHD
  • Authorized employees must have a background check and be trained on the department’s PCI DSS policy
  • Authorized employees must not copy CHD, except as may be defined by policy and must not leave CHD where non-authorized employees or other persons could view or access the information
  • Non-authorized employees must refuse to accept CHD and instead direct a customer to an authorized employee, a payment application or a payment website
Custom Fields
  • Department: Information Security Services
Attached Files
There are no attachments for this article.
Related Articles RSS Feed
How to Spot a “Phishing” Email
Viewed 699 times since Tue, Feb 2, 2016
System Center 2012 Endpoint Protection for Mac Usage Instructions
Viewed 1429 times since Wed, Aug 12, 2015
FAQs- System Center 2012 Endpoint Protection, Microsoft Security Essentials, and Windows Defender
Viewed 2383 times since Wed, Aug 12, 2015
COPPA: Children’s Online Privacy Protection
Viewed 686 times since Wed, Apr 29, 2015
Back-up your files today!
Viewed 474 times since Mon, Nov 16, 2015
Ransomware arrives on the Mac: OSX/KeRanger-A
Viewed 561 times since Thu, Mar 10, 2016
Storing Restricted and Sensitive Data in Box @ UNH
Viewed 708 times since Thu, May 28, 2015
What’s the Deal with Publicly Posted Credentials?
Viewed 103 times since Thu, Jun 29, 2017
Tips for Keeping Your Devices Secure
Viewed 50 times since Fri, Aug 4, 2017
Things to Consider if Your UNH Account has been Compromised
Viewed 41 times since Wed, Aug 16, 2017
MENU