To: Credit Card Merchants
University Business Managers
From: CERTIFI Committee
Date: February 18, 2013
The University’s credit card policies as well as Payment Card Industry Data Security Standards stipulate that everyone involved in the credit card environment is required to complete PCI training on an annual basis. Since credit card information is considered to be sensitive information, everyone involved in the credit card environment must also complete the ITS Security Awareness Training. These trainings apply not only to those who have access to full credit card numbers, but also to those who have access to truncated credit card numbers that can be found in credit card receipts, payment gateways, and merchant statements. These trainings also apply to IT support/ developers of applications and software that access or process credit card information or interface with credit card payment gateways.
In order to provide education and training about protecting payment card data with the PCI Data Security Standards, an online training portal has been developed with Vigitrust. A guide for registering and using the portal is available on the Finance Training web site at https://finance.unc.edu/services/training/. Two online training courses, PCI Basic 2013 and PCI DSS Comprehensive 2013, are now available at http://pci.vigitrust.com/unc. Please have all individuals in the credit card environment register through this link using their University email address.
The course titled “PCI DSS Comprehensive 2013” should be completed by the following:
- The individual who completes the annual Self-Assessment Questionnaire.
- Individuals who are the IT support of payment applications and software.
- All CERTIFI (Compliant Electronic Receipt Transactions through Innovation and Financial Integrity) committee members.
All others involved in the credit card environment is required to complete the course titled “PCI Basic 2013.”
ITS Security Awareness Training is located at https://its.cloudapps.unc.edu/info_security_awareness_training/.
It is the responsibility of the department’s Credit Card Merchant Contact to make sure that everyone involved in the credit card environment in their area completes the appropriate PCI training course and ITS Security Awareness Training in a timely manner. The deadline for completing the PCI training and ITS Security Awareness Training is March 15, 2013.