Office of Information Security Logo
about UMS link buttonPolicies and Practices Link ButtonTraining and Services Link ButtonResources and Information Link ButtonContact Us Link Button
resources and information logo and link

PCI DSS COMPLIANCE

All university merchant departments accepting credit cards must comply with the Payment Card Industry Data Security Standard (PCI DSS), which is intended to ensure the safe handling of cardholder data.
 

To validate PCI DSS compliance, a self-assessment questionnaire must be completed for each merchant ID assigned by the University's merchant acquirer (e.g., Global Payments).  A completed self-assessment questionnaire (SAQ) is required annually.  It is the responsibility of the merchant department to complete the questionnaire when due.  There are five different version of the SAQ.  The required SAQ for a merchant depends on the manner in which credit cards are processed.

 

Category

Description

Examples

SAQ Category A

For card-not-present merchants where all cardholder data functions are out-sourced.  There are no face to face transactions.

TouchNet marketplace e-commerce uPay , uStore or Bill+Pay.

SAQ Category B

For merchants using imprint or standalone dial-up terminals connected by phone line.  There must be no electronic cardholder data storage.

Verifone VX570 connected only to phone line.

SAQ Category C

For merchants with payment applications connected to the internet.  There must be no electronic data storage and no connection to other systems.

Point-of-sale systems with card present, face to face transactions.  Cardholder data environment isolated.

Verifone VX570 connected to internet.

SAQ Category C-VT

For merchants using only web-based virtual terminal applications.

TouchNet Payment Gateway Single Authorizations or office entry on behalf of others, using self service solutions.

SAQ Category D

All other merchants not included above.

Point-of-sale systems with card present, face to face transactions.  Cardholder data environment is not isolated from other functions.

 

To obtain a copy of the SAQ's and the PCI DSS visit this web site:

https://www.pcisecuritystandards.org/security_standards/index.php

Before beginning your SAQ, please read the following documents:

PCI Data Security Standards

Instructions and Guidelines provided by the PCI Security Standards Council

 

QUESTIONNAIRE DOWNLOADS PDF FORMAT

 

Self Assessment Questionnaire (SAQ) for Category C-VT

 

Self Assessment Questionnaire (SAQ) for Category A

 

Self Assessment Questionnaire (SAQ) for Category B

 

Self Assessment Questionnaire (SAQ) for Category C

 


16 Central Street Bangor, Maine 04401
Telephone: (207) 973-3201 | Fax: (207) 973-3296
Express Message: (207) 973-3399 | TTY Phone (24 Hours)(207) 973-3262