PCI Compliance and Training

As University payment processors, we share the responsibility of protecting customer data by maintaining Payment Card Industry Data Security Standards (PCI DSS). This means following industry security standards to protect credit card information during payment processing.

Treasury Services is here to provide the guidance and resources you need to keep payments safe and secure.

Get Your Team Trained

Before your department can begin handling payments, all employees must complete required training. Training must be renewed annually and may be reassigned by Treasury Services as needed.

Step 1: Request Training

Use the form below to request training for yourself or your team. Treasury Services will assign the correct training courses in PageUp once this form is submitted.

Cash and Card Handler Authorization Form
Step 2: Complete Training in PageUp

Once trainings have been assigned, they will be accessible through PageUp and must be completed before employees begin processing payments.

Required trainings include:

  • Cash Handling and Safeguarding Non-Public Information
  • Protecting Payment Card Information (PCI)
PageUp Learning Library
Step 3: Stay Current
  • Training must be renewed once per year.
  • Treasury may reassign training at any time if an employee changes roles or responsibilities.
  • Departments should monitor compliance and ensure all employees are up to date.

Responsibilities of Financial Managers

Financial Managers play a key role in protecting the University and its customers by ensuring all payment processing activities meet PCI compliance standards. Below are your primary responsibilities and the resources available to help you succeed.
  • Confirm that all employees and supervisors who handle cash or cards complete required training before processing payments.
  • Conduct regular check-ins with staff to make sure training is current.
  • Only University-trained staff are allowed to accept payments.
    • Exception: The Director of SBO and Treasury may authorize a non-employee to handle cash on a limited basis, provided that the individual completes required training and appropriate internal controls are in place.
  • Financial Managers are responsible for verifying staff assignments and removing untrained staff from payment duties.
  • Each department must have a PCI Standard Manual that documents:
    • How payments are handled
    • Who is authorized
    • Security measures in place
  • Treasury can provide templates and assist with drafting your manual.
  • Departments must inspect credit card devices regularly for tampering.
  • Logs must be maintained and uploaded to Campus Guard.

Why PCI Matters

PCI compliance isn’t just a requirement—it safeguards sensitive customer information and protects the University from financial and reputational harm. Below, learn why PCI matters and what’s at stake if compliance is not maintained.

PCI compliance protects both customers and the University.

  • Backed by industry leaders: Requirements are set by American Express, Discover, MasterCard, and Visa.
  • Standards-driven: The PCI Standards Council develops and manages security rules, ensuring consistent protection of payment data worldwide.
  • Serious responsibility: Compliance safeguards sensitive cardholder information and maintains the University’s reputation and ability to process payments.

Failure to comply can result in severe financial and reputational damage.

  • High fines: Up to $500,000 per incident for breaches when merchants are not PCI compliant.
  • Added obligations: Mandatory written notifications to all affected individuals.
  • Hidden costs:
    • Increased audit requirements
    • Potential suspension of campus-wide credit card activity
    • Printing, postage, and staff time for customer notifications and recovery
    • Lost business during register or store closures
    • Long-term damage to public trust and decreased sales

Additional Assistance

The University’s PCI Compliance and credit card processing is being supported by Arrow Payments. To contact Arrow Payments support team:

  • Email: support@arrowpayment.com
  • Call: (312) 829-1200