Payment Card Industry (PCI) Compliance

UMB is committed to protecting the privacy of students, faculty, staff, and community members engaged in payment card transactions.  Payment card security is critical to protect the confidentiality of information when processing payments.  UMB has developed policies and procedures to guide UMB employees in compliance with payment card industry data security standards (DSS).

View the presentation dated April 13, 2021 here.

What is PCI Compliance?

PCI DSS is a mandated set of security requirements agreed upon by major credit card companies. These requirements apply to all payment card transactions and to the merchants/organizations that accept these cards as forms of payment.

Do I have to comply?

Individuals with responsibilities, authority, and stewardship over payment card transactions are required to comply with applicable federal, state, University System of Maryland (USM), and UMB regulations, policies, and procedures.  This Procedure establishes requirements and procedures for the security and protection of Cardholder Data (CHD).

How do I comply?

  • Read and follow the UMB PCI Policy and Procedure
  • Read and follow departmental PCI procedures (sample template)
  • Complete the annual training
  • Complete and submit an annual attestation (PCI DSS Self-Assessment Questionnaire)
  • Report PCI related incidents as described in the UMB Procedure and departmental procedures

Incident Reporting: