UMB is committed to protecting the privacy of students, faculty, staff, and community members engaged in payment card transactions.  Payment card security is critical to protect the confidentiality of information when processing payments.  UMB has developed policies and procedures to guide UMB employees in compliance with payment card industry data security standards (DSS).

PCI DSS is a mandated set of security requirements agreed upon by major credit card companies. These requirements apply to all payment card transactions and to the merchants/organizations that accept these cards as forms of payment.

Individuals with responsibilities, authority, and stewardship over payment card transactions are required to comply with applicable federal, state, University System of Maryland (USM), and UMB regulations, policies, and procedures.  This Procedure establishes requirements and procedures for the security and protection of Cardholder Data (CHD).

• Read and follow the UMB PCI Policy and Procedure
• Read and follow departmental PCI procedures (sample template)
• Complete the annual training
• Complete and submit an annual attestation (PCI DSS Self-Assessment Questionnaire)
• Report PCI related incidents as described in the UMB Procedure and departmental procedures

• Immediately notify the employee’s supervisor and the Operational Unit PCI Coordinator
• Email DL-CITSPCICompliance@umaryland.edu
• If fraud is suspected contact Change Management and Advisory Services.
• If the suspected activity involves computers (hacking, unauthorized access, etc.), also contact the Operational Unit’s IT support team and immediately notify the Center of Information Technology Services (CITS)
• UMB Incident Response Policy

• PCI Security Standards Council
• Guide to Safe Payments
• Skimming Prevention: Best Practices for Merchants
• How to establish a UMB merchant bank account
• CampusGuard Portal