Skip to main content

Annual PCI Requirements

When a university unit accepts payment by credit card for goods or services, that unit must comply with industry standards governing credit card transaction processing, specifically Payment Card Industry Data Security Standards (PCI DSS), which require that units:

 

Self Assessment Questionnaire Portal

Cornell has engaged the Trustwave® TrustKeeper® PCI DSS Certification Program for meeting the Self Assessment Questionnaire (SAQ) component of PCI compliance. All SAQs must be completed by March 31.

TrustWave PCI DSS Certification Program

Requirements for Using the Certification Program

  • You must have a valid user name and password for each block of merchant IDs
  • You must have a company name

Merchant IDs have been loaded into the TrustKeeper system in blocks per an agreement with individual units, which reduces the number of SAQs that are required to be submitted. If you need information on how your unit has been configured, please contact Cash Management.

Resources

  • A TrustKeeper tutorial is available to Cornell staff members that have a NetID
  • The TrustKeeper Hotline is available for help in completing SAQs: (800) 363-1621
  • The Cash Management office is available for help at (607) 254-1590 or cashmanagement@cornell.edu

Top

Annual Awareness Training for Payment Card Industry Data Security Standards (PCI DSS)

Cornell University has contracted with Trustwave company to use TrustKeeper to fulfill PCI DSS compliance requirements. Cornell’s Human Resource department has worked with the Treasurer’s office to embed the annual awareness training component of the requirements in the CU Learn portal. This undertaking has provided the following advantages:

  • The use of NetIDs to provide reporting and validation of trainees
  • The incorporation of an attestation of the successful completion and understanding of the elements of safe and compliant handling of sensitive credit card information outlined in the training modules, which provides the institution with documentation and validation of successful completion of this component
  • The ability to send out reminders when it is time to take the test as each new year approaches
  • A centralized repository for all Cornell learners

The training sessions are divided into two categories:

  1. PCI Security Awareness for Associates (PCIAssoc): Those individuals who process, reconcile, or touch in any way any component of credit card transactions.

  2. PCI Training for Managers and Technical Staff (PCIMgr): Those individuals who are not involved in any of the above named activities, but who manage those individuals that who do perform these activities and technical staff that maintain systems related to credit card activity.


Access CU Learn

To learn more about CU Learn and view a tutorial, visit the CU Learn page on the Human Resources Web site.


Register for Training

Once in CU Learn:

  • Search the catalog for "PCI”
  • Click Enroll to the right of the class you need to take (PCIAssoc for associates, or PCIMgr for managers)

Tip: Make sure your browser allows popups for the site before clicking on the launch button. If not, participants will be returned to the search screen. If this happens, click on All Learning, look for the PCI course, allow popups (if not already done) and launch the course.

  • When your course is completed, print a certificate of completion, if desired


Submit Your Attestation of Completed Training

Attestation of Successful Completion of Annual PCI Training

Managers: Treasury must attest to the completion of PCI compliance for Cornell University as one entity. In order to do that, each unit must attest to the functional team that the appropriate staff in their unit has completed the annual training portion of PCI compliance.

  • Complete all annual training by March 31
  • Submit all annual dates for attestations to Cash Management by April 15

Top

Some documents on this page open with Adobe® Acrobat® Reader.

Get Adobe Reader