The Payment Card Industry (PCI) Security Standards Council (SSC) is an open global forum launched in 2006 by the major payment card associations (MasterCard, Visa, American Express, and Japan Credit Bureau) to establish a unified set of standards for securely processing, storing, and transmitting payment card information. To protect its customers, the PCI SSC has implemented the PCI Data Security Standards as a security requirement for all merchants and service providers to safeguard sensitive data for all card brands. In order to meet these PCI compliance requirements, the Office of Financial Affairs & Administration has been designated as the central authority for oversight of all UAB payment card processing and related PCI compliance activities, and has partnered with the Office of Information Technology to assist in aligning appropriate technical compliance strategies.
As a result, the UAB PCI Compliance Committee has developed central policies and procedures to provide the functionality and security required to manage various types of transactions at UAB, including web-based and/or traditional processes. Departments desiring to accept payment cards as a form of payment should review the content of this PCI Compliance Support site, or contact the office of the Chief Financial Officer to discuss their business need. All UAB payment card merchants (departments/units) who are approved for accepting payment cards must comply with all UAB and PCI DSS policies, procedures, and standards described on this website.
Getting Started with PCI Compliance
Payment Card Processing and Security Policy – Establishes a campus wide requirement for campus merchants to meet and maintain compliance requirements established in the PCI DSS.
Payment Card Privacy Statement – Explains UAB’s intent to securely maintain the privacy of all payment card customers.
PCI Entity Account Request Form – The Office of the CFO is the UAB focal point for handling the PCI Entity approval and registration process. In order to be granted payment card processing authorization, UAB PCI Entities must complete the approval and registration process with the Office of the CFO, which includes requesting and completing a PCI Entity Payment Card Account Request Form. A valid business reason is required for approval to move forward in the process.
In order to complete the payment card account request and be issued a merchant account ID, Entities must complete the following steps:
- Obtain approval signatures on the request form by the Department Head and the Dean or Associate Vice President.
- Obtain approval from the Office of the CFO.
- PCI Entity to complete SAQ (Self-Assessment Questionnaire), Business Process and other required PCI documentation.
- PCI Entity Account Request Form
For questions relating to how to complete the requirements outlined above, refer to The PCI Entity Handbook or call (205) 934-5121.
PCI Compliance Training
Financial Affairs has updated the PCI training course. The course provides valuable information regarding protection of credit card data as it relates to payment processing at UAB.
It is required for everyone involved in processing credit card payments across UAB Campus and Hospital. To enroll in the course, contact Financial Affairs at 934-5121.