Payment Card Industry Data Security Standards (PCI DSS)
The Payment Card Industry Data Security Council has established Data Security Standards that must be complied with by all entities that accept credit card transactions. These standards include controls for handling and restricting credit card information, and related computer and Internet security. UWF is dedicated to full compliance with PCI DSS.
The University of West Florida accepts online credit card payments as a convenience to our customers. Students may make payments online through their MYUWF account for current charges. UWF accepts Visa, MasterCard or American Express credit card transactions.
Due to the nature of their activities, several departments have been authorized to accept credit card transactions for their specific programs. These departments must follow strict procedures to safeguard and protect the customers' credit card information.
Departments must be authorized by the University Controller in order to collect funds by credit card. To begin this process, the department should discuss the proposed activity with the University Cashiers who can be reached at (850) 474-2120. The Cashiers may be able to accommodate the collections through existing systems or may recommend that the Department submit a Departmental Request for Authorization along with supporting documentation clearly describing the nature and scope of the proposed activity.
Departmental Request for Authorization forms will be reviewed and evaluated by Financial Services and ITS for security issues related to the protection of customer Cardholder Data. Every proposal must assure the protection of Cardholder Data and compliance with the Payment Card Industry Data Security Standards (PCI DSS).
PCI DSS Training and the Credit Card Processor (CCP) Certification Requirement
All UWF employees exposed to the Cardholder Environment, whether accepting payments in person, over the phone or simply exposed to cardholder information, are required to complete the Credit Card Processor (CCP) training and retain a CCP Certification on an annual basis. Please take the appropriate steps provided below:
- Notify Matt Packard, Compliance Officer at email@example.com to be added to the CCP group
- Once added to the CCP group, you will have access to training via your SCOOP page, where you will be required to complete an online PCI DSS Training Module
- After the training is completed, make sure you digitally sign the PCI DSS compliance attestation
- After successful completion of the previous steps, you will receive your official UWF Credit Card Processor Certification--Inclusion in this group allows you to accept payments on behalf of the University, provided you adhere to the UWF PCI DSS Policies
The following personnel may be contacted for questions or further information:
Matthew Packard Compliance Office (850) 857-6070
Procedures, Forms, and Links
The following procedures forms and links are related to credit card transactions:
- Cardholder Data
- Credit Card Document Inventory
- Credit Card Receipt Document
- Credit Card Service Providers with Access to Cardholder Data
- Employee Credit Card Security Training
- Credit Card Security Awareness Training Program
- Departmental Request for Authorization/ Self Assessment
- Departmental Request to Modify Credit Card Collection Activities
- Eliminating Credit Card Numbers from Paper Documents
- Employee Credit Card Security Training
- Paper Document Procedures
- PCI DSS Security Council Resources
- PCI DSS Training Slides
- PCI SSC Skimming Resource Guide
- Skimming Prevention At-a-Glance
- Skimming Prevention for Merchants
- UWF PCI DSS Policies
We strive to provide accurate and useful information in a manner that helps you find what you are looking for. We welcome your feedback related to the utility of this information, any additional information you would like to see on this site, and/or any other suggestions for improvement. Please email us at firstname.lastname@example.org or call (850) 857-6070 with your feedback.