PCI Compliance Verification

PCI Compliance verification for spring 2026 has begun.  All departments accepting payment cards as a form of payment must comply with specific PCI DSS requirements.    As part of the requirements, each year, merchant departments must complete and/or review and update the following information.

1. PCI DSS Department Procedure:  Outlines how the department processes payment cards.  Provides step by step instructions on best practices and how to maintain security for all merchants.
2. PCI DSS Employee List:  Documents employees with payment card responsibilities and when they have completed the online training.  Includes hire and terminations dates. Terminated employees should remain on the list for 2 assessment cycles.
3. PCI DSS Training:  Completed annually by each employee with payment card processing responsibilities, including supervisors, and account managers. 

• eCommerce with stand-alone terminals and/or POS Devices:  Individuals working with Stand-alone Terminals and/or POS Devices are required to complete the PCI Credit Card Compliance Learning Module located in SAP Successfactors annually.
• eCommerce Only:  If you only have eCommerce accounts through Marketplace (no stand-alone terminals or POS devices), you will be asked to sign a PCI DSS Compliance document annually.  This serves as PCI DSS training, and an acknowledgement that you will follow the processes for eCommerce accounts.

4.  PCI DSS Device Inspection Log: Completed monthly on all devices capable of swiping or dipping a payment card. Devices are inspected for evidence of physical tampering.

Beginning this spring, these documents will be collected using the Dynamic Forms Exchange (DFE).   First, managers will receive an email with a link to the 2026 DFE form.  Click the link, complete, and submit your form.  Once the form has been submitted, the  Attestation of Compliance will be sent for signature, via Adobe Sign.