Skip to main content

Merchant Compliance Assessment

Payment Card Industry Data Security Standards

Secure Credit CardIn order to maintain and evaluate compliance efforts, all systems and respective merchant accounts will be assessed annually for compliance. To help merchants understand the assessment process, below are some of the things that may be evaluated during the assessment. As Central IT also contribute to the overall compliance of a merchant account, such as the network, firewall rules, log management, vulnerability scans, encryption, and other things, these processes will be reviewed ongoing and will attest their compliance quarterly.   The merchant assessment will be based on system structure and self-assessment questionnaire requirements.

Who will participate in Merchant Assessment?

All system that

Your Merchant PCI Team:
  • Business Unit Director/Manager
  • Operation System Admin
  • Business Service Manager
  • System Admin
  • IT Support Personnel (hardware support)
PCI Assessment Team:
  • PCI Compliance Officer
  • IT System Admin Manager (if server resides at USU)


12 PCI DSS Requirements

Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data 
- Managed by Central IT
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
- Managed by Central IT
Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security 
- Information Security Policy 558


Questions 

If you have any questions or feel you may have a compliance issue, please do not hesitate to contact Monica Trippler via phone (435) 797-8410 or email.  Monica will be happy to meet with you and address any concerns you may have.