In order to reduce risks associated with the Payment Card Industry Data Security Standard (PCI DSS), any department or organization at the University of Tennessee or the Univeristy of Tennessee Foundation with a Merchant ID for credit card processing must now take part in PCI security training. This is a part of the University’s formal PCI security awareness program required by PCI DSS, as well as UT policy FI0311 – Credit Card Processing.

Handouts, slides, and links to other resources can be found below.

Training Presentations

  • PCI-Training (new survey posted 1/2/2018: presentation will open in a new window)

Merchant Documentation Templates

PCI Inventory Log (downloadable Excel document)

Security Awareness Information

2016 PCI Credit Card Security Flyer

2016 PCI DSS Handout

Insight From VISA To Keep Your POS Equipment Secure

PCI and What Not to Store

PCI Standards and Procedures for UT/UTFI Merchants

PCI DSS Incident Response Plan

PCI DSS Penetration Testing Standard

PCI DSS Security Awareness Program Standard

PCI DSS Vulnerability Scanning Standard

UT Policies

Fiscal Policy FI0311 – Credit Card Processing

IT Policy IT0110 – Acceptable Use of Information Technology Resources

IT Policy IT0115 – Information and System Classification

Additional PCI Resources

FI0311 Merchant Approval Process

PCI DSS – Migrating from SSL and Early TLS

Requirements by SAQ Type

Which SAQ Do I Complete?

SAQ Guides (PCI DSS v3.2 rev1.1)

PCI-DSS-SAQ-A – for “card-not-present” merchants

PCI-DSS-SAQ-B – for merchants using standalone, dial-out terminals not connected to the Internet

PCI-DSS-SAQ-B_IP – for merchants using a payment application system or POS system connected to the Internet

PCI-DSS-SAQ-C_VT – for merchants using isolated virtual payment terminals on a personal computer connected to the Internet

PCI-DSS-SAQ-P2PE – for merchants using hardware payment terminals in PCI SSC-Listed P2PE solution only

If you have any questions or need additional information, please contact security.