UCSF's Payment Card Industry Security (PCI) Awareness Training is designed to familiarize employees, merchants, executives, and IT staff with credit card security issues and enhance their skills in maintaining the security and safety of the UCSF payment card environment and cardholder data. New employees, managers, and merchants handling this information must complete this course upon hire, and annually thereafter.
Each of the five available modules and their intended audiences are described below. You can click the Start Course button to launch the related course in the UC Learning Center (MyAccess login required).
Managers should access the How to Assign and Monitor Required Controller’s Office Training Available in the UC Learning Center step-by-step guide to learn how to assign and monitor compliance for all required PCI training for their staff after determining the proper courses to assign.
PCI for Merchant Process Managers
Description
This training provides a comprehensive overview of the Payment Card Industry Data Security Standard (PCI DSS) requirements, including best practices on how to protect cardholder data, securely process payment card transactions on campus, and meet the ongoing compliance requirements from the DSS. This training includes four modules:
- Introduction to PCI DSS
- Payment Card Security
- Identifying Risks
- Compliance with PCI DSS
Target Audience
This course is required for all Merchant/Department Managers.
Course Length
Approximately 50-55 minutes (each module is 10-15 minutes)
This is a Certification Course
You must complete this training every 365 days as long as your job duties require it.
PCI for Information Technology
Description
This training provides a closer look at the PCI DSS and the requirements your organization needs to meet before attesting annual compliance. This training is geared towards IT staff and management, who, while not typically participating in the payment process, are responsible for implementing and maintaining the required technical infrastructure campus-wide. This training includes three modules:
- PCI DSS Compliance
- Securing the CDE
- Objectives and Requirements
Target Audience
This course is required for all System Admins and IT Staff responsible for securing systems within the Cardholder Data Environment (CDE).
Course Length
Approximately 60 minutes (each module is 15-20 minutes).
This is a Certification Course
You must complete this training every 365 days as long as your job duties require it.
PCI for Executives
Description
This training includes a high-level overview of the PCI DSS requirements, including requirements for handling and protecting cardholder data, common risks and threats to the cardholder data environment, and consequences for non-compliance.
Target Audience
C-Level Executives
Course Length
Approximately 15 minutes.
This is a Certification Course
It is a best practice to complete this training every 365 days as long as your job duties require it.
PCI for Cashiers
Description
This training is designed to meet the requirements of the Payment Card Industry Data Security Standard (PCI DSS) requirements and educate front-line staff on how to securely handle cardholder data and process payment card transactions on campus.
Target Audience
This course is required for all Students and Cashiers only processing card payments one at a time.
Course Length
Approximately 15 minutes.
This is a Certification Course
You must complete this training every 365 days as long as your job duties require it.
PCI for Ecommerce
Description
This training is designed for merchants who are not involved in the day-to-day processing of cards, but have an online store or e-commerce site their department manages or supports. This module reviews best practices for ensuring compliance with PCI DSS standards:
- Securely processing online payments.
- Assessing and securing eCommerce systems.
- Implementing data protection technologies.
- Providing ongoing compliance support and incident response.
Target Audience
This course is required for all Merchant/Department Staff and Managers responsible for managing and maintaining ecommerce/online stores only.
Course Length
Approximately 30 minutes.
This is a Certification Course
You must complete this training every 365 days as long as your job duties require it.
About PCI Course Assignments and Recertifications
Remember, it is the responsibility of managers to assign direct reports as required to complete this training in the UC Learning Center as part of the process of establishing new credit card handlers.
Completion of these training modules certifies the learner for 1 year. Passing this course requires you to complete all the included quizzes with 100%. You have unlimited attempts. Staff must complete the course that relates to their role annually for as long as they handle credit cards or credit card information.
The UC Learning Center sends automated reminders nearing certification expiration dates. To ensure you receive these messages, be sure to whitelist "[email protected]" in your email application.