Onboarding New Merchant Staff
This guide outlines the steps required before an employee can handle credit cards.
Policy Insight
The University is obligated to comply with laws, regulations, guidelines, and policies such as BFB BUS-49 (opens in new window) and BFB IS-3 (opens in new window), to safeguard sensitive financial information, including credit and debit card data of its customers. In accordance with UCOP and UCSF policy, all Credit Card Handlers must complete online UCSF PCI Security Awareness Training. Department supervisors or managers are required to educate employees upon hire and hold refresher courses annually. Background checks and fingerprinting are mandatory.
Training
New credit card handlers must complete the required online course(s) available in the UC Learning Center. Managers and supervisors should review the available PCI DSS Security Awareness Training and complete any training pertaining to themselves first. Then, supervisors/managers should assign their teams to the proper required courses. Completion of this training is required before the employee can handle credit cards and annually thereafter as long as they continue to handle credit cards.
If you, the employee's supervisor/manager, have tried the steps available in the How to Assign and Monitor Required Controller’s Office Training Available in the UC Learning Center and still cannot assign this course to the employee in the UC Learning Center, send an email request to [email protected] with the subject line "Assign PCI DSS Security Awareness Training". Include the employee's:
- Full Name
- Email address
- Employee ID
- Course name that should be assigned
Access to Reconciliation Reporting
Departments need to email the following information for new credit card handlers or depositors to access reconciliation reporting from Merchant Services:
- Name
- Phone Number
- Email Address
- Department Name
- Department Box Number
- Department Physical Address
- Name of supervisor/manager