LISTSERV 16.0 - MSUNAG Archives

Good afternoon MSU:

This is the day to have the PCI payment card business survey completed. 
If you have already completed your survey, thank you for your assistance.

All MSU persons or entities that engage in operations that include 
credits card transactions are required to complete the payment card 
business scope survey. You may take the survey here 
<https://www.surveymonkey.com/s/MSUPCIScopeSurvey2013>:

     https://www.surveymonkey.com/s/MSUPCIScopeSurvey2013

If you have additional questions or issues, or you would like a copy of 
all the questions before going online to fill out the forms, please 
contact Gene Willacker at [log in to unmask] 
<mailto:[log in to unmask]>, or 4-4110 (517-884-4110).

*Background:*

MSU was recently informed by our bank, Bank of America Merchant Services 
(BAMS), that we are required to validate MSU's compliance with the 
Payment Card Industry Data Security Standard (PCI DSS) early next year.  
We have not been asked to provide this information to the bank for a 
long time, so it is important that we have every unit on campus review 
their payment card processing methods and security, and submit written 
documentation to the Cashier's Office by March 31, 2014.  MSU cannot be 
considered compliant unless every merchant is compliant.

According to the bank's policy, we must report on all credit card 
business being done by every department and unit on campus, whether the 
transactions are processed through BAMS or not.  We are aware that there 
are several MSU persons, areas, or entities accepting credit card 
payments using methods that are not listed under the guidelines in the 
MSU Manual of Business Procedures 
<http://ctlr.msu.edu/COMBP/mbp17EBS.aspx> 
(http://ctlr.msu.edu/COMBP/mbp17EBS.aspx). Those operations must also 
report to the Cashier's Office.  This is the time for those operations 
outside of MSU guidelines to come forward and discuss their payment card 
business with us, so that we can validate that the business process 
meets MSU and PCI compliance requirements.

The first step in this process is our Fall 2013 scope survey, to 
determine every area and method used by MSU in accepting payment cards. 
After analyzing the data received, the MSU Controller's Office will be 
sending specific documents to each office to collect the appropriate 
compliance documentation.

Thank you for your cooperation and assistance with this process.

Gene

-- 
Gene Willacker, PCIP, PCI ISA
PCI Compliance Officer
Controller's Office
110 Administration Building
Michigan State University
517-884-4110

*On Twitter: *@MSUPCI* <https://twitter.com/MSUPCI>*
http://ctlr.msu.edu/CreditCard/