What is PCI?
PCI (Payment Card Industry): The Payment Card Industry Data Security Standard (PCI DSS) is a required set of standards for optimizing the security of payment card transactions. The standard applies to all organizations that process cardholder data.
Recharge Requirement
As NSHE has entered a higher level of PCI compliance, increased efforts to maintain compliance have brought on additional costs. These costs will be distributed to applicable departments depending on the numbers and types of equipment, devices, software, website, and gateways being utilized. Please see the below FAQs to learn more.
Q. What additional services will the Office of Information Technology (OIT) provide to help us?
With the new, more strict demands for reporting, more accurate physical inventory, and regular auditing, OIT will be adding a dedicated technical support position with expertise in maintaining security in regulated environments. This position will offer priority response for these services and devices during regular business hours along with centralized endpoint management (i.e. automatic software updates) and inventory control.
Q. If I have other questions and/or concerns related to these new changes. Who do I contact?
OIT understands and appreciates that the merchant account changes have direct impact on your department, and we are here to help. Please use OITBusiness@unr.edu as your new central point of contact for questions, concerns, and issues not otherwise specifically addressed on this web page.
Q: What are the costs?
Because the level of effort to ensure compliance varies depending on the type of equipment, devices, software, website, and gateways, we have established three levels of costs.
Level 1: $200 per device per merchant ID per year
This level of participation is for devices that are compliant with modern encryption and security standards such as P2PE or TransArmour. They are generally wireless terminals that can vary in size and functionality. By using these devices our reporting requirements are significantly reduced although the device support can still be significant depending on the use case and device type.
Level 2: $500 per storefront/gateway per merchant ID per year
This level of participation is for online based transactions where the card is not present. This would be for online storefronts or simple payment gateways such as PayPal or Authorize.net that may tie into a website and then redirect the users to the authorized payment retailer.
Level 3: $1,000 per service/device/terminal per merchant ID per year
This level is for any card present, or card not present, transaction where there is a computer or other non-level 1 device that is used to process the transaction. This could be a simple workstation that is used to enter credit cards for phone orders or a workstation with a legacy style card reader attached. This level would also be used for more complex configurations such as point of sale.
Q: How are the annual fees calculated?
Each piece of equipment associated with a merchant ID, whether a terminal or online payment gateway, is used to calculate the annual fee. If your merchant account has multiple equipment items tied to the merchant account, each item is added together to create the total cost.
Q: Is it possible to reduce my annual fee?
It may be possible to reduce your annual fee if you are at a Level 2 or Level 3 cost, depending on your department’s business needs. For more information, please contact itcompliance@unr.edu.
Q: How do I cancel my merchant account?
If you would like to cancel your merchant account, please contact itcompliance@unr.edu.
Q: How do I get rid of a terminal if I no longer need it?
If you would like to disable a terminal, please contact itcompliance@unr.edu and provide the terminal ID and merchant account ID tied to that terminal.
Q: How does my department make changes to their merchant ID equipment?
Contact IT Compliance at itcompliance@unr.edu to discuss your options.
Q: How does my department pay for this?
Your department will need to make sure its PCI recharge is budgeted for the current Fiscal Year through Planning Budget & Analysis. Once the OIT Business Office receives the Workday Worktag to be charged, a payment journal will be submitted in Workday at the beginning of the fiscal year. The journal will go through the normal approvals in Workday, and no other action is necessary. Any mid-year changes will result in a one-time payment journal at that time, also handled by the OIT Business Office.
Q: What if my department makes changes mid-year?
Any equipment added mid-year will result in a recharge for the cost of that new equipment (Level 1: $200, Level 2: $500, Level 3: $1,000). Any subtraction of equipment mid-year will not result in a refund.