Rice University logo
 
 
 
 
 

Annual Compliance Requirements

 
 
Glossary of
Credit Card
Terms
 
Rice is required to complete an annual self assessment process to to demonstrate that we are properly securing our customers credit card data. For Rice University organizations accepting credit card payments after January 1, 2011, this process will include the completion of one of five possible Self Assessment Questionnaires (SAQs), completion of the Departmental PCI-DSS Requirements Checklist and providing all the documents on the Checklist applicable to your department. Most organizations will only be required to complete one of the five SAQs; some may be required to complete more. The Checklist will define the additional information required for your department.

 

Self Assessment Questionnaire (SAQ)

 

The SAQ(s) you will be required to complete will be determined by the information you provided on your application to accept credit card payments. When you are notified that your application has been approved, you will also be notified which SAQ(s) you will need to complete. You will also be told the due date for submitting your completed questionnaire to the Vice President for Finance.

The five possible SAQs are:

  1. SAQ A. All cardholder data functions outsourced. No Electronic Storage, Processing, or Transmission of Cardholder Data

  2. SAQ B. Imprint Machines or Standalone Dial-out Terminals Only, No Electronic Cardholder Data Storage

  3. SAQ C. Payment Application Connected to Internet, No Electronic Cardholder Data Storage

  4. SAQ C-VT. Web-Based Virtual Terminal, No Electronic Cardholder Data Storage

  5. SAQ D. All Other SAQ-Eligible Merchants and Service Providers

Before completing your application to accept credit card payments, you are strongly encouraged to review SAQ B if you intend to accept payments using a swipe machine and SAQ C if you intend to accept payments online. You may be required to complete a different SAQ, but these will give you an idea of the security requirements the Payment Card Industry (PCI) expects you to follow.

Some questions require technical knowledge about the computer equipment and networks you use. The appropriate area within Rice IT will assist you with the set-up and maintenance needed to maintain the required compliance.

Some questions refer to University and departmental polices and procedures related to securing handling cardholder data. If you have not read the section entitled "Security is Important", you should do so.

 

Departmental PCI-DSS Requirements Checklist

This is the list of steps and documents required annually to demonstrate compliance:

  • Complete Annual SAQ Verification
  • Complete and Sign (electronically) the SAQ
  • Review, update and upload Departmental Policies and Procedures
  • Review and upload copies of third-party agreements (if applicable)
  • Review and upload copies of third-party certifications (if applicable)
  • Complete annual PCI Training
A copy of the Checklist with additional details is available here.
 
If you have any questions, please contact Cindy Melton or the Steward for the SAQ you are completing.
 
    

 
 
 
Want to know more about the Payment Card Industry Data Security Standards (PCI-DSS)? Visit this site.

 

 
 
 
Looking for information about PCards? Visit this site for the manual and this site to learn about training.
 
 
 
 
 

 
 
 

 
   
 
Need a copy of the Guide to Card Acceptance and Best Practices from Global Payments?
 
The slides from the Rice PCI training class are here.
Click here to go back to previous page