OTO Revises Process for Payment Card Industry Data Security Training - 09/21/10

Purdue personnel and volunteers whose job requires them to complete the annual Payment Card Industry Data Security (PCI DSS) training will find a number of process enhancements when they renew their annual certification this fall. Among the Office of Treasury Operations’ (OTO) changes are self-registration and an enhanced role for supervisors.

The online, self-directed training is needed for the University’s PCI DSS compliance. All Purdue staff, faculty, students and volunteers who accept payment cards (credit, debit, etc.) on behalf of the University must complete the training each year. In addition, personnel who work with systems, equipment or reports used in the merchant process also must take the training.

The OTO considered staff feedback when it made several improvements to the PCI DSS training process. As a result, the revised process mirrors some of the University’s other online training, such as that for FERPA, GLBA and HIPAA. Training changes include self-registration and an automatic annual email reminder to participants when it is time to recertify.

Participants will find detailed instructions in the WebCert PCI Training Quick Reference Card for logging into the training system, accessing the materials and completing the training. Those instructions are available by clicking “QRC’s” located on the “Card/Web Payments” gold tab on the on the Office of Treasury Operations website.

The revised process includes an enhanced role for supervisors, who now are responsible for ensuring the compliance of individuals in their areas by tracking their training and maintaining a copy of the certification of completion given those who complete the course. The PCI standards require the University to assess compliance annually. Keeping a copy of their staff’s certificates of completion for training will ensure supervisors’ ability to access documented proof of an individual’s certification status during the compliance review.

Questions or comments about PCI DSS training may be directed to the Office of Treasury Operations via email at or by phone at 494-7261.