Merchant Compliance

All UCI merchants that process payment cards must adhere to the requirements of the PCI DSS and validate compliance annually through a set of self-assessment questionnaires designed for specific processing environments. Once PCI compliance is successfully achieved by each merchant through the VigiTrust VigiOne portal, an attestation of compliance is reported to the university’s acquiring bank. The university’s acquiring bank controls and monitors all merchant payment card accounts for UCI and reports UCI’s annual compliance to the card associations.

In addition, any third-party vendor engaged by UCI merchants or departments to process payment card transactions on their behalf, must also comply with the PCI DSS and requires approval by the PCI Compliance Team. Adhering to the PCI DSS requirements provides critical protective measures to minimize risk and to ensure payment card data is protected. Non-compliance can result in large fines and litigation costs to the university, loss of reputation, stringent and costly reporting requirements, and possible termination of payment card privileges for the merchant.