PCI Training
In accordance with PCI DSS Requirement 12.6.1, all personnel within the department authorized to handle card payments, whether processing payments, refunding, reconciling, etc., will complete the annual W&M Payment Card Industry DSS training and the W&M Security Education and Awareness training. The annual PCI DSS training is intended to promote awareness of technical and operational requirements to protect cardholder data.
Upon hire, the department’s business process owner (Merchant Manager) will instruct the new staff to take the W&M PCI DSS Training and the W&M Security Education and Awareness Training. New hires must complete the training before handling credit card processes and/or granting access to any ‘swipe’ equipment such as a Clover or online systems such as Touchnet. After that, all personnel must complete training annually. The PCI Team will remind Merchant Managers around or near February of each year to alert staff to take their annual training. Departments are responsible for tracking and maintaining a log of the initial and annual completed training using the W&M PCI Awareness Roster (xlsx).
Training via Cornerstone & Blackboard
- Employees must log into Cornerstone.
- In the upper right corner of the search field, enter PCI.
- Two playlists will appear (in blue).
- Employees take the PCI Employee Training.
- Merchant Managers and backup Merchant Managers take the PCI Management Training.
Students and volunteers who cannot access Cornerstone will receive their training in Blackboard. Merchant Managers must email [[pci]] a listing of names/93#s who need to be enrolled in the PCI Class.
- Employees: PCI Training will be accessed through Cornerstone.
- Students & Volunteers: PCI Training will be accessed through Blackboard.
- Merchant Manager Training: PCI Management Training will be accessed through Cornerstone.