Merchant Services

SAQ's with all supporting documentation are due by November 9, 2019. If you need assistance, please email merchantservices@ucsc.edu or call: 831-459-1686.

Download the 2019 SAQ Checklist to get started preparing/updating your documentation and processes.

PCI Planning

Click here to log-in to the VigiOne website. If you do not have a log-in please contact us immediately.

Please see our VigiOne SAQ training page for a basic video on how to navigate the new SAQ portal. Password credentials are available via email sent to each Merchant.

Details about the online portal:

  • Unfortunately, the new portal requires merchants to complete a separate SAQ for each payment stream (e.g. SAQ A, SAQ B). Alternatively, an SAQ D can be completed to cover your entire environment
  • Please take this into account when planning for SAQ completion
  • Training is available here.

Documents - Descriptions and Templates

2019 SAQ Checklist:
Track your progress on this checklist to prepare for your SAQ submission, and get a brief description of each item on page two.
Click here to download the 2019 SAQ Checklist.

Departmental Credit Card Security Policy:
This document outlines the policies and procedures put into place by your department to protect cardholder data.
Click here to download the Departmental Credit Card Security Policy template.

Incident Response Plan:
This document prepares your unit for efficient action and communication in the event of a suspected or confirmed breach of a physical, or digital environment.
Click here to download the Incident Response Plan template.

Training & Policy Certification:
This document is signed by the departmental PCI Coordinator and Department Head to certify that they understand that critical aspects of UCSC's PCI and Merchant policies and procedures are to be followed. Full details are available in the document.
Click here to download the Training & Policy Certification template.

Service Provider List:
This document lists all service providers (with contact info), including a description of service provided. Depending on the complexity of your environment, this could be as few as one service provider or more than three.
Click here to download the Service Provider List template.

Access Control List:
Documentation of positions that have access to your credit card environment and their access level.
Click here to download the Access Control List template.

Contract information for your Credit Card Vendor and/or Service Providers:
You can request this information from your Service Providers, Procurement, or ask merchantservices@ucsc.edu for assistance in obtaining contract information.

Equipment Tracking, Photos and Movement List:
List of all credit card terminals, models, serial numbers, their physical locations, and pictures of each terminal, front and back. Please include your terminal access log.
Click here to download the Terminal Tracking Sheet template.
For Merchants who move terminals daily:
Click here to download the Frequent Movement List template.

Terminal Tamper Inspection:
Proof that credit card terminal inspections are happening on a regular basis.
Click here to download the Terminal Tamper Checklist and Log.

Attestation of Ecommerce only Processing:
For Ecommerce only merchants, a statement attesting that no physical credit card terminals are being used can be submitted instead of a tracking list.
Click here to download the Attestation of Ecommerce only Processing template.