Payment Card Processing Newsletter
OCTOBER, 2025 ISSUE
University of Nebraska—Lincoln
PCI Compliance Team
The PCI Compliance Team is a collaboration between Information Technology Services (ITS) and the Office of the Bursar. It is a cross-functional team responsible for administering the University of Nebraska-Lincoln payment card policies and procedures, monitoring payment card activity, and educating merchants.
Contact Information
Information Technology Services (ITS)
Chris Cashmere phone: 402 472-1423
its-sec-compliance@nebraska.edu
Office of the Bursar
Jennifer Hellwege phone: 402-472-9003
Lisa Hilzer phone: 402-472-9004
Download the printable PDF version of this newsletter here.
Annual PCI Training Requirements for Card Handling
All parties handling cardholder data must adhere to specific security awareness training requirements to be PCI DSS v4.0 compliant. Individuals should acknowledge, in writing or electronically, that they have read, understood, and will comply with the security policies/training. Since your department knows which individuals are involved with card processing, the monitoring and documentation of this training below is the department’s responsibility.
Cash Handling Training
All personnel connected in any way with cash handling, including payment card transactions, must review the Cash Handling Policies & Procedures on an annual basis, available here: https://bf.unl.edu/policies/cash-handling/
Payment Card Security Awareness Training – PCI DSS v4.0 Requirement 12.6
All personnel involved with card processing need to annually complete security awareness training to understand their role in protecting cardholder data. To satisfy this requirement, Firefly-Bridge course PCI - Payment Card Data needs to be completed.
Firefly-Bridge link: https://nebraska.bridgeapp.com/learner/programs/5e897251/enroll
Complete Course 1: PCI - Payment Card Data - 15 minutes (Best viewed in Microsoft Edge or Google Chrome)
Device Tampering Training –PCI DSS v4.0 Requirement 9.5
All personnel involved with card processing must be trained to protect card-reading devices from tampering and unauthorized substitution. Terminal devices must be periodically inspected to look for signs of tampering, such as unexpected attachments, added cables, altered security labels, broken casing, etc. Report any suspicious items or behavior to a supervisor and the PCI Team.
Part of protecting devices is maintaining an up-to-date inventory of your devices.
Inventory should include: make, model, location, serial number or unique identifier
Two training resources we’ve found to be helpful are:
• PCI Security Standards Council - Skimming Prevention Best Practices for Merchants
• VISA - Protect Your Merchant Terminals from Illegal Tampering
October is Cybersecurity Awareness Month
There are two opportunities to expand your cybersecurity knowledge during October. These are available on Firefly-Bridge.
University of Nebraska commits to "Secure Our World" by taking action during the October Cybersecurity Awareness month to reduce cyber risks. This program of learning opportunities is broken into: an introduction, four short learning courses, and a closing. Each 10-12 minute course will highlight the growing importance of cybersecurity in our daily lives. All program materials are available upon enrollment and you are encouraged to go at your own pace during the month of October.
https://nebraska.bridgeapp.com/learner/programs/a6c8c388/enroll
This course provides a high-level overview of information security fundamentals, essential practices, and services at the University of Nebraska. This course is required of all NU employees and must be completed on an annual basis.
https://nebraska.bridgeapp.com/learner/courses/7af89aad/enroll
Knowledge Base Article - PCI Scanning and Scan Attestations: Guidance for Merchant Representatives
SAQ-A eCommerce merchants have been required to submit an Attestation of Scan Compliance document quarterly since PCI DSS v4.0 went into effect March 2024. IT Security has provided instructions and guidance for merchant representatives in the following article: https://nusupport.nebraska.edu/TDClient/33/Portal/KB/ArticleDet?ID=543
Review this article to be certain you are taking the appropriate actions to obtain and submit your eCommerce site Attestation of Scan Compliance.
Direct questions to ITS-Security-Compliance at its-sec-compliance@nebraska.edu
We will continue with the goal of completing our compliance efforts by June 30th of each year. This is consistent with efforts on the other campuses as well.