May 2026 Newsletter

Payment Card Processing Newsletter

MAY, 2026 ISSUE

Newsletter Contents

• PCI Compliance Paperwork Due Friday, May 22nd
• Quarterly PCI Scan Services
• PCI Compliance Courtesy Calls Can Be DisregardedRepresentatives
• COMING SOON: PCI Compliance Self-Assessment Questionnaires (SAQ)
• Payments Insider is an Essential Tool in Card Processingestations: Guidance for Merchant Representatives

PCI Compliance Paperwork Due Friday, May 22nd

The first step in PCI compliance is to collect your merchant account paperwork. The same documentation as in past years will be required.

How to get started! For each merchant account (MID), you’ll need to review, update, and submit:

• Merchant Profile – FY 2025-2026 forms are available here: https://pci.unl.edu/node/155/  (please use the current forms as fields may have changed)
• Procedures Document with Cardholder Data (CHD) Flowchart – narrative of processes with detailed information (no standard form)

Access last year’s PCI files to review documents and update information to accurately reflect your current processes. Save the updated documents with FY 2025-2026 date. New merchants will need to create all documentation. The procedures document is a narrative of your processes and should
incorporate the following:

•  make, model, serial number and location of all equipment*
• detailed description of card activity processes - individuals involved in payment processing
• storage/purge details of cardholder data (if appl.) - staff training requirements
• demonstration of segregation of duties in place - information on reconciliation process
• flowchart of cardholder data (CHD) - signature of dept head/business manage

   *Be sure your procedures are up to date to reflect new equipment.
    The popular Stand-alone Ingenico Desk 3500 terminals connect via Ethernet with SafeT Solo solution to encrypt data.

These procedures are not only necessary for us to gain an understanding of your CHD environment, but are needed so you, in the department, have an understanding of the process and ensure all necessary safeguards are in place for safe cash handling and security. They are also essential to meet
PCI documentation requirements.

Reminder: If you have multiple merchant accounts, we need a completed profile and procedures document with CHD flowchart for each merchant account/number.

If possible, submit documents as print to PDF.

Please submit your documentation by Friday, May 22 to: bursar@unl.edu 

Merchants will also be contacted to do a SAQ, coming soon (see page 2).

Quarterly PCI Scan Services

The ITS Security Program Management Team provides required quarterly PCI scan and quarterly PCI scan attestation services through their PCI
Service Catalog, available here: https://nusupport.nebraska.edu/TDClient/33/Portal/Requests/ServiceDet?I…

 PCI Compliance Courtesy Calls Can Be Disregarded

Representatives from Elavon’s PCI Compliance Manager may call you and offer to complete PCI compliance as a courtesy for new merchant accounts or merchants with annual compliance due. Please decline the offer as we handle PCI compliance within UNL. We have let Elavon know that we do not wish to receive these calls.

COMING SOON: PCI Compliance Self-Assessment Questionnaires (SAQ)

One of the most important merchant responsibilities for maintaining PCI compliance is completing and submitting the annual Self-Assessment Questionnaire (SAQ). To meet this responsibility, each University merchant account is required to submit a SAQ thru the Elavon PCI Compliance Manager portal.

• If your department uses only Stand-alone terminals, the PCI Team will collect the necessary information on a SAQ form
  and submit the SAQ on your behalf as a single group. Watch for the SAQ form to come via Docusign.
• For merchants with unique operations or non-Stand-alone terminal setups, such as eCommerce stores or Point of Sale
  Registers, we will schedule Zoom meetings to aid in completing and submitting the required SAQ. The Zoom meetings
  will primarily occur in June. Watch for a Zoom meeting setup email.

ATTN New Merchants: If your merchant account is new this year, you may have done a mid-year SAQ. We will still ask you
to repeat the SAQ process in June to align your compliance reporting with the rest of the University merchants.

We will continue with the goal of completing our compliance efforts by June 30th of each year. This is consistent with efforts
on the other campuses as well.

Payments Insider is an Essential Tool in Card Processing

Elavon’s Payments Insider website is available for merchants to review their card transactions, confirm settled batches, and download the monthly bank statement. The site may be a good resource for troubleshooting a transaction or exporting sales reports.

Login to Payments Insider: https://www.mypaymentsinsider.com/ui/#/us/en_US/login

Commonly Used Features:
Bank Statement - Download your monthly bank statement on the 1st of each month. The statement provides a record of the previous month’s sales and fees activity and ties to the Bursar’s Office monthly allocation of sales and fees. It is an important piece of your reconciliation process, provides documentation of your card fees, and enables departments to review sales and fees to ensure all activity is appropriate.
Sales Report - view & export sales by settled batches, including individual transaction level details.

  + Additional Filter - filter your search by different criteria such as Card Number (first 6 digits, 6 asterisks * as blanks, last 4 digits), Settled Amount, Order Number, Terminal ID, etc.

Need Access? Contact Lisa Hilzer in the Bursar’s Office to request access to the website.

Notify Lisa when an employee has left the department so access can be disabled.