Training Documents

PCI Training Youngstown State University


In response to consumer concerns with the security of credit card usage, the Payment Card Industry (PCI) council – which includes American Express, Discover, MasterCard, and Visa – has issued Payment Card Industry Data Security Standards (PCI DSS) which must be complied with by any business or organization accepting those card brands. If compliance is not maintained, Youngstown State University could lose its right to accept those cards, suffer fees, fines, permit financial harm to befall our stakeholders, and irreparably damage the University’s reputation.

Part of the University’s PCI Compliance Plan is an annual PCI training conducted by the Bursar.


PCI Council Training Video


Which statement below is true?

  1. The only person who should be presenting a credit card to you for payment is the person whose name is on the front of the card and their name is signed.
  2. It is okay to accept a parent's credit card from a student as long as their last name matches and they can show proof of relationship.
  3. It is okay to accept a spouse's credit card if the last names match.
  4. It is okay to accept someone else's credit card if the person in possession of the card has a signed letter from the owner of the card and their signature.
  5. The Correct Answer is statement number 1.


Due Diligence for Employees (including Student Employees) who work with credit cards, and/or credit card machines.…

  • The machines should be settled every night after closing.
  • Do not allow anyone to inspect or remove the machine unless you know who they are.
  • If your machine appears to have been tampered with, please contact Gloria Kobus, Bursar. You are required to keep the signed copy of the credit card receipt for 18 months.
  • It is OK to hand enter credit card numbers, (phone, fax, and US mail are okay as long as the credit card number is kept secure until entered and destroyed afterwards). DO NOT accept credit card numbers taken through e-mail.
  • If a credit card is denied, do NOT override under any circumstances (phone call from a “bank” for example).
  • You should not accept an unsigned card.
  • Do not accept a credit card if the signatures do not match, the card appears to have been altered or tampered with, or you are told when the card is swiped to “pick up” the card.

Which of the following are red flags for potential credit card fraud and may indicate that a closer inspection of the card or extra identification may be required?

  • The person using the credit card tries to distract or rush you during the sale.
  • The person makes a large purchase right after opening or right before closing.
  • A purchase is made, and the person leaves and then returns to make more purchases.
  • The card appears to have been altered or damaged.

All of Above statements are red flags for potential credit card fraud.


General Reminders :

Make sure you are not storing full credit card numbers anywhere. Please double check old forms on file, old receipts, ect. Black out or destroy the credit card number. It is NOT okay to throw away old credit card receipts with full credit card numbers – PCI requirements override record retention requirements.


Additional Reminders!!!!

  • Please double check to make sure there are no Social Security numbers on old forms or stored in your computer. Do not post or display SSNs or transmit over the internet.
  • Limit access to personal information as much as possible.
  • Be sure to change passwords on a regular basis and never use default passwords.
  • Secure customer records and information by locking rooms and file cabinets.
  • If you think that you’ve had a compromise/breach (for example, a locked cabinet with credit card numbers waiting to be entered was broken into), please contact the Bursar. The Bursar will work with the department to determine the extent of the breach and may need to contact Visa etc., the local FBI, and/or U.S. Secret Service.
  • Please make sure anyone in your department who will be working with credit cards completes this training.

Just a reminder for departmental credit card users, please do not write down the credit card number for someone else to use and make sure when entering the credit card number on-line that it is only through a secure site (https).


Which of the following could indicate a counterfeit credit card?

  • The embossing on the card is illegible or the card doesn't have an expiration date.
  • If the name on the card does not match the signature or there is a misspelling.
  • The hologram is not clear or the picture in the hologram does not move.
  • If the card does not start with the correct numberic digit
    • All American Express cards start with a 3
    • All Visa cards start with a 4
    • All MasterCards start with a 5
    • All Discover cards start with a 6


Breaking down the avg. cost:

  • Average cost per breach: $5.4 million
  • $400k on detection on escalation cost
  • $565k on notifications
  • $1.4 million of post breach cost
  • $3 million on lost customer base