University of Illinois System
Policies & Procedures

21.2.2 Validate PCI Compliance Annually

Policy Statement

All units that accept credit/debit cards must follow the Payment Card Industry Data Security Standard (PCI DSS) for credit/debit card security. Units must validate their compliance with the PCI Standard each year.

Before you change how you process credit/debit payments, contact Merchant Card Services to ensure that you remain in compliance. You may need to re-validate your compliance before your next scheduled annual validation.


To validate PCI compliance annually:

  1. The unit fiscal officer receives an email reminder from Merchant Card Services.
  2. Log on to the website URL contained in the email and follow the instructions to complete a Self-Assessment Questionnaire (SAQ). If you have difficulties answering the questions, contact Merchant Card Help at or 217-244-9384.
  3. Confirm that all staff are staying current with their annual Payment Card Data Security training.
  4. Merchant Card Services reviews the questionnaire and may contact the unit if there are any outstanding issues.

Related Policies and Procedures

10 Implement Internal Controls for Handling Cash and/or Checks

Additional Resources

PCI Security Standards Council
Payment Card Data Security Training

Last Updated: April 13, 2012 | Approved: Senior Associate Vice President for Business and Finance | Effective: November 2008