December 12, 2014

(including UC San Diego Health System)

SUBJECT:    Payment Card Industry (PCI) Report of Compliance Program at UC San Diego

The security of payment card transactions at UC San Diego is a continuing high priority. We have 205 merchants at UC San Diego including the Medical Center who accept payment cards generating over a million transactions in 2013. Recent national news of payment card breaches at large banking and retail outlets has strongly affirmed the necessity for vigilance.

UC San Diego is moving to a higher level of PCI compliance certification because of the level of payment card activity we generate. This is our first year for compliance per PCI Data Security Standard v.3.0. In previous years each merchant was allowed to self-certify through self-assessment questionnaires (SAQ's). These self-certifications have now been replaced by a Report of Compliance (ROC), essentially an independent audit of our documented card holder data environments. The ROC is supported at UC San Diego by an independent Qualified Security Assessor (QSA). Our QSA is Coalfire Systems Inc.

Independent of the ROC, we are also migrating all UC San Diego merchants to EMV (Europay, MasterCard and Visa), a global standard for inter-operation of integrated circuit cards (IC cards or "chip cards") and IC card capable point of sale (POS) terminals and automated teller machines (ATMs).

To kickoff this effort, Business & Financial Services (BFS), in collaboration with Administrative Computing & Telecommunications (ACT), will jointly lead a meeting in the Supercomputer Center Conference room SDSC B210/211 & 212 - Ground Level East Building on January 8, 2015 from 8:30am to 11:30am. Coalfire, our QSA, will also be present to explain the ROC from their perspective. This meeting is intended for business officers and IT specialists responsible for ensuring compliance for each UC San Diego merchant account.

If you have any questions, please contact Armando Carlsson at (858) 822-0247 or Kevin Wong at (858) 534-2847.

Deborah A. Rico
Interim Controller/Assistant Vice Chancellor
Business and Financial Services