• Office of the Treasurer
  • External Agency Policy and Agreements
  • Functions
  • Organizational Chart
  • Signature Delegation Authority
• Banking Services
  • Banking Announcements
  • Banking FAQ
  • Banking Information
    • Accepting Foreign Checks
    • Accepting Foreign Checks for Deposit
    • Foreign Item Deposit Restrictions
    • Bank Holiday Schedule
    • Banking References
    • Banking Structure
    • Check 21
    • Claiming Funds Received Electronically
    • Deposit Tickets
    • Endorsement Stamps
    • IU Paycard
    • Recurring Payments
    • Remote Capture Instruction Sheet
  • Banking Terms
  • RFP Archive
  • Sending Money to IU
• Capital Finance
  • Capital Financing Policy
  • Internal Loan Policy for Capital Construction and Renovation
  • Internal Operating Loans
  • Institutional Credit Guidelines
  • IU Bond Holder Relations
  • Statutory Borrowing Limitations
  • Swap Policy
• e-Business
  • e-Business
    • e-Business & Banking Seminar
    • e-Business Governance & Mgmt Structure
    • e-Business Responsibilities
    • Overview e-Business Process
  • IUPayPlus
    • IUPayPlus
    • IUPayPlus Centrally Managed
    • IUPayPlus Centrally Managed Refund Request
    • IUPayPlus Departmentally Managed
    • IUPayPlus Merchant Agreement
    • IUPayPlus Setup Request
  • Payment Card Services
    • Accepting Payment Cards (Credit/Debit)
    • Accounting for Fees
    • Accounting for Transactions
    • Chargebacks & Copy Requests
    • Convenience Fee Approval
    • Frequently Asked Questions
    • Operating the POS Machine
    • Payment Card Identification Features
    • Payment Cards Terms
    • Supply Request Form
  • Web-based Payments
    • Fees
    • General Information
    • Responsibilities
    • Transaction Flow
    • Web-Based Merchant Agreement
• Endowments & Investments
  • Investment Terms
  • IU Foundation-Held Endowment Fund Contact Info
  • IU-Held Endowment Fund Contact Info
  • IU Investment Policy & Guidelines
  • IU Investment Strategy
• Financial Information
  • Financial Reports
  • IU Fact Book
  • SEC Information Disclosure Report
• General Information
  • Newsletters, Reports & Statistic Charts
  • Privacy Policy
  • Resource Links
  • Treasury Staff
  • Unclaimed Property
  • Visiting Our Offices
    • Bloomington Parking
    • Campus Parking
    • Hotels & Restaurants
    • Maps & Directions
    • Points of Interest
• Investor Relations
• Payment Card Industry Data Security Standards (PCI DSS)
  • PCI DSS Memo February 2007
  • Trustwave
• Policies
• Research Request
• Tax Related
  • Financial Management Services - Tax Page
  • Tax Institute (TIFCU)
• Training
  • e-business & Banking Seminar Registration
  • e-business & Banking Seminar Slides
  • Revenue Processing Training Registration
  • Revenue Processing Tutorial
• V.P. & C.F.O.

Trustwave Relationship

The Office of the Treasurer has contracted with Trustwave to provide us access to an online portal called Trustkeeper. The Trustkeeper portal will allow each department to go online and fill out their annual Self-Assessment Questionnaire. The Self-Assessment Questionnaire is an annual process to verify each locations compliance with the Payment Card Industry Data Security Standard (PCI-DSS).

The process will begin with the main Payment Card contact for each merchant location receiving a Welcome Email from Trustwave. Only one person in each area will receive this email. The email will contain a link to the Trustkeeper Portal as well as your access information. You will need to click on the link and complete the registration. The registration process must be completed in one sitting and should only take 5 to 10 minutes. The information you will need to complete the registration process is as follows:

• Your merchant ID or Account Number (not FIS Account number)
• Card brands you accept (Visa, MasterCard, Discover, American Express)
• Acceptance channel (in person/card present, eCommerce, telephone, mail-in, etc.)
• Card transaction volumes (both $ and # for month and year) (estimates are okay)
• How you send your transactions to our processor
• If applicable, how you connect to the Internet
• If applicable, manufacturer/vendor name and model/version of Point-of-sale terminal or application

If you have an eCommerce website, you will need (if applicable):

• Shopping card software in use
• Hosting Provider
• Third-party service provider or payment gateway

Once the registration process is complete, you will need to choose which Self-Assessment Questionnaire applies to your location.

• SAQ A – Outsourced e-commerce merchants
• SAQ B – Imprint machines or stand-alone dial up terminals (no internet connection used for processing transactions and no online storage of data)
• SAQ C – Payment application connects to internet, but not to any other systems (i.e. databases or other systems)
• SAQ D – All others

If you are unsure of which SAQ to choose, please contact Payment Card Services via email or phone 812-855-0586.

The questions will all be Yes/No questions and should be answered truthfully.  You may print the SAQ if you need others in your area to provide responses.  You may also grant access to others in your department either online via the Trustkeeper Portal or by calling the Trustkeeper help desk at 1-800-363-1621.

While the questionnaire will assess our compliance at a point in time, you must remember that compliance with PCI DSS is an ongoing process.  If you make changes to how you process, you will need to ensure that you are still in compliance with the PCI DS Standard.

The deadline for completing the SAQ is September 26, 2008.