Carnegie Mellon University

PCI DSS Security Training for Vendors

The Information Security Office has licensed Online Security Training from Wombat Security Technologies to provide staff members working with the University dinning vendors and who handle credit card information with an online PCI DSS interactive training.  If a vendor does not have an AndrewID, the best option is group training where an individual with an AndrewID logs in among a group of individuals and the training is taken together.  All attendees should sign the merchant training form as proof of training completion.  If a group training session does not work for your purposes, please contact us at for more information and other options.  DO NOT share an AndrewID and password with anyone for this purpose.

You can access training modules through Online Security Training Platform, and by taking the following steps:

  1. Visit Online Security Training Platform at
  2. You will be directed to a CMU WebISO Login Page
  3. Enter your your andrew email address and password
  4. You will be directed to the Welcome page
  5. Select the PCI DSS Training Module

PCI DSS training is an annual requirement, please complete the PCI DSS training by early May of each reporting year.

If you have any question about the PCI DSS Online Security Training module please contact, and if you have difficulties accessing the training platform, please contact