Payment Card Industry Data Security Standards (PCIDSS)
To reduce their losses due to credit card fraud, five members of the payment card industry, Visa, Inc., MasterCard Worldwide, American Express, Discover Financial Services, and JCB International (Japan Credit Bureau), banded together to develop security standards for any organization that accepts, captures, stores, transmits, and/or processes payment card information either manually or through an automated system. This set of standards is referred to as the Payment Card Industry's Data Security Standard, or PCI DSS. The PCI DSS is an evolving set of comprehensive requirements designed to enhance payment account data security. The PCI DSS contains six categories of requirements. These include building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures, regularly monitoring and testing networks, and maintaining an information security policy.
The university is committed to complying with the PCI DSS by ensuring the secure handling of payment card information. All university merchants accepting payment cards are required to comply with the PCI DSS and validate their PCI DSS compliance annually by completion of PCI Self Assessment Questionnaire (SAQ). The University Payment Card Coordinator will coordinate the annual validation with all university merchants.
PCIDSS Standards & Documents are available at the Council Website.