Payment Card Industry Data Security Standard (PCI DSS) Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.  This standard is designed to minimize both the chance of a card member data compromise and the effects if a compromise does occur

PCI DSS applies to all organizations that accept payment cards as a method of accepting financial gifts or in exchange for goods or services.  PCI DSS also applies to all types of payment card activities transacted in-person, over the phone, via fax, mail or Internet.

New credit card handling security standards and a credit card security self assessment questionnaire have been developed which require campus departments (both state and auxiliaries organizations) taking credit or debit cards for payment to notify the Information Security Office and conduct a yearly self assessment.