The Payment Card Industry Data Security Standard (PCI DSS) is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. PCI DSS applies to all organizations that accept payment cards as a method of accepting financial gifts or in exchange for goods or services. PCI DSS also applies to all types of payment card activities transacted in-person, over the phone, via fax, mail or Internet.
Chico State Enterprises is subject to this PCI DSS and required to follow all of Chico State's requirements. You can view the CSU, Chico site for PCI DSS Compliance https://www.csuchico.edu/isec/policies/pcidss.shtml(opens in new window).
In order to ensure PCI compliance, the Foundation has implemented the Credit Card Information Handling Procedures. Any individual handling credit card information via Foundation accounts must be approved by Foundation to do so. The Credit Card Information Handling Procedure must be completed and submitted to the administration office in order to initiate the approval process. Three requirements must be met prior to receiving Foundation approval.
Requirements
All staff and student assistants will be trained to handle and process confidential credit card information from customers (PCI DSS v3.1, section 9.5). All individuals must meet the following requirements prior to handing credit card information:
- The position/job requires access to credit card information
- Pass a background check
- Complete PCI training through DTS on an annual basis
If the individual is a Foundation employee, which will be verified, HR needs to have documented that the individual has passed both a DOJ and FBI background check. If the individual is a Chico State employee (not also listed as a Foundation employee), then it is the responsibility of the individual to confirm with their supervisor that they have passed the required background checks through the State.