full screen background

Credit Card Payments

The Payment Card Industry Data Security Standard (PCI DSS) is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This standard is designed to minimize both the chance of a card member data compromise and the effects if a compromise does occur.

PCI DSS applies to all organizations that accept payment cards as a method of accepting financial gifts or in exchange for goods or services. PCI DSS also applies to all types of payment card activities transacted in-person, over the phone, via fax, mail or Internet. The Foundation is subject to this PCI DSS and required to follows all of Chico State's requirements. Below is a link to the CSU, Chico site for PCI DSS Compliance.

CSUC http://www.csuchico.edu/isec/pcidss_compliance.shtml

In order to ensure PCI compliance, the Foundation has implemented the Credit Card Information Handling Procedures. Any individual handling credit card information via Foundation accounts must read, sign, and return the form to the RF Administration.

The Credit Card Information Handling Procedures addresses various PCI requirements including how to properly acquire and handle credit card information, as well as other responsibilities of the individuals handling that information. The procedures also refer to the background check requirement for those handling credit card information.

If the individual is a Foundation employee, which will be verified, HR needs to have documented that the individual has passed both a DOJ and FBI background check. If the individual is a Chico State employee (not also listed as a Foundation employee), then it is the responsibility of the individual to confirm with their supervisor that they have passed the required background checks through the State.

In order to ensure compliance, anyone who has not completed and submitted the Credit Card Information Handling Procedures by Friday, March 2nd, 2018 should be removed from handling credit card information until the Foundation receives the form. Individual who submit the Credit Card Information Handling will receive a confirmation via email once the form is received and approved.