Policy & Procedures

PCI Compliance

Payment Card Industry (PCI) Compliance Policy

The President has approved a Payment Card Industry (PCI) Compliance Policy, P15-04. The purpose of this policy is to ensure that credit card and eCommerce activities are consistent, efficient, and secure to protect the interests of the University, its associated auxiliaries, and its customers. This policy applies to all types of credit card activity transacted in person, over the phone, via fax, mail, or the Internet. This policy provides guidance to ensure that credit card acceptance and eCommerce processes comply with the Payment Card Industry Data Security Standard (PCI DSS) and are appropriately integrated with the University’s financial and other systems.

If your organization or department is contemplating the use of a credit card, please read this policy, the data security standards, and fill out the application.

Policy for PCI

Payment Card Account Acquisition Or Change Procedures

Use the Application for Payment Card Account Acquisition or Change form for any change in the payment account including, but not limited to:

  • the use of existing payment card accounts for new purposes;
  • the alteration of business processes that involve payment card processing activities;
  • the addition or alteration of payment systems;
  • the addition or alteration of relationships with third-party payment card service providers, and
  • the addition or alteration of payment card processing technologies or channel

For questions regarding the implementation of this policy, call the University Cashier Office Manager.

Data Security Standard

PCI security standards are technical and operational requirements set by the Payment Card Industry Security Standards Council to protect cardholder data. The standards globally govern all merchants and organizations that store, process or transmit data – with new requirements for software developers and manufacturers of applications and devices used in those transactions. Compliance with the PCI set of standards is mandatory for their respective stakeholders and is enforced by the major payment card brands who established the Council: American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and VISA Inc.

For questions regarding the data security standards, call the Information Security Officer.