Payment Card Industry (PCI) Data Guidelines
- Applies to:
- Last updated: January 4, 2018
PCI is an acronym referring to the Payment Card Industry Data Security Standard (PCI-DSS). It is a common standard adopted by credit card companies such as Visa and MasterCard to ensure the safe handling of sensitive payment card information.
Why do I or my departments need to care about PCI?
PCI is important to you if you or your department takes credit cards on behalf of the University to conduct financial transactions. In order to collect credit card information our credit card systems and processes need to meet the requirements established in the PCI-DSS.
If we do not choose compliant payment card solutions or mishandle credit card information we are introducing serous risk to the University. Penalties for not being compliant with PCI-DSS can result in fees to the institution or losing the right to process credit cards altogether.
When choosing to take credit cards in your department you should do it in a way that minimizes risk to the University.
How can Calvin University reduce its risk exposure when collecting credit card information?
We can reduce risk to the University by making sure departments are aware of how to appropriately handle credit cards. At minimum the University needs to meet the standards and requirements found in the PCI-DSS.
Secondly, departments should collaborate with the best partners in our industry for payment card solutions that meet the appropriate PCI standards.
Finally, a significant portion of payment card risk can be reduced by establishing relationships with vendors that outsource the credit card processing operation from Calvin's campus networks. The burden of meeting a large portion of the PCI-DSS requirements is borne by another entity who has expertise in this area.
Who Do I talk to about PCI and being compliant in my department?
Financial Services is responsible for overseeing the payment card process for the University. They should be consulted prior to establishing credit card services or for any merchant account questions. Information Technology is your partner in selecting and implementing secure and compliant credit card software systems for your department. IT should be engaged early in the vendor selection process to provide systems and security expertise.
- Departments and offices
- Course code: