Skip to main content

Payment Card Industry Data Security Standard (PCI DSS)

Payment Card Industry Data Security Standard (PCI DSS)


Established in 2004 by the four major credit-card companies (Visa, MasterCard, Discover, and American Express) the  Payment Card Industry Data Security Standard  (PCI DSS) is now a widely accepted set of policies and procedures with the common goal of optimizing the security of credit, debit, and cash card transactions as-well-as protecting cardholders against  the  misuse of personal information.

Program component details:

The Payment Card Industry (PCI) requires that the university has a contractual obligation to comply with PCI Security Standards. Departments using credit cards for payment must adhere to these requirements.

  • All departments that accept, process, store, and transmit credit card data as payments to the university must be compliant with the PCI Data Security Program.
  • Departments must complete and return a self-assessment questionnaire annually with the Director of Treasury Operations.
  • All personnel who collect, handle, or process PCI data are required to take annual awareness training.

The Office of Treasury Operations is responsible for credit cards and the establishment of merchant account numbers. Departments who want to begin accepting credit cards for goods or services with the university must comply with the Payment Card Industry Data Security Standard.

Review additional resources below for policy and training requirements.

PCI program support and additional resources 

PCI training

Register for this required training upon management approval.

Policies and procedures

Review applicable PCI policies and procedures.


Contact us with additional questions regarding PCI.