E-Commerce
Payment Card Industry Data Security Standard (PCI DSS)
Last modified 3/28/2024
What is the PCI Data Security Standard?
PCI Security Standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The standards apply to all entities that store, process or transmit cardholder data – with requirements for software developers and manufacturers of applications and devices used in those transactions. The Council is responsible for managing the security standards, while compliance with the PCI set of standards is enforced by the founding members of the Council: American Express, Discover Financial Services, JCB, MasterCard and Visa Inc.
The PCI DSS applies to all entities that store, process, and/or transmit cardholder data. It covers technical and operational system components included in or connected to cardholder data. If you accept or process payment cards, PCI DSS applies to
Who is Responsible for PCI DSS Compliance?
University departments, affiliated units, employees, contractors, consultants, temporaries, and other workers are all responsible for the PCI compliance of the University. The E-Commerce Committee, the Comptroller's Office, and the Information Security Office guide the University's compliance, risk management, and "paperwork" related to compliance.
The PCI DSS
The most recent copy of the standard can be downloaded from this link PCI_DSS_v4-0.pdf.
If the download link does not work you can obtain the current PCI DSS standards from the PCI Security Standards Council document library.