Payment Card Industry Data Security Standards
The PCI Security Standards Council was created by Visa, MasterCard, Discover, American Express and JCB to manage the credit card industry's security program. The Council created the Payment Card Industry Data Security Standard (PCI DSS) to protect cardholder data and to provide an actionable framework of security processes. This multifaceted security standard outlines requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. PCI DSS is a required standard for all organizations that store, process, or transmit credit card data.
These standards place additional responsibilities on your department in connection with your acceptance and/or protection of payment cards. Without compliance, the card industry may revoke merchant numbers and/or fine the university. USU attests our PCI DSS compliance quarterly to our Merchant Service Providers.
12 PCI DSS Requirements
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
If you have any questions or feel you may have a compliance issue, please do not hesitate to contact Monica Trippler via phone (435) 797-8410 or email. Monica will be happy to meet with you and address any concerns you may have.