PCI Compliance

Payment Card Industry (PCI) Data Security Standard (DSS) is a comprehensive set of technical requirements and testing methods designed to ensure the secure handling of sensitive information. Initially developed to unify the security programs of MasterCard and Visa, it was later adopted by other major card networks. In 2006, the PCI Security Standards Council was established to oversee these security standards, with founding members including American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International.

According to the Council, the PCI DSS is a detailed security standard encompassing requirements for security management, policies, procedures, network architecture, software design, and other essential protective measures.

In practical terms, the PCI DSS consists of 12 broad requirements organized into six key areas: building and maintaining a secure network, protecting cardholder data, managing vulnerabilities, implementing strong access controls, regularly monitoring and testing networks, and maintaining an information security policy.

There are two things to understand about PCI DSS:

1. These standards are not optional — acceptance of payment cards anywhere on campus makes us subject to the standards.
2. There can be significant financial costs to non-compliance.

Related information:

• Best Practices for Credit Card Processing
• USF Acceptable Use Policy & Agreement for POS Devices and PCI Network
• USF Physical Inspection for-POS Terminal for Morenis PCI Network Standard Operating Procedures