Skip to main content

PCI DSS Compliance Program at USU

USU has created a Payment Card Industry Data Security Standard (PCI DSS) Compliance Program to help Merchants manage their compliance and to foster the adoption of best practice in cash handling and data security. 

What is PCI DSS?

PCI DSS is a set of requirements designed to ensure ALL merchants that process, store or transmit credit card information maintain a secure environment. PCI DSS includes technical and operational requirements for security management, policies, procedures, network architecture, software design and other critical protective measures to prevent credit card fraud, hacking and various other security vulnerabilities and threats.

The standards apply to all University Merchants, employees, vendors and organizations that store, process or transmit cardholder data in the University's behalf. Click here to visit the Payment Card Industry Data Security Standards website.


Who manages the PCI Compliance Program at USU? 

USU has created a PCI Committee who helps oversee and coordinates PCI efforts.  The PCI Committee reports to the Vice President of Business and Finance and is chaired by the PCI Compliance Officer. Other members of the committee include Associate Vice President of Business and Finance, the Manager of Treasury Services, the Manager of IT Security and System Engineers, the Manager of IT Networks, the IT Security Representative who performs PCI penetration testing, and the IT representative of Campus Store.

The PCI Committee also works closely and coordinates compliance efforts with the Controller's Office, Cash Handling Committee, USU Card Office, Risk Management, General Counsel, and the Chief Compliance Officer. 

What version of PCI Data Security Standards is USU currently using? 

Currently, USU is using PCI DSS version 3.2.1 security standards. All reference within these websites refer to this version and respective requirements. 

What are the risks associated with non-compliance to PCI DSS? 

Failure to comply with the Payment Card Industry Data Security Standards can result in:
 

  • Large fines and fees assessed by each Merchant Services, Visa, Master Card, Discover, and American Express 
  • External Audit costs 
  • A loss of reputation and University brand damage
  • Additional costly, ongoing PCI DSS reporting requirements
  • Loss of payment card privileges for the University
  • Loss of customer trust and confidence


What are the Policies and Procedures relevant to PCI DSS? 

USU Cash Handling Policy #530

USU Protecting Private Sensitive Information and Critical Institutional Data Policy #558

USU Computer Management Policy #551

USU Network Monitoring & Vulnerability Scanning Policy #555

USHE Information Security Policy R345