PCI is an acronym referring to the Payment Card Industry Data Security Standard (PCI-DSS). It is a common standard adopted by credit card companies such as Visa and MasterCard to ensure the safe handling of sensitive payment card information.
Why do I or my departments need to care about PCI?
PCI is important to you if you or your department takes credit cards on behalf of the college to conduct financial transactions. In order to collect credit card information our credit card systems and processes need to meet the requirements established in the PCI-DSS.
If we do not choose compliant payment card solutions or mishandle credit card information we are introducing serious risk to the College. Penalties for not being compliant with PCI-DSS can result in fees to the institution or losing the right to process credit cards altogether.
How can Calvin College reduce its risk exposure when collecting credit card information?
We can reduce risk to the College by making sure departments are aware of how to appropriately handle credit cards. At minimum the College needs to meet the standards and requirements found in the PCI-DSS.
Secondly, departments should collaborate with the best partners in our industry for payment card solutions that meet the appropriate PCI standards.
Finally, a significant portion of payment card risk can be reduced by establishing relationships with vendors that outsource the credit card processing operation from Calvin’s campus networks. The burden of meeting a large portion of the PCI-DSS requirements is borne by another entity who has expertise in this area.
Who do I talk to about PCI and being compliant in my department?
Financial Services is responsible for overseeing the payment card process for the College. They should be consulted prior to establishing credit card services or for any merchant account questions.
Information Technology is your partner in selecting and implementing secure and compliant credit card software systems for your department. IT should be engaged early in the vendor selection process to provide systems and security expertise.