Payment Card Industry Data Security Standards
The Payment Card Industry Security Standards Council (PCI SSC) sets the standards for processing credit card transactions for its member corporations. Cards represented by its members include Visa, MasterCard, American Express, Discover and JCB International. The standard is the Payment Card Industry Data Security Standards (PCI DSS), which is an extensive set of standards that all merchants must follow in conducting credit card transactions.
Samford University began implementing solutions to become PCI DSS compliant in 2009 when it moved online tuition payment processing systems offsite to a company dedicated to credit card processing for higher education. In 2011 the university formed a PCI Compliance Working Group and engaged an outside firm specializing in PCI compliance. A qualified security assessor was part of the engagement and has aided Samford University in its progress toward PCI compliance in all its credit card processing activities.
The PCI Compliance Working Group is a body that is called into session as needed. The group reviews PCI DSS changes, policy and process changes, and considers major changes in operations, major new products or technologies, and how they may affect compliance status of the university. This group originally met regularly, until compliance was reached and now meets only when called for. The group is intended to directly engage with departments of the university who take or want to take credit cards to assure that operations are PCI compliant, that personnel are trained and that necessary controls are in place to assure reliability of transactions and protection of our customers.