Payment Card Industry Data Security Standards
The Payment Card Industry Security Standards Council (PCI SSC) sets the standards for processing credit card transactions for its member corporations. Cards represented by its members include Visa, MasterCard, American Express, Discover, and JCB International. The standard is the Payment Card Industry Data Security Standards (PCI DSS). PCI DSS is an extensive set of standards that all merchants must follow in conducting credit card transactions.
Samford University began implementing solutions to become PCI DSS compliant in 2009 when it moved online tuition payment processing systems offsite to a company dedicated to credit card processing for higher education. In 2011 the university formed a PCI Compliance Working Group and engaged an outside firm specializing in PCI compliance. A Qualified Security Assessor was part of the engagement and has aided Samford University in its progress toward PCI compliance in all its credit card processing activities.
The PCI Compliance Working Group is an ongoing body that reviews all new applications to take credit cards and oversees activities related to credit card processing for the university. This group meets regularly and is directly engaged with departments of the university who take or want to take credit cards to assure that operations are PCI compliant, that personnel are trained, and that necessary controls are in place to assure reliability of transactions and protection of our customers.