Credit Card Security
The University has established the SIU PCI DSS Information security Policy in order to protect personal cardholder information. Click here to review SIU Policy.
Credit card merchants must complete an annual Self-Assessment Questionnaire and schedule scans and penetration testing through TrustKeeper. Contact Dawn Sparks, firstname.lastname@example.org, if you have questions.
Frequently Asked Questions1. What is PCI DSS?
Payment Card Industry Data Security Standards (PCI DSS) is the result of a collaboration of the major credit card associations to establish a single data security standard designed to protect sensitive cardholder information. Any entity that stores, processes or transmits cardholder data (including credit and debit cards) must comply with PCI DSS requirements.
2. What are PCI DSS requirements?
PCI DSS requirements are defined by the Payment Card Industry Security Standards Council (PCI SSC). Within the standards there are 12 basic requirements and over 180 specific tasks. Visit the PCI SSC website at https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml.
3. Who has to comply with PCI DSS?
Any entity that stores, processes or transmits cardholder data (including credit and debit cards) must comply with PCI DSS requirements.
4. What can happen if I am not in compliance with PCI DSS?
5. Who do I contact if I believe credit card information may have been compromised?
Contact Bursar's Office Cathy Foland, email@example.com, 618-650-3138 or Dawn Sparks, firstname.lastname@example.org, 618-650-5273. Campus Police and Information Technology Services would also be involved in an investigation.
6. Who has to attend annual credit card security training?
Annual training is required for personnel processing credit cards in one of the following categories:
7. What credit card information can I store?
If storage of cardholder information, electronic or hard copy is necessary, contact the Bursar's Office to discuss acceptable storage methods. When required for business purposes, the following information may be stored:
*Any of these elements stored in conjunction with the primary account number must be protected in accordance with PCI DSS requirements.
The following information may never be stored subsequent to authorization:
8. How do I get approval to begin accepting credit card payments or to begin using a new credit card processing method? (Such as accepting online payments at an SIUE website.)
9. I have a question not answered on this website. Who should I contact?
Cathy Foland, email@example.com, 618-650-3138
Dawn Sparks, firstname.lastname@example.org, 618-650-5273