text only
SIUE Wordmark
Future Students | Current Students | Faculty & Staff | Alumni | Business Partners | Parents | Community | Veterans
ADMISSIONS
ACADEMICS & LIBRARY
RESEARCH
EVENTS
GIVING
ATHLETICS
MAPS & DIRECTIONS
NEWS
ABOUT SIUE
Apply
Contact SIUE
Office of the Bursar
Institutional Header
Payment Due Date
Contact Us
Cougarnet
You are here: Office of the Bursar:
Search the Bursar's Web Site
Google
Bursar Services
Address Changes
Contact Us
College Illinois
Financial Agreement
Forms
FAQ Students
FAQ Third Parties
Installment Payment Plan
MBA and MMR Students
Payment Options
Refunds
Tax Information
Viewing Your Bill
Wire Transfer
Links of Interest
Financial Aid
Housing
Parking
Service Center
Textbook Services
Transcript Request
Tuition and Fees
More Information
Check Cashing on Campus
Bank Returned Checks
Illinois Tuition Subsidy
Late Registration
Loan Cancellation
School of Dental Medicine
Student to Student Grant Fee
Voter Registration
Withdrawal

Office of the Bursar

Credit Card Security

The University has established the SIU PCI DSS Information security Policy in order to protect personal cardholder information.  Click here to review SIU Policy.

University staff members involved with credit card processing must complete annual security awareness training.  Contact Dawn Sparks, dsparks@siue.edu, to access the training through  Blackboard.

Credit card merchants must complete an annual Self-Assessment Questionnaire and schedule scans and penetration testing through TrustKeeper.  Contact Dawn Sparks, dsparks@siue.edu, if you have questions.

Frequently Asked Questions

1. What is PCI DSS?

Payment Card Industry Data Security Standards (PCI DSS) is the result of a collaboration of the major credit card associations to establish a single data security standard designed to protect sensitive cardholder information.  Any entity that stores, processes or transmits cardholder data (including credit and debit cards) must comply with PCI DSS requirements.

2. What are PCI DSS requirements?

PCI DSS requirements are defined by the Payment Card Industry Security Standards Council (PCI SSC).  Within the standards there are 12 basic requirements and over 180 specific tasks.  Visit the PCI SSC website at https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml.

3. Who has to comply with PCI DSS?

Any entity that stores, processes or transmits cardholder data (including credit and debit cards) must comply with PCI DSS requirements.

4. What can happen if I am not in compliance with PCI DSS?

  • Non-compliance can result in fines and remedial efforts that could easily exceed $1 million. Costs include fines, forensic exams, cardholder notifications, setup of a call center, credit monitoring and more costly compliance requirements.  The costs would be the responsibility of the merchant.
  • Fraud and identity theft are a risk to customers (students, faculty/staff and general public) if a department is non-compliant.
  • Breach of cardholder information can result in negative publicity and damage to SIU’s reputation.
  • Non-compliance can result in the loss of credit card and debit card acceptance privileges.

5. Who do I contact if I believe credit card information may have been compromised?

Contact Bursar’s Office Cathy Foland, cfoland@siue.edu, 618-650-3138 or Dawn Sparks, dsparks@siue.edu, 618-650-5273. Campus Police and Information Technology Services would also be involved in an investigation.

6. Who has to attend annual credit card security training?

Annual training is required for personnel processing credit cards in one of the following categories:

  • Has access to cardholder data
  • Fiscal officer of account in which credit card payments are credited and/or their delegate
  • Handles credit card payments as part of their regular job duties. Personnel who handle  credit card payments on a one time or temporary basis are recommended to attend training, but not required.  Personnel whose only contact with credit card information is to swipe cards through a credit card acceptance device, e.g., POS terminal, are not required to attend training.

7. What credit card information can I store?

If storage of cardholder information, electronic or hard copy is necessary, contact the Bursar’s Office to discuss acceptable storage methods.  When required for business purposes, the following information may be stored:

  • Primary Account Number (PAN)
  • Cardholder Name*
  • Service Code*
  • Expiration Date*

*Any of these elements stored in conjunction with the primary account number must be protected in accordance with PCI DSS requirements.

The following information may never be stored subsequent to authorization:

  • Full Magnetic Stripe
  • Card Validation Code (CVC2/CVV2)
  • PIN/PIN Block

8. How do I get approval to begin accepting credit card payments or to begin using a new credit card processing method?  (Such as accepting online payments at an SIUE website.)

Contact Bursar’s Office Cathy Foland, cfoland@siue.edu, 618-650-3138 or Dawn Sparks, dsparks@siue.edu, 618-650-5273.

9. I have a question not answered on this website.  Who should I contact?

Cathy Foland, cfoland@siue.edu, 618-650-3138

Dawn Sparks, dsparks@siue.edu, 618-650-5273

The 'e'

© 2013 SIUE, Edwardsville, IL | Consumer Disclosures | Privacy Policy | Legal Notices | Equal Opportunity Employer | Employment | Emergency Notification | my siueWebmail Blackboard Cougarnet