Overview
Any University unit that collects credit card information must have security controls in place that comply with the Payment Card Industry Data Security Standard ("PCI"). These security controls include:
-
Must be protected behind an Enterprise Network Firewall.
-
Encrypt and protect cardholder data when either stored or transmitted.
-
Identify and protect systems from security vulnerabilities.
-
Implement strong access control measures that restrict access to credit card data.
-
Monitor and test networks to ensure the integrity and confidentiality of credit card data is maintained.
- Maintain an information security policy that addresses security controls and procedures.
If you have questions about complying with PCI, please call the Technology Help Desk at 412-624-HELP (4357).