Governance and Compliance Requirements for Payment Card Activities

FIN-037

The University is committed to protecting cardholder data from loss or compromise. Consistent with that commitment, the University requires adherence to the Payment Card Industry Data Security Standards (PCI-DSS). In addition to protecting cardholder data, adherence to PCI-DSS reduces the likelihood of fines, penalties, and reputational damage to the University associated with data breaches.

The University’s adherence to the PCI-DSS is a contractual requirement. This policy identifies the administrative offices responsible for establishing business processes for University units that process, store, or transmit cardholder data. Cardholder data are “highly sensitive data” subject to the security requirements of University policy and must be protected in accordance with all related University policies, standards, and procedures in addition to the PCI-DSS.

[Note: The aligned policy for the Medical Center is 0335, Use of Payment Cards at the Medical Center.]

Applies To
Academic Division
The College at Wise
Approved On
Contact Office
University Payment Card Services
Keywords
Payment Card
Payment Card Activities
Cardholder Data
End User License Agreement
Merchant
Last Revised
Major Category
Finance and Business Operations
Oversight Executive
Vice President for Finance