|
Size: 2358
Comment:
|
Size: 2536
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 9: | Line 9: |
| PCI compliance is the process of demonstrating alignment and conformance with the Payment Card Industry Data Security Standards. | The Payment Card Industry Data Security Standard (PCI DSS) is a global standard created to help organizations accept credit cards in a manner the helps prevent fraud. PCI compliance is the process of demonstrating alignment and conformance to PCI-DSS. More information on PCI is avaible from the PCI Security Standards Council's website at https://www.pcisecuritystandards.org/ |
| Line 13: | Line 15: |
| PCI compliance is required anytime a credit card number is stored, processed, or transmitted. In essence, you can assume PCI standard apply any time credit cards are involved. | PCI compliance is required anytime a credit card number is stored, processed, or transmitted. In essence, you can assume PCI standards will apply any time a credit card is involved. |
| Line 17: | Line 19: |
| Maintaining payment security is required for all entities that store, process or transmit cardholder data. Oakland University must attest compliance with PCI standards annually and when changes to the environment, such as new solutions, are made. Failure to comply with PCI standards can result in fines and/or the inability for the University to accept payment by credit card. | Maintaining payment security is required for all entities use credit cards. Oakland University must attest to compliance with current PCI standards annually and when new solutions that accept credit card payments are introduced. Failure to comply with PCI standards can result in fines and/or the inability for the University to accept credit card payments. |
| Line 22: | Line 24: |
=== Example === {{{ xxx }}} === Display === xxx |
PCI COMPLIANCE FAQ
What is PCI Compliance?
The Payment Card Industry Data Security Standard (PCI DSS) is a global standard created to help organizations accept credit cards in a manner the helps prevent fraud. PCI compliance is the process of demonstrating alignment and conformance to PCI-DSS.
More information on PCI is avaible from the PCI Security Standards Council's website at https://www.pcisecuritystandards.org/
When does PCI Compliance Apply?
PCI compliance is required anytime a credit card number is stored, processed, or transmitted. In essence, you can assume PCI standards will apply any time a credit card is involved.
Why does a card processing solution have to demonstrate and maintain compliance?
Maintaining payment security is required for all entities use credit cards. Oakland University must attest to compliance with current PCI standards annually and when new solutions that accept credit card payments are introduced. Failure to comply with PCI standards can result in fines and/or the inability for the University to accept credit card payments.
When I'm selecting a solution that accepts, stores, processes, or transmits cardholder data, what do I put in the Request for Proposal or look for in the software agreement?
The awarded Vendor is required to provide their own payment card processing and network connection, and accept the University’s PCI Compliance contract language. The Vendor must also supply all of their own network connectivity, from ISP to port level, to test equipment, if needed. Compliance with Payment Card Industry Data Security Standards https://www.pcisecuritystandards.org/ Required for Service Provider solutions that involve payment card processing. The awarded Vendor is required to periodically demonstrate compliance with the Payment Card Industry Data Security Standard, “PCI DSS”, and will achieve and maintain PCI DSS compliance against the current version of PCI DSS published on the PCI Security Standards Council “PCI SSC” website. The Vendor will create and maintain reasonable detailed, complete and accurate documentation describing the systems, processes, network segments, security controls, and dataflow used to receive, transmit, store and secure their CHD. Such documentation will conform to the most current version of PCI DSS. Refer to Exhibit C.