PCI COMPLIANCE FAQ
What is PCI Compliance?
PCI compliance is the process of demonstrating alignment and conformance with the Payment Card Industry Data Security Standards.
When does PCI Compliance Apply?
PCI compliance is required anytime a credit card number is stored, processed, or transmitted. In essence, you can assume PCI standard apply any time credit cards are involved.
Why does a card processing solution have to demonstrate and maintain compliance?
Maintaining payment security is required for all entities that store, process or transmit cardholder data. Oakland University must attest compliance with PCI standards annually and when changes to the environment, such as new solutions, are made. Failure to comply with PCI standards can result in fines and/or the inability for the University to accept payment by credit card.
When I'm selecting a solution that accepts, stores, processes, or transmits cardholder data, what do I put in the Request for Proposal or look for in the software agreement?
The awarded Vendor is required to provide their own payment card processing and network connection, and accept the University’s PCI Compliance contract language. The Vendor must also supply all of their own network connectivity, from ISP to port level, to test equipment, if needed. Compliance with Payment Card Industry Data Security Standards https://www.pcisecuritystandards.org/ Required for Service Provider solutions that involve payment card processing. The awarded Vendor is required to periodically demonstrate compliance with the Payment Card Industry Data Security Standard, “PCI DSS”, and will achieve and maintain PCI DSS compliance against the current version of PCI DSS published on the PCI Security Standards Council “PCI SSC” website. The Vendor will create and maintain reasonable detailed, complete and accurate documentation describing the systems, processes, network segments, security controls, and dataflow used to receive, transmit, store and secure their CHD. Such documentation will conform to the most current version of PCI DSS. Refer to Exhibit C.