Payment Card Industry Data Security Standard (PCI DSS)

Background

The PCI Security Standards Council is a global forum for the industry to come together to develop, enhance, disseminate, and assist with the understanding of security standards for payment account security. The organization was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and VISA, Inc. The current PCI Standards include, among others, the following components:

PCI Data Security Standard (PCI DSS)
PCI PIN Transaction Security (PCI PTS)
Payment Application Data Security Standard (PA-DSS)
Point-to-Point Encryption (P2PE) Solutions

Overview

These security related standards were developed to secure all payment card information from unauthorized access and apply to all transactions surrounding the payment card industry and the merchants/organizations that accept these cards as forms of payment.

More information about the PCI DSS can be found at the PCI Security Standards Council website.

Requirements

The PCI consists of well over 300 controls that are broken down into the following requirements:

The following requirements stand out, particularly as they apply to UF staff and departments:

“Educate personnel upon hire and at least annually.” To satisfy this requirement, Merchant Services and UFHR Training and Organizational Development offer the online training course TRM125: Payment Card Security Awareness Training

The above training includes a Credit Card Security Ethics Certification to document their understanding of and willingness to comply with all University payment card security policies, directives, procedures and the PCI DSS. This requirement also applies in the case where a UF department outsources credit card payments to a third party vendor.