News

UK Travel Policy, E-5-1, and related reimbursement form have both been revised. Form BPM E-5-1 (PDF)

The Accounts Payable department will resume teaching travel classes with the first one scheduled on February 17. The classes will cover both the policy and use of the form. Registration is through the myUK portal.

The Office of the Treasurer has University-wide responsibilities for the treasury, investments, banking services, payroll, purchasing, accounts payable, long-term debt, property records and risk management functions, for accounting and preparation of internal and external financial reports including the general purpose financial statements, and the coordination and oversight of the external (independent) audits.

photo of Angie Martin
Angela S. Martin
Vice President of Financial Operations and Treasurer
(859) 257-9830

Securing Financial Information

Payment Card Industry Data Security Standards (PCI DSS) is about our obligation to protect sensitive financial information, such as credit card data, of the University's customers read more »

PCI DSS and UK

We have an obligation to protect sensitive financial information, such as credit card data, of the University's customers. That is what PCI DSS is about.

The payment card industry, which includes VISA, MasterCard, American Express, Discover, and JBL, has issued new security standards to which all organizations that accept credit card data must comply. These new standards are called Payment Card Industry Data Security Standards, or PCI DSS. These standards have placed additional responsibilities on your department in connection with the acceptance of payment cards. Without compliance, the card industry may refuse to allow you to process credit cards or issue fees and fines for noncompliance. Therefore, every UK office that accepts credit cards must become PCI DSS compliant.

Credit card breaches happen proportionately more in higher education due in part to decentralized processing systems and open networks. Departments may think of PCI compliance as an Information Technology or Treasury issue, when in reality it is the responsibility of every department that accepts credit cards.

When a university implements a PCI compliance plan it not only protects itself, but also its students and employees. The Office of the Treasurer is coordinating a PCI compliance program to assess UK's compliance with the PCI standards, to educate University administrators, faculty, and staff on PCI, and to assist departments in the compliance process.

This website is designed to introduce you to this issue and give you an idea of what you can expect in the future. Thank you for educating yourself on this topic and for treating it with the respect it deserves.

— Kevin Sisler, Merchant Card Services Director

Links

To find out if your point of sale system or web payment processor is PCI DSS compliant, check these links:

List of Validated Payment Applications (PDF)
PCI DSS Compliant Service Providers (PDF)

Following are some useful links to learn more about the PCI DSS standards:

PCI Security Council
Straight Talk about Data Security, (PDF) by Walter Conway and Dennis Reedy, Business Officer, December 2007.
Cards at School, Why Banks View Campuses as High Risk Customers, (PDF) Dennis Reedy and Walter Conway, AEP Exchange, March 2007.
Boss, I think Someone Stole Our Customer Data, (PDF) Eric McNulty, Harvard Business Review, September 2007.
VISA
MasterCard
Discover
American Express

WARNING: Some Web sites to which these materials provide links for the convenience of users are not managed by the University of Kentucky. The University does not review, control, or take responsibility for the contents of those sites.