PCI DSS and UK
We have an obligation to protect sensitive financial information, such as credit card data, of the University's customers. That is what PCI DSS is about.
The payment card industry, which includes VISA, MasterCard, American Express, Discover, and JBL, has issued new security standards to which all organizations that accept credit card data must comply. These new standards are called Payment Card Industry Data Security Standards, or PCI DSS. These standards have placed additional responsibilities on your department in connection with the acceptance of payment cards. Without compliance, the card industry may refuse to allow you to process credit cards or issue fees and fines for noncompliance. Therefore, every UK office that accepts credit cards must become PCI DSS compliant.
Credit card breaches happen proportionately more in higher education due in part to decentralized processing systems and open networks. Departments may think of PCI compliance as an Information Technology or Treasury issue, when in reality it is the responsibility of every department that accepts credit cards.
When a university implements a PCI compliance plan it not only protects itself, but also its students and employees. The Office of the Treasurer is coordinating a PCI compliance program to assess UK's compliance with the PCI standards, to educate University administrators, faculty, and staff on PCI, and to assist departments in the compliance process.
This website is designed to introduce you to this issue and give you an idea of what you can expect in the future. Thank you for educating yourself on this topic and for treating it with the respect it deserves.
— Kevin Sisler, Merchant Card Services Director
- PCI DSS Questions and Answers (PDF)
- PCI DSS Self-Assessment Questionnaire
- Procedures for Credit Card Merchants
To find out if your point of sale system or web payment processor is PCI DSS compliant, check these links:
Following are some useful links to learn more about the PCI DSS standards:
- PCI Security Council
- Straight Talk about Data Security, (PDF) by Walter Conway and Dennis Reedy, Business Officer, December 2007.
- Cards at School, Why Banks View Campuses as High Risk Customers, (PDF) Dennis Reedy and Walter Conway, AEP Exchange, March 2007.
- Boss, I think Someone Stole Our Customer Data, (PDF) Eric McNulty, Harvard Business Review, September 2007.
- American Express
WARNING: Some Web sites to which these materials provide links for the convenience of users are not managed by the University of Kentucky. The University does not review, control, or take responsibility for the contents of those sites.