Effective Date: August 31, 2009
Latest Revision: July 9, 2012
This policy sets requirements for the acceptance and processing of credit and debit cards (credit cards) and the secure storage of credit cardholder data.
Reasons for the Policy
The purpose of this policy is to document control procedures and requirements to ensure that cardholder data supplied to the University is secure and protected in accordance with University Policies and the Payment Card Industry Data Security Standards (PCI DSS).
Primary Guidance to Which This Policy Responds
E-Commerce: Electronic Protection of Credit Card Holder Information Policy and the Payment Card Industry Data Security Standard (PCI DSS).
Responsible University Office
The Office of the Treasurer
This policy was established in August 2009.
Latest Revision: July 9, 2012.
Who is Governed by this Policy
This policy applies to individuals, schools, departments, centers, institutes, and programs ("University Departments") that accept donations or sell goods, services, or information, and accept credit cards as a form of payment.
Who Should Know This Policy
All senior business officers, department administrators and financial and administrative staff whose businesses accept credit cards as a form of payment are required to know this policy.
Exclusions and Special Situations
For full policy text, please see link in right hand menu