E-Commerce

PCI compliance can be daunting, particularly in a university network environment. Notre Dame chose a data center within a data center approach to simplify compliance and minimize integration issues. This project includes implementing the data center, a virtual network to support point-of-sale devices, and related operational procedures.

"If you accept payment cards on campus, you need to comply with a standard designed for safe handling of sensitive consumer information. Indiana University’s compliance plans offer some guidance."

With all of the concern today about retailers inadequately protecting their credit card data, it's logical to assume that retail IT managers would have made themselves quite familiar with the ins-and-outs of the Payment Card Industry Data Security Standard (PCI DSS).

WSU has developed a central solution to allow departments to accept online payments from their Web sites without having to accept credit card information. A central payment site allows departmental sites to use the centrally maintained site for payments, while still keeping the look and feel of their own sites.

Payment card industry (PCI) standards dictate effective management of credit card systems across the organization. The University of Richmond will discuss its development of a centralized e-commerce policy and oversight group, choosing appropriate vendor solutions, and achieving PCI compliance campus-wide.

Many of us are working within our institutions to achieve Payment Card Industry (PCI) compliance. We see a number of merchants on campuses with different business needs, systems, and vendor relationships in place. In many cases, achieving compliance with PCI DSS, the Data Security Standard, is proving difficult.

The presenters will share experiences and valuable lessons learned in implementing PCI DSS, including merchant levels (does it matter?), limiting the scope of the PCI effort (yes, it can be done), the Payment Applications Best Practices list (is it required?), and recent findings on information security breaches.

Welch and Conway will represent NACUBO and all of higher education at the first PCI Security Standards Council meeting of participating organizations to be held in Toronto next month. Bring your questions, suggestions, and observations to share with them in advance of that meeting.

The author gives an overview of the six PCI DSS main compliance categories and twelve major requirements for merchant to be deemed compliant.

Oakland University is subject to rules, regulations, and contractual provisions regarding the handling of Bankcards and Cardholder Information, as those terms are defined in this document.  This Policy provides mandatory security measures and procedures for University departments accepting Bankcards for payment.

This submission provides basic information important for universities that sell products or services online and collect fees via credit card. The approach is meant to help institutions of higher education get started in assessing their responsibilities with regard to cardholder data that they may process or otherwise come in contact with, and help institutions determine whether there are regulatory obligations, what those obligations are, and some steps to take to help meet those obligations.