PCI DSS

PCI compliance can be daunting, particularly in a university network environment. Notre Dame chose a data center within a data center approach to simplify compliance and minimize integration issues. This project includes implementing the data center, a virtual network to support point-of-sale devices, and related operational procedures.

Penn State University formed the Information Privacy and Security (IPAS) Project to tackle PCI DSS compliance obligations and other security concerns related to the protection of personally identifiable information. This presentation will cover the PCI DSS challenges IPAS faced when working with 23 campus locations and 52 merchant segments.

Payment Card Industry (PCI) compliance can be daunting, particularly in institutions of higher education with a variety of complex commerce activities. In this presentation, you’ll learn how Notre Dame tackled PCI DSS. We chose a network within a network approach to simplify compliance through isolation and minimize integration issues.

"If you accept payment cards on campus, you need to comply with a standard designed for safe handling of sensitive consumer information. Indiana University’s compliance plans offer some guidance."

With all of the concern today about retailers inadequately protecting their credit card data, it's logical to assume that retail IT managers would have made themselves quite familiar with the ins-and-outs of the Payment Card Industry Data Security Standard (PCI DSS).

In 2004, Visa and MasterCard collaboratively developed the Payment Card Industry Data Security Standard (PCI DSS) to create common industry security requirements. This session will share the campus perspectives and approaches of Washington State University and the University of Washington in addressing the standard.

How do you know that your data exchange is secure? Our campuses exchange data daily, much of it critical and confidential. Is your banking relationship supporting secure data exchange? How secure are your retirement file feeds? Can anyone on campus initiate data exchange? If so, are they trained to make the exchange secure? Discuss challenges and solutions for making data exchanges secure.

Payment card industry (PCI) standards dictate effective management of credit card systems across the organization. The University of Richmond will discuss its development of a centralized e-commerce policy and oversight group, choosing appropriate vendor solutions, and achieving PCI compliance campus-wide.

Many of us are working within our institutions to achieve Payment Card Industry (PCI) compliance. We see a number of merchants on campuses with different business needs, systems, and vendor relationships in place. In many cases, achieving compliance with PCI DSS, the Data Security Standard, is proving difficult.

The presenters will share experiences and valuable lessons learned in implementing PCI DSS, including merchant levels (does it matter?), limiting the scope of the PCI effort (yes, it can be done), the Payment Applications Best Practices list (is it required?), and recent findings on information security breaches.

Welch and Conway will represent NACUBO and all of higher education at the first PCI Security Standards Council meeting of participating organizations to be held in Toronto next month. Bring your questions, suggestions, and observations to share with them in advance of that meeting.