EDUCAUSE | PCI DSS

The Data Center Within a Data Center: Building a Secure Environment for Compliance

drupal — Mon, 07 Jul 2008 17:14:12 -0500

PCI compliance can be daunting, particularly in a university network environment. Notre Dame chose a data center within a data center approach to simplify compliance and minimize integration issues. This project includes implementing the data center, a virtual network to support point-of-sale devices, and related operational procedures.

PCI DSS Lessons Learned

drupal — Wed, 14 May 2008 10:48:29 -0500

Penn State University formed the Information Privacy and Security (IPAS) Project to tackle PCI DSS compliance obligations and other security concerns related to the protection of personally identifiable information. This presentation will cover the PCI DSS challenges IPAS faced when working with 23 campus locations and 52 merchant segments.

Navigating the Regulatory Maze: Notre Dame’s PCI Solution

drupal — Tue, 25 Mar 2008 10:29:56 -0500

Payment Card Industry (PCI) compliance can be daunting, particularly in institutions of higher education with a variety of complex commerce activities. In this presentation, you’ll learn how Notre Dame tackled PCI DSS. We chose a network within a network approach to simplify compliance through isolation and minimize integration issues.

Straight Talk About Data Security

ckeller — Wed, 02 Jan 2008 10:35:29 -0600

"If you accept payment cards on campus, you need to comply with a standard designed for safe handling of sensitive consumer information. Indiana University’s compliance plans offer some guidance."

PCI Confusion Is The Norm

ckeller — Fri, 07 Dec 2007 10:50:43 -0600

With all of the concern today about retailers inadequately protecting their credit card data, it's logical to assume that retail IT managers would have made themselves quite familiar with the ins-and-outs of the Payment Card Industry Data Security Standard (PCI DSS).

PCI Compliance in the University Setting

drupal — Fri, 02 Nov 2007 16:56:47 -0500

In 2004, Visa and MasterCard collaboratively developed the Payment Card Industry Data Security Standard (PCI DSS) to create common industry security requirements. This session will share the campus perspectives and approaches of Washington State University and the University of Washington in addressing the standard.

Secure Data Exchange

drupal — Tue, 30 Oct 2007 13:42:31 -0500

How do you know that your data exchange is secure? Our campuses exchange data daily, much of it critical and confidential. Is your banking relationship supporting secure data exchange? How secure are your retirement file feeds? Can anyone on campus initiate data exchange? If so, are they trained to make the exchange secure? Discuss challenges and solutions for making data exchanges secure.

Tackling Campus-Wide E-Commerce

drupal — Tue, 30 Oct 2007 13:42:37 -0500

Payment card industry (PCI) standards dictate effective management of credit card systems across the organization. The University of Richmond will discuss its development of a centralized e-commerce policy and oversight group, choosing appropriate vendor solutions, and achieving PCI compliance campus-wide.

EDUCAUSE LIVE! Podcast: Lessons Learned on the Road to PCI Compliance

gbayne — Wed, 12 Sep 2007 12:38:42 -0500

In this E-LIVE podcast, your host, Steve Worona, is be joined by two guests for the topic "Lessons Learned on the Road to PCI Compliance." His guests include:

Mark Welch, Project Coordinator of the Credit Card Support Program at the Office of Business Operations for the University of Notre Dame.

Walt Conway, President of Walter Conway Associates, LLC

Many of us are working within our institutions to achieve Payment Card Industry (PCI) compliance. We see a number of merchants on campuses with different business needs, systems, and vendor relationships in place. In many cases, achieving compliance with PCI DSS, the Data Security Standard, is proving difficult.

The presenters will share experiences and valuable lessons learned in implementing PCI DSS, including merchant levels (does it matter?), limiting the scope of the PCI effort (yes, it can be done), the Payment Applications Best Practices list (is it required?), and recent findings on information security breaches.

Welch and Conway will represent NACUBO and all of higher education at the first PCI Security Standards Council meeting of participating organizations to be held in Toronto next month. Bring your questions, suggestions, and observations to share with them in advance of that meeting.

Please click on the topic link to view the slides associated with this presentation.

Lessons Learned on the Road to PCI Compliance

ckeller — Wed, 05 Sep 2007 08:47:54 -0500