Payment Card Industry Data Security Standards (PCI DSS) Requirements

All departments that accept, process, store and transmit credit card data as payments to the university must be in compliance with the Payment Card Industry (PCI) Data Security Standards. The security standards apply to all types of payments including in-person, mail, telephone and web transactions.

To achieve compliance, all departments must implement the PCI DSS (Data Security Standard), which was designed to create common industry standards and provides a single approach to safeguarding confidential credit card account data. As explained in the Annual Self Assessment Procedures link below, departments must complete and return a Self-Assessment Questionnaire annually to the Vice President for Finance and Associate Treasurer, who is assigned specific responsibilities for overseeing compliance with PCI DSS. Additionally, departments must also have quarterly vulnerability scans performed on their networks.

If Departments are not in compliance with the revised standard PCI DSS 1.2, departments must include a corrective action plan to rectify areas of non-compliance.

Departments who want to begin accepting credit cards for goods or services at the University, must be in compliance with PCI DSS v. 1.2 before they will receive approval by the Vice President for Finance and Associate Treasurer. The Office of Treasury Operations will not authorize credit card merchant account numbers until data security compliance is achieved and maintained.

Important PCI Program Information:




© 2009 Rutgers, The State University of New Jersey