PCI Compliance
PCI Compliance
PCI Security Standards and Requirements
The Payment Card Industry Data Security Standard (PCI DSS) is a comprehensive set of requirements for enhancing payment account data security. Compliance with the standard is mandatory and the University must abide by these requirements to limit its liability and continue to process credit card payments.
New Jersey City University's preferred method for acceptance of credit card payments through the centralized merchant contract. University standard web applications are in place as the preferred method for acceptance of online credit card payments. Any department that wishes to accept credit card payments using other methods must validate their compliance with the PCI DSS prior to gaining authorization from the Office of the Controller.
Departments not complying with this policy may lose the privilege to accept credit card payments. Additionally, fines may be imposed by the affected credit card company or the acquiring bank. Those in violation of this policy are subject to the full range of sanctions, including the loss of computer or network access privileges, disciplinary actions, suspension, termination of employment and legal action. Some violations may constitute criminal offenses under local, state, and federal laws. The University will carry out its responsibility to report such violations to the appropriate authorities.
References
- PCI Security Standards Council
- PCI Data Security Standard [pdf]
- PCI Self Assessment Questionnaire Instructions
- PCI Quick Reference Guide [pdf]
- NJCU Draft Policy - PCI DSS Information Security Policy [doc]
- NJCU Department of Information Technology