PCI DSS Compliance
What Is PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of standards for safeguarding the privacy and security of payment card (debit and credit card) information. All departments on campus that handle payment cards must comply with the PCI DSS.
Why is PCI DSS Important?
Payment cards are essential for conducting the College’s business. They allow our students and their families to conveniently pay tuition, fees, and charges associated with other services. Payment cards also allow us to conduct business efficiently, effectively, and support an environment of strong internal controls. Payment cards are so common today that it is difficult to imagine operating without them!
Yet there are risks that come with handling payment cards. Payment card information
can be stolen, leading to fraud and identity theft. Data breaches can pose significant
financial and reputational risks to the College and undermine
our community’s trust in our institution. Recognizing these risks, a group of leading payment card brands developed PCI DSS to establish minimal requirements for protecting payment card information.
Compliance with PCI DSS is important because it is our responsibility to safeguard
the privacy and security of payment card information entrusted to us.
About the PCI DSS Program at SUNY Plattsburgh
The PCI DSS Compliance Committee is responsible for developing, implementing, monitoring, and evaluating a comprehensive and coherent PCI DSS compliance program and coordinating overall institutional efforts. The committee does so by developing training materials, conducting educational programs, advising campus merchants on best practices, and evaluating practices to minimize risks.
As part of these activities, the PCI DSS Compliance Committee has developed these programs to assist our community in better understanding and complying with the PCI DSS.
Learn more about the College’s PCI DSS Program
DSS Compliance Committee
The Role of the PCI DSS Compliance Committee
At SUNY Plattsburgh, the PCI DSS Compliance Committee is responsible for coordinating institutional PCI DSS efforts to safeguard the privacy of cardholder information and to protect the College’s reputation. Specifically, this committee is charged with developing, implementing, monitoring, and evaluating a comprehensive and coherent PCI DSS compliance program.
The Committee acts under the authority of the Vice President for Administration.
Who Is on the PCI DSS Compliance Committee?
The PCI DSS Compliance Committee consists of representatives having knowledge of payment card merchant compliance, information systems technical skills, expertise in information security, eCommerce responsibilities, and knowledge of university and college policies.
This committee is chaired by the Associate Director of Student Financial Services and is comprised of one member from each of the following departments:
- Internal Control
- Information Security
- College Auxiliary Services
- Network Operations
- Management Services
- At least one campus merchant
The PCI DSS Compliance Committee also works closely with a Qualified Security Assessor (QSA) from CampusGuard.
What Does the PCI DSS Compliance Committee Do?
The PCI DSS Compliance Committee meets monthly and leads institutional PCI DSS Compliance efforts. Examples of these efforts include:
- Training campus merchants, IT specialists and senior leadership.
- Providing compliance reviews for merchants
- Developing forms, policies and procedures.
- Empowering merchants by providing guidance and resources.
Each year the PCI DSS Compliance Committee coordinates and hosts a two-day, on-site visit from CampusGuard’s QSA to assess the College’s current compliance with PCI DSS Standards. This assessment guides institutional compliance efforts for the year.
- Compliance Updates
- Compliance FAQs
- Resources for Campus Merchants