-
Research
and Publications
Current Issue
March/April 2013
EDUCAUSE ReviewPublications
-
Conferences
and Events
Annual Conference
October 15–18, 2013
Save the date!Events for all Levels and Interests
Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.
-
Career
Development
EDUCAUSE Institute
Leadership/Management Programs
Explore MoreCareer Center
Leadership and Management Programs
EDUCAUSE Institute
Advanced Programs
Project Management
Jump Start Your Career Growth
Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.
-
Focus Areas
and InitiativesLatest Topics
EDUCAUSE organizes its efforts around three IT Focus Areas
Join These Programs If Your Focus Is
-
Connect
and ContributeFind Others
Get on the Higher Ed IT Map
Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
-
About
EDUCAUSE
Subscribe
Filter by type
Filter by Publications
Filter by Presentations
Filter by Library Taxonomy
- PCI DSS [x]
- Cybersecurity Policy (58)
- Federal Policy and Law (58)
- Policy and Law (58)
- Cybersecurity (44)
- Security Management (41)
- Data Security (33)
- Information Technology Management and Leadership (14)
- Network Security and Applications (8)
- Networking and Emerging Technologies (8)
- Campus Policies (7)
- Campus Policy and Law (7)
- E-Commerce (7)
- Network Applications (7)
- Security Risk Assessment and Analysis (6)
- Compliance (5)
- Federal Privacy Law (5)
- Health Insurance Portability and Accountability Act (HIPAA) (5)
- Security Policies (5)
- Privacy (4)
Introduction
The Payment Card Industry Data Security Standard (PCI DSS) first came on the scene in 2005 as a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, to help facilitate the broad adoption of consistent data security measures on a global basis. The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
To the extent that colleges and universities accept credit card payments for tuition, fees, conference registrations, or other services, institutions of higher education will have contractual obligations to fulfill the data security standards established by the payment card industry. Some colleges and universities have begun to consider the standards as a potential model for the handling of all types of sensitive data at their institutions and are exploring the extension of the standards to other types of information collected, stored, and distributed on campus networks.
Background
The Treasury Institute for Higher Education has been the focal point for helping colleges and universities to become PCI DSS compliant, hosting several workshops for the higher education community. In partnership with the National Association of College and University Business Officers (NACUBO), the Treasury Institute represent the business and financial interests of institutions of higher education. Additionally, information security officers and other IT staff from colleges and universities have attended the workshops and several institutions have been actively pursuing PCI DSS compliance for their institution. The Treasury Institute has also published a whitepaper for higher education and a checklist of best practices.
The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. The PCI Security Standards Council’s mission is to enhance payment account data security by fostering broad adoption of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International.
For the latest PCI DSS news and information, visit the Treasury Institute's blog.
Updated October 2012
Latest News
PCI compliance, privacy, InCommon implementation, and legal issues in IT are just a few of the preconference seminar topics offered at the EDUCAUSE Annual Conference, November 6-9 in Denver....
Library Items on this Topic
EDUCAUSE Library Items for PCI DSS
-
PCI DSS
-
PCI DSS True Introduction The Payment Card Industry …
-
Managing Risk and Compliance by Implementing DLP to Ensure Data Security
-
April 16, 2013
|
A session at the Security Professionals Conference
Did a university e-mail contain employee PII data? Did we just FTP a file that contains alumni PCI data? In this seminar, you will learn how Saint Louis University increased its ability to prevent …
-
IT Compliance Framework for Institutions of Higher Ed
-
April 16, 2013
|
A session at the Security Professionals Conference
Institutions of higher education are increasingly expected to comply with various regulatory requirements specifically focused at data privacy and protection. Sometimes there could be overlap in ef…
-
Leading the Way to PCI Compliance: It's All About Planning and Collaboration
-
May 17, 2012
|
A session at the Security Professionals Conference 2012
So, you were nominated to conduct a PCI (payment card industry) compliance review. PCI is more than a rigorous examination of technical controls—it's just as much about evaluating the variou…
-
Seminar 01P - How Tokenization and Point-to-Point Encryption Can Reduce Your School's PCI Scope (or Not)
-
May 15, 2012
|
A session at the Security Professionals Conference 2012
Two emerging technologies have the potential to reduce campus merchants' PCI scope while also reducing the risk of a damaging data breach: tokenization, the process whereby payment card data a…
-
Cornell University Accepting Credit Cards to Conduct University Business
-
February 10, 2011
This is Cornell University's policy on Accepting Credit Cards to Conduct University Business. This is Cornell University's policy on …
-
Unviersity of Minnesota Accepting Revenue Via Payment Cards
-
January 4, 2010
This is the Unviersity of Minnesota policy on Accepting Revenue Via Payment Cards. This is the Unviersity of Minnesota policy on Accepting Reve…
-
Unviersity of Utah Policy on Payment Card Acceptance
-
August 23, 2009
This policy governs the acceptance of payment cards (e.g. Visa, MasterCard, American Express, and Discover) by the University of Utah. This pol…
-
KUMC Payment Card Acceptance Operational Protocol (PCI)
-
March 13, 2011
The University of Kansas Medical Center (KUMC) PCI DSS policy seeks to apply best security practices to protect against the exposure and possible theft of account and personal cardholder informa…
-
Reducing the Cost of PCI Compliance
-
October 20, 2011
|
A session at the EDUCAUSE 2011 Annual Conference
Credit card payments are prevalent throughout university campuses and websites. Achieving PCI compliance is aggravated by the scope-related complexities of a typical cyberinfrastructure. This ses…
