Credit Card Data Security Standards Got You Up at Night?
June 27, 2007
These resources can help you understand and comply with the data security standards that apply to organizations accepting credit card payments and processing such transactions.
The Payment Card Industry Data Security Standard (PCI DSS) includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
New standards for data security, the Payment Card Industry Data Security Standard, are showing promise for protecting payment cardholder information—a large area of data vulnerability for higher education institutions. The results from an online survey highlight common needs for implementing these rules, and illustrate different compliance approaches.
To the extent that colleges and universities accept credit card payments for tuition, fees, goods, or other services, they have contractual obligations to fulfill the data security standards established by the payment card industry. Some colleges and universities see the standards as a potential model for the handling of all types of sensitive institutional data; they’re exploring how to apply the standards to other types of information collected, stored, and distributed on campus networks.
The Payment Card Industry Data Security Standard (PCI DSS) serves as an open global forum for the ongoing development, enhancement, storage, dissemination, and implementation of security standards for account data protection. Its mission is to enhance payment account data security by fostering broad adoption of the PCI Security Standards. NACUBO and the Treasury Institute recently partnered to join the Council, enabling higher education's voice to be heard when the Council reviews security standards and develops resources for organizations subject to those standards.
The Treasury Institute for Higher Education has been the focal point for helping colleges and universities to become PCI DSS compliant, hosting two workshops for the higher education community. It has also published a whitepaper for higher education and a checklist of best practices and recently created a blog. Edited by two of NACUBO’s representatives on the PCI Security Standards Council, the blog features news and developments from the Council and gives you the opportunity to make comments and ask questions. Visit the blog frequently to ensure our representatives know what’s on your mind.
The EDUCAUSE/Internet2 Computer and Network Security Task Force has established a technical advisory group on PCI DSS that is coordinating its activities with the task force’s Effective IT Security Practices and Solutions Group. One of the blog’s editors is working closely with this advisory group.
- College Endowment Average Return Falls to 2.4 Percent in FY15, Endowment Spending Up Sharply
- NACUBO Urges One-Year Postponement of Changes to 1098-T Reporting Requirements
- GASB Addresses Asset Retirement Obligations and Seeks Field Testers
- 2016 Higher Education Accounting Forum
April 10-12, 2016
- 2016 CAO and CBO Collaborations
August 1-2, 2016
- 2016 Planning and Budgeting Forum
September 19-20, 2016
- WEBCAST: Legislative Lunchcast: A 30-Minute Washington Update from NACUBO
Monday, February 22, 2016 12:00pm ET
- WEBCAST: Responsibility Center Management: Two Different Perspectives
Thursday, March 17, 2016 1:00PM ET
- WEBCAST: Title IX: Key Issues Surrounding Institutional Compliance
Wednesday, April 20, 2016 1:00PM ET
- WEBCAST: The Clery Act: Strategic Planning to Mitigate Institutional Risk
Thursday, May 26, 2016 1:00PM ET
- ON-DEMAND: NACUBO Live! Results of the 2015 NACUBO-Commonfund Study of Endowments
- A Guide to College and University Budgeting: Foundations for Institutional Effectiveness, 4th ed. - by Larry Goldstein
- NACUBO's Guide to Unitizing Investment Pools - by Mary S. Wheeler
- Managing and Collecting Student Accounts and Loans - by David R. Glezerman and Dennis DeSantis