Pop quiz: what do you get when you combine the syllables “PCI DSS” with “3.0”?
Answer: Frowns on the faces of every (fellow) university treasurer and security officer across America.
On a serious note, the latest version of payment card industry data security standards (PCI DSS) may seem daunting for campus professionals at first glance. However, with proper tools and guidance, it can be simplified and even leveraged into campus-wide best practices. Follow along as we demonstrate the merits of creating a concise PCI compliance guide at your university, and then show you how to do it yourself.
Do your homework (it is mandatory)
Tracing back, PCI was given birth by the card brand consortium of AmEx, Discover, JCB, Mastercard, and Visa in an effort to standardize data security measures globally. Ultimately, the goal has always been to protect cardholder data, but the focus in the 3.0 version has shifted from merchants and vendors to financial institutions and higher education. Although it may seem particularly vindictive towards universities, the increased scrutiny reflects the reality of today’s payments ecosystem, one in which universities are being singled out by hackers.
The good news is, all elements of the PCI are best practices that your university would be much better off with anyways. It’s also especially familiar and well-anticipated by payment processing experts (like us!). We know that you’ve done everything you can to stay secure and compliant. At the end of the day, it all boils down to a single pain point: decentralization. How can you keep all payment avenues, from the bursar’s office to the football stadium, up-to-date with secure, convenient, PCI-compliant processing solutions? Enter the campus-wide PCI compliance guide.
Follow the syllabus and you’ll get an A
Remember the first week of classes, when you do virtually nothing but review a syllabus? Retrospectively, that magical piece of paper ensured that every “stakeholder” in class was tracking with due dates and responsibilities, as well as understanding the resources in their inventory to complete the assigned tasks.
How is a campus-wide PCI compliance policy any different? By outlining departmental duties and assigning roles, everyone can be made accountable. The burden is quickly shifted from an individual person or group to a network of empowered individuals. Not only is PCI compliance managed on a continuous basis, but time and labor resources are saved month after month.
The year-end group project
If you’ve been following us for a while now, you know that we’re eager to help colleges and universities with their payment processing needs. It’s because we seriously and sincerely admire what they do. That’s why we believe that you shouldn’t have to shoulder the complexities of PCI compliance, P2PE processing, advanced reconciliation, and more, alone.
Contact us to learn how we can work together to transform payments at your university with industry-leading technologies: