The Payment Card Industry (PCI) Data Security Standard

The credit card industry has implemented the Cardholder Information Security Program to protect it's customers, and CISP compliance is required of all merchants and service providers that store, process, or transmit cardholder data. PCI is designed to safeguard sensitive data for all card brands. This Standard is a collaborative result between Visa, MasterCard, and other card companies, and is designed to create common industry security requirements.

ALL Duke credit card merchants must comply with the PCI standards for ensuring the security of cardholder data processed by Duke under their merchant id. Duke University’s Treasury and Cash Management Office and IT Security Office have developed supporting materials to assist departments in understanding Duke’s interpretation of the PCI standards and Self-Assessment documentation and how the requirements apply in the Duke environments.

Duke PCI Documentation and Supporting Links:

• Electronic Commerce at Duke: Compliance & Regulatory Information
• Visa's Operations & Risk Management Website
• CLICK HERE to report a credit card security problem. > Please reference your department name and related details to ensure the proper escalation.

Departments interested in accepting credit cards or in establishing an e-commerce presence should contact ecommerce@duke.edu, for assistance in taking steps to protect sensitive credit card data. Duke University's requires all merchants to complete annual self-assessments.