OUHSC Information Technology Department


Home  |  Online Help  |  Policies  |  Forms  |  Tier Ones

Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS Version 3.1 was release April 2015 and is the version we will measure our compliance against.

The PCI DSS is a set of comprehensive requirements for enhancing payment account data security. These standards were developed by the PCI Security Standards Council, which is made up of the major card brands like American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International.

Although this is a self-regulated requirement, the card brands can enforce monetary penalties and the removal of merchants being able to accept cards.

For additional information regarding the PCI Data Security Standard (PCI DSS), please refer to the following: https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml.

Only products approved by the Bursar and Information Security Services are authorized to be used for processing credit card transactions and only when utilizing a merchant account from the approved merchant provider.

Details on how to request a merchant account can be found at the following link:

How to Accept Credit Cards

 

For questions:  acceptcreditcards@ouhsc.edu

Approved Merchant Provider: First Data

Approved merchant products (may not be complete list):

Touchnet MarketPlace
PayEezy (GGe4) - Cloud based terminal solution that provides the additional capability of recurring billing of both fixed and variable amounts
First Data FD130
First Data FD35 Pin Pad with EMV
First Data FD410 Wireless
IDTech M130 (for Centricity Business Payment locations)

Merchant Compliance

All merchants are required to be compliant with all PCI requirements. As part of these requirements, each merchant is required to complete the appropriate Self-Assessment Questionaire (SAQ) annually. These are to be submitted to Information Security Services. A guide to assist in determining the appropriate SAQ and supporting documentation are below.

Supporting documents:

University of Oklahoma Policy

OUHSC Standard

PCI DSS

PCI DSS Glossary

Understanding_SAQs

Skimming Prevention At-a-Glance

Skimming Prevention Best Practices

Please submit any questions regarding PCI or the annual SAQ to : Information Security Services