PCI

Payment Card Industry Data Security Standard (PCI DSS)

The PCI DSS is a set of comprehensive requirements for enhancing payment account data security. These standards were developed by the PCI Security Standards Council, which is made up of the major card brands like American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. International.

Although this is a self-regulated requirement, the card brands can enforce monetary penalties and the removal of merchants being able to accept cards.

For additional information regarding the PCI Data Security Standard (PCI DSS), please refer to the following: https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml.

PCI DSS Version 3.2.1 was released May 2018 and is the version we will measure our compliance against.

Leadership and oversight of compliance with the PCI DSS for OUHSC and its Tulsa campus counterparts is charged to the PCI Governance Group.

The PCI Governance Group is part of the OUHSC Information Security Review Board and its charter can be found here: PCI Governance Group Charter

Only products approved by the Bursar and IT Governance Risk and Compliance (IT GRC) are authorized to be used for processing credit card transactions and only when utilizing a merchant account from the approved merchant provider.

Details on how to request a merchant account can be found at the following link:

How to Accept Credit Cards

For questions: acceptcreditcards@ouhsc.edu

Approved Merchant Provider: First Data

Approved merchant products (may not be complete list):

Touchnet MarketPlace

PayEezy - Cloud based terminal solution that provides the additional capability of recurring billing of both fixed and variable amounts

First Data FD130

First Data FD35 Pin Pad with EMV

First Data FD410 Wireless

IDTech M130 (for Centricity Business Payment locations)

Clover Go