|OUHSC Information Technology Department|
Payment Card Industry Data Security Standard (PCI DSS)
The PCI DSS is a set of comprehensive requirements for enhancing payment account data security. These standards were developed by the PCI Security Standards Council, which is made up of the major card brands like American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. International.
Although this is a self-regulated requirement, the card brands can enforce monetary penalties and the removal of merchants being able to accept cards.
For additional information regarding the PCI Data Security Standard (PCI DSS), please refer to the following: https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml.
PCI DSS Version 3.2.1 was released May 2018 and is the version we will measure our compliance against.
Leadership and oversight of compliance with the PCI DSS for OUHSC and its Tulsa campus counterparts is charged to the PCI Governance Group.
The PCI Governance Group is part of the OUHSC Information Security Review Board and its charter can be found here: PCI Governance Group Charter
Only products approved by the Bursar and IT Governance Risk and Compliance (IT GRC) are authorized to be used for processing credit card transactions and only when utilizing a merchant account from the approved merchant provider.
Details on how to request a merchant account can be found at the following link:
For questions: firstname.lastname@example.org
Approved Merchant Provider: First Data
Approved merchant products (may not be complete list):
The PCI Governance Group has approved the OUHSC Escalation Process for PCI Non-Compliance for issues of non-compliance.
Instances of non-compliance with OUHSC PCI policy and standards will be presented to the PCI Governance Group in accordance with this process.
Please submit any questions to : IT GRC
|Copyright © 2006 The Board of Regents of the University of Oklahoma, All Rights Reserved.- Disclaimer | Copyright|