Overview

From PCI DSS Requirements and Security Assessments Procedures Ver 4.0.1: 

The Payment Card Industry Data Security Standard (PCI DSS) establishes baseline security requirements for all entities that store, process, or transmit cardholder data (CHD) and sensitive authentication data (SAD). CHD includes the primary account number (PAN), and when present, the cardholder’s name, expiration date, and service code; SAD includes authentication elements such as full track data, card verification codes (e.g., CVV2), and PINs/PIN blocks, which must never be stored after authorization. PCI DSS applies to merchants, service providers, payment processors, acquirers, and any third party that can impact the security of CHD or SAD. The standard requires implementation of both administrative controls (such as documented policies, employee training, vendor oversight, and incident response procedures) and technical controls (such as encryption, access management, network monitoring, logging, and vulnerability management). Together, these requirements form a comprehensive framework to protect payment data, reduce the risk of compromise, and demonstrate compliance with industry expectations.

What is needed from you?

Please see below for links to each portion of what is needed from units on campus that process cardholder data. They can also be found in the menu at the top of this page:

• PCI DSS Assessment
• PCI DSS Training
• Agreements for 3rd Party Service Providers

Attestation of current process and PCI DSS training for employees handling Credit Cards and Card Holder Data are required annually.

PCI DSS training is required immediately for any new employees handling Credit Cards or Card Holder Data.

Why is this important to Georgia Tech?

Georgia Tech processes payment cards on campus for various products and services. To continue processing payment cards, Georgia Tech must attest that they are compliant to the standard. Should Georgia Tech be found to be Not Compliant, the Institute may lose the ability to process payments using payment cards.

Georgia Tech Credit Card Processing Policy

The Credit Card Processing Policy provides requirements and guidance for all credit card processing activities for the Georgia Institute of Technology (Georgia Tech).  This policy preempts all other campus policies and procedures for all elements within the scope of this policy. This policy can be found here.