Overview

From PCI DSS Requirements and Security Assessments Procedures Ver 3.2.1: 

The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect account data. PCI DSS applies to all entities involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers. PCI DSS also applies to all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD).

What is needed from you?

Please see below for links to each portion of what is needed from units on campus that process cardholder data. They can also be found in the menu at the top of this page:

• PCI DSS Assessment
• PCI DSS Training
• Agreements for 3rd Party Service Providers

Attestation of current process and PCI DSS training for employees handling Credit Cards and Card Holder Data are required annually.

PCI DSS training is required immediately for any new employees handling Credit Cards or Card Holder Data.

Why is this important to Georgia Tech?

Georgia Tech processes payment cards on campus for various products and services. To continue processing payment cards, Georgia Tech must attest that they are compliant to the standard. Should Georgia Tech be found to be Not Compliant, the Institute may lose the ability to process payments using payment cards.

Georgia Tech Credit Card Processing Policy

The Credit Card Processing Policy provides requirements and guidance for all credit card processing activities for the Georgia Institute of Technology (Georgia Tech).  This policy preempts all other campus policies and procedures for all elements within the scope of this policy. This policy can be found here.