Payment Card Compliance

Reports to: IT Partners’ Council (ITPC)

Charter

This committee serves in an advisory role to guide and monitor the University’s cardholder data environment to ensure compliance with Payment Card Industry Data Security Standard (PCI-DSS) and related University policies and procedures.

The committee will advise the:

• Information Technology Partner’s Council
• Vice President for Finance
• Associate Vice President for Information Technology & CIO

The Payment Card Compliance Committee will perform the following functions:

1. Recommend University-wide policies and procedures to ensure compliance with PCI-DSS and additional best practices available to minimize payment card acceptance risk
2. Assist with the evaluation and monitoring of the cardholder data environment, payment card processes, and vendor relationships
3. Support and advise departments to comply with PCI-DSS and the University’s policies and procedures
4. Facilitate communication of PCI-DSS changes and best practices
5. Approves and denies merchant requests and related contracts based on comprehensive review of card acceptance requests
6. Provide routine training opportunities for campus departments that accept payment cards
7. Provide periodic status updates, risk assessments and metrics to the Information Technology Partner’s Council

The Payment Card Compliance Committee is comprised of representatives from:

• Financial Services, specifically Financial Systems and Campus Financial Services
• Information Systems, specifically IT Security
• Internal Audit
• Three representatives from the campus’ merchant community, appointed to 2-year, staggered terms

The committee will be co-chaired by individuals from Financial Services and Information Systems.

All campus merchants are considered advisory members of the Committee and will be looked upon to provide guidance and feedback on new and enhanced policies, procedures and training.