Payment Card Handling and Acceptance

PCI Compliance

At Utah Valley University, we take seriously our commitment to safeguard the sensitive data of our students, faculty, staff, alumni, and UVU community. This includes payment card data. The Payment Card Oversight Committee (PCOC) supports all UVU merchants who accept and process payment card transactions in person, online, by mail, or by telephone. Credit card payments may not be taken over email, and any documents containing sensitive credit card data must be securely destroyed. All UVU merchants that accept payment cards must comply with the PCI Data Security Standard (PCI DSS) requirements.

All UVU merchants involved in accepting, processing, transmitting, or storing payment cards must receive prior approval from the PCI Oversight Committee (PCOC) and must be compliant with the standards set by the PCI Security Standards Council (PCI SSC). Merchants must complete an annual PCI compliance Self-Assessment Questionnaire (SAQ). If your department would like to accept credit cards on either a temporary or permanent basis, contact the PCI Oversight Committee at [future email address].  

All UVU employees who have access to cardholder information are responsible for protecting that information in accordance with the PCI DSS and UVU policies and procedures. Employees must also complete PCI DSS training annually.

Any third-party vendor who processes payment card transactions on behalf of any UVU merchant must also comply with the PCI DSS.

What is PCI DSS?

The PCI Data Security Standard (PCI DSS) outlines certain technical and operational requirements designed to protect cardholder account data. PCI DSS is administered and managed by the PCI Security Standards Council (PCI SSC). The PCI SSC is an independent body that was formed by the major payment card brands (Visa, MasterCard, American Express, Discover, and JCB). The Payment Card Industry Data Security Standard (PCI DSS) is set of 12 requirements designed to ensure that anyone who processes, stores, or transmits credit card information maintains a secure environment. The PCI DSS requirements applies to all entities involved in payment card acceptance and processing.

Requirements

Adhering to the PCI DSS requirements helps everyone involved in the acceptance, transmission, and processing of cardholder data to make sure that the data is protected throughout every transaction. For further information about UVU’s commitment to safeguarding payment card information, please refer to the PCI DSS Compliance policy number 457.

PCI DSS v3.2.1