Information Technology Division
Computing & Communications Center

WPI Payment Card Policy

Purpose

The purpose of the Payment Card Policy is to meet the Payment Card Industry (PCI) Data Security Standard for the many ethical, fiduciary & legal issues. Merchants and providers who do not comply may receive fines and/or face restrictions - or in severe cases, be prohibited from accepting credit cards. When a department or office accepts credit card payments, WPI is considered a merchant or provider.

Scope

This policy applies to all offices and all venues, including conferences, classes and summer programs. It is the responsibility of each office that processes payment cards to ensure their compliance with WPI's Payment Card Policy.

Policy

WPI's policy is to adhere to the Payment Card Industry Data Security Standard. It is WPI's policy to NOT store details, such as credit card numbers, any longer than necessary for processing the transaction. This applies to storing details on paper, websites, spreadsheets, shared drives, disk or any other means.

Payment Card Industry Data Security Standard

A high level summary of the Payment Card Industry (PCI) Data Security Standard (DSS) is that merchants of all sizes are required to:

  1. Install and maintain a firewall configuration to protect data.
  2. Do not use vendor-supplied defaults for system passwords and other security parameters.
  3. Protect shared data.
  4. Encrypt transmission of cardholder data and sensitive information across public networks.
  5. Use and regularly update anti-virus software.
  6. Develop and maintain secure systems and applications.
  7. Restrict access to data by business need-to-know.
  8. Assign a unique ID to each person with computer access.
  9. Restrict physical access to cardholder data.
  10. Track and monitor all access to network resources and cardholder data.
  11. Regularly test security systems and processes.
  12. Maintain a policy that addresses information security.

Merchants and providers who do not comply may receive fines and/or face restrictions - or in severe cases, be prohibited from accepting credit cards.

For the full requirements, see the Payment Card Industry (PCI) Data Security Standard (DSS), as provided by the PCI Security Standards Council.

Reference

The PCI Security Standards Council is an open, global forum for the ongoing development, enhancements, storage, dissemination and implementation of security standards for account data protection.

The PCI Security Standards Council is an open, global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. The PCI Security Standards Council's mission is to enhance payment account data security by fostering broad adoption of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International.

A PDF version of the WPI Payment Card Policy is available for download.

Revision:

Approved: April 2007

Revised: July 2007

Maintained by itweb
Last modified: Feb 26, 2008, 14:41 EST
[WPI] [CCC] [Top]