Payment Card Industry Security Standards Council
The PCI Security Standards Council website contains a wealth of information on payment card data security and retention. The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect cardholder data. PCI DSS applies to all entities involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD).
For more information on Payment Card Industry.
Payment Card Industry (PCI) Data Security Standard, v3.0
© 2006-2013 PCI Security Standards Council, LLC. All Rights Reserved.
"All university information that is stored, processed or distributed is subject to this policy and the specific provisions of the Data Stewardship Standard." Payment Card data is considered "Highly Confidential," as defined in the policy. JMU merchants may only store truncated PAN (last 4 digits) and never any of the following: expiration date, card security code, any information embeded within the Track or any other data as prohibited by the PCI Data Security Standards.
Departmental Policies and Procedures for Payment Card Acceptance
All departments that accept payment cards, whether online or in person, are required to have detailed, written policies and procedures in place. If it is not written down, then your business practices are up for interpretation. Employees must be made aware of all Univeristy Business Office and departmental policies and procedures. Departments are encouraged to utilize this template as a guide to writing departmental policies and procedures. This will give all JMU departments consistency in written payment card documentation. The University Business Office may periodically request copies of a departments policies and procedures.
Payment Card Merchant Fee Processing
This document outlines the processes in which your department will be charged for merchant fees based on the types of payment cards you choose to accept.
Payment Card Data Security
As a merchant that processes and transmits payment card data as a form of payment throughout campus, James Madison University takes data security very seriously. Any department that accepts Visa, MasterCard, Discover, and/or American Express will actively work with the University Business Office to ensure compliance at all times to Payment Card Industry Data Security Standards (PCI DSS). The security of our customer's cardholder data is of the utmost importance to James Madison University.
Records Management and Records Destruction
Request for Temporary Payment Card Terminal
This form, along with approval to collect funds from the Assistant Vice President for Finance is required for a department to request approval for temporary use of a wireless payment card terminal. Submit completed form to the University Business Office at MSC 3516, 5 days prior to event.
Third Party Vendors
The University Business Office will quarterly request certified PCI compliance documentation from all JMU contracted Third Party Vendors, as required by the Payment Card Industry Council.
- Collection of Retail Sales and Use Tax – This document describes when the university department should collect sales tax and the procedure for doing so.
- Payment Card Industry Data Security Standards (PCI DSS)
- Financial Procedures Manual Section 4125: Payment Card
- University Policy 4501: University and Affiliated Business
- University Policy 1210: E–Commerce