Home
LITS

The Payment Card Industry Data Security Standard (PCI DSS)

Payment Card Industry Data Security Standard

Also known as PCI DSS, this is a set of security standards that governs those who process, transmit, or store credit cardholder data.  The Payment Card Industry Security Standards Council, which includes representatives from the major credit card companies (Visa, Mastercard, American Express, Discover, etc.), creates and oversees the requirements within PCI DSS.

PCI DSS ensures that companies that interact with credit cards maintain a secure environment. There are technical and business requirements for PCI DSS. Organizations that fall under the purview of PCI DSS must validate compliance annually.

PCI DSS has 12 broad requirements and more than 300 sub-requirements. The Council created these requirements to meet six broad control objectives:

Annual PCI DSS Security Awareness Training

All college departments whose personnel store, process, or transmit cardholder information, including units that outsource the processing of payment card information to third-party vendors, must comply with the PCI DSS, which was formed to enhance cardholder data security.

All university departments that store, process, or transmit cardholder information, including those outsourcing payment card processing to third-party vendors, must comply with the Payment Card Industry Data Security Standard (PCI DSS).

In line with this, Trinity College requires all employees handling payment cards (credit and debit) to complete PCI-DSS Security Awareness training upon hire and annually thereafter. This includes but is not limited to, employees who:

  • Use the Campus Credit Card System
  • Process payment cards through their departmental system or stand-alone terminal
  • File payment card receipts
  • Reconcile payment card transactions
  • Create programs to process payment cards
  • Implement and maintain payment card systems
  • Supervise payment card personnel, etc.

PCI Security Awareness Training is available to applicable staff and student employees through Trinity College’s KnowBe4 platform. It is approximately 10 minutes long and can be accessed at any time.

Training Course Access

To begin the training, log into Trinity College’s KnowBe4 Learning platform with your Trinity username and password. Once you have started the course, you can stop and resume where you left off if necessary. When the training has concluded, your status will read “Complete” and be tracked by the Information Security and Finance departments for compliance.

A certificate of completion showing you have fulfilled your training obligation is available at the end of the course. Department heads should ensure all staff members in payment card processing complete the training. This will allow your department’s continued privilege to process payment cards. If you have questions regarding the training, please contact Accounting Services at [email protected].

For additional information on PCI DSS, go to PCI Security Standards Council Merchant Resources.