Throughout the summer, I’ve been providing details about our new Information Security initiatives. These initiatives are designed to improve the security of our confidential information and keep us in compliance with an ever-growing list of legislation and industry regulations. This week I’m discussing Payment Card Industry (PCI) compliance.

The PCI Security Standards Council maintains and periodically updates requirements that businesses like Drake must adhere to when processing credit or debit cards as payment. The main requirement is compliance with the Data Security Standard (DSS). This document contains approximately 250 unique requirements for processing payment cards—everything from the way the technology environment is built to how each card is scanned or typed. These requirements are designed to protect consumers from identity theft and financial fraud.

Drake must submit an Attestation of Compliance (AoC) at regular intervals to prove that we are following DSS. The major payment card companies and banks regularly review these AoCs to ensure every organization is compliant. In a process similar to academic accreditation, organizations that are not fully compliant can be sanctioned or have card processing privileges revoked.

The responsibility of PCI compliance is on all of us. Whenever we interact with financial or payment information, we influence that information’s security. Processing payment cards is, and will continue to be, a crucial service we provide to our community, students, alumni, and their families.

Have any questions or thoughts about PCI compliance? Feel free to contact me at informationsecurity@drake.edu.

—Submitted by Peter Lundstedt, Information Security Manager