The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements developed by credit card companies to ensure consistent data security measures for sensitive credit cardholder data.

UCSC Merchants, units and departments that accept credit card payments must comply with PCI DSS requirements. For information and guidance, please contact UCSC's Campus Credit Card Coordinator at emersonm@ucsc.edu or 459-3863.

---

For information about the PCI DSS itself, please visit the following PCI Security Standards Council web pages:

• About the PCI Data Security Standard (includes link to download the complete PCI DSS, v2)
  • Note: See pages 7-8 of the PCI DSS, v2, for information about the applicability of the PCI DSS and definitions of "Account Data," "Cardholder Data," and "Sensitive Authentication Data." See page 10 for a definition of "System Components."
• PCI DSS Supporting Documents (including the required Self-Assessment Questionnaires)
  • Questionnaires are also available directly at https://www.pcisecuritystandards.org/merchants/self_assessment_form.php.

UCSC Training Guide

• UCSC Payment Card Industry Data Security Standards (PCI DSS) Training Guide
• PCI training for UCSC ITS staff

Additional Resources:

• MasterCard's PCI Merchant Education Program
  Free educational webinar series on PCI from MasterCard -- Registration required
• General UCSC computer security awareness information and training
  The following information combined satisfies the general computer security awareness training requirement for individuals with access to sensitive credit cardholder data
  • UCSC Computer Security Training
  • Practices for Protecting Electronic Restricted Data: A Quick-Reference
  • UCSC Password Strength and Security Standards

Comments and Questions:

Please send comments and questions about PCI compliance at UCSC to the Campus Credit Card Coordinator at emersonm@ucsc.edu or 459-3863.

Please contact itpolicy@ucsc.edu with comments about this web page.

---

Rev. 8/1/12