VisitApplyGive
Students Faculty Alumni
Office of Administration and Finance » Risk Management & Internal Control » Payment Card Industry Data Security Standards (PCI DSS)

Payment Card Industry Data Security Standards (PCI DSS)

Medgar Evers College Payment Card Industry Data Security Standards (PCI DSS)

Four major credit card companies: MasterCard Worldwide, American Express, Discover Financial Services, JCB, and Visa International, established the PCI Security Standard Council (PCI SSC) in 2006. The Council’s primary role is to manage the PCI-DSS and certify QSAs and ASVs.

Medgar Evers College, one of the eleven senior colleges of the City University of New York, operates according to the Payment Card Industry Data Security Standards (PCI DSS). These standards apply to any department, related entity, student club, or organization that accepts, transmits, and/or stores cardholder’s data.

The Payment Card Industry Data Security Standard (PCI DSS) is one of the most wide-reaching standards that drive the need to safeguard customers’ data. As higher education institutions’ reliance on credit cards increases, so does the need for the security of customers’ data. Securing customer data does not suggest a direct compromise of the information received, but leaving such data to the purview of others can very well comprise such data.

Therefore, Payment Card Industry (PCI) compliance refers to the technical and operational standards that organizations must adhere to; and relate to securing and protecting cardholder data. PCI compliance applies to any organization that accepts, transmits, or stores cardholder data.

The goal of the PCI DSS is to enhance payment data security and facilitate the broad adoption of consistent data security measures globally. Additionally, by providing a baseline of technical and operational requirements to protect payment data and their systems, PCI DSS can ultimately reduce fraud and security threats.

Medgar Evers College has a robust Information Technology infrastructure that safeguards the College network and gateways. However, should the campus community suspect a breach and/or fraudulent activities, please review the CUNY policy on reporting alleged misconduct, which would include suspected fraud, theft, embezzlement, data security issues, computer fraud, and misuse of CUNY’s resources.

Medgar Evers College PCI DSS Compliance Procedural Manual (PDF) 

Medgar Evers College Information Security Policy (PDF)