The Payment Card Industry Data Security Standard (PCI DSS)
Payment Card Industry Data Security Standard
Also known as PCI DSS, this is a set of security standards that governs those who process, transmit, or store credit cardholder data. The Payment Card Industry Security Standards Council, which includes representatives from the major credit card companies (Visa, Mastercard, American Express, Discover, etc.), creates and oversees the requirements within PCI DSS.
PCI DSS ensures that companies that interact with credit cards maintain a secure environment. There are technical and business requirements for PCI DSS. Organizations that fall under the PCI DSS purview must validate compliance annually.
The PCI DSS has 12 broad requirements and over 300 sub-requirements. The Council created these requirements to meet six broad control objectives:
Annual PCI DSS Security Awareness Training
All college departments whose personnel store, process, or transmit cardholder information, including units that outsource the processing of payment card information to third-party vendors, must comply with the PCI DSS, which was formed to enhance cardholder data security.
All college departments that store, process, or transmit cardholder information, including those outsourcing payment card processing to third-party vendors, must comply with the Payment Card Industry Data Security Standard (PCI DSS).
In line with this, Trinity College requires all employees handling payment cards (credit and debit) to complete PCI-DSS Security Awareness training upon hire and annually thereafter. This includes but is not limited to, employees who:
- Use the Campus Credit Card System
- Process payment cards through their departmental system or a stand-alone terminal
- File payment card receipts
- Reconcile payment card transactions
- Create programs to process payment cards
- Implement and maintain payment card systems
- Supervise payment card personnel, etc.
PCI Security Awareness Training is available to applicable staff and student employees through Trinity College’s KnowBe4 platform. It is approximately 10 minutes long and can be accessed at any time.
Training Course Access
To begin the training, log into Trinity College’s KnowBe4 Learning platform with your Trinity username and password. Once you have started the course, you can stop and resume where you left off if necessary. Once the training has concluded, your status will be updated to “Complete” and tracked by the Information Security and Finance departments for compliance purposes.
A certificate of completion, confirming that you have fulfilled your training obligation, is available upon course completion. Department heads should ensure that all staff members in payment card processing complete the training. This will allow your department’s continued privilege to process payment cards. If you have questions regarding the training, please contact Accounting Services at [email protected].
For additional information on PCI DSS, go to the PCI Security Standards Council Merchant Resources.