Project Description:As a “merchant” that accepts credit cards, part of MSU’s contractual obligation is to comply with the Payment Card Industry (PCI) Data Security Standard (DSS). This standard dictates certain security practices for systems that store, process or transmit credit/debit card information, including not only computer-based systems, but also paper or traditional card-swipe/phone line systems. (For more information, see www.visa.com/cisp .)Two factors are driving an increased emphasis on MSU compliance: (1) a suspected security incident with a credit-card processing computer on campus, and (2) a new provision in PCI DSS mandating externally-contracted security scans of computer-based payment card infrastructure. If MSU incurs a security breach, and is found non-compliant with PCI DSS, the University may be subject to significant financial penalties. The objectives of this project are to confirm identification of MSU units accepting credit cards, provide education & training for MSU units, review MSU's compliance status, contract for and implement the quarterly external scans, remediate any non-compliant systems, and document policies and procedures. This project is being coordinated with a related project to improve safeguards for all types of sensitive and confidential data. Project Status:Project planning is in process, in parallel with selecting a scanning vendor and planning campus education. |