Skip to content Skip to site navigation

Action Required for PCI DSS Compliance

Thursday, September 13, 2018

Two announcements are below for those who:

  • Use a Stanford desk phone to collect or confirm credit or debit card information, and/or
  • Work with payment card service providers

Please review this important information and take the necessary action.

Request Desk Phone Encryption for PCI DSS Compliance

If you use a Stanford desk phone to collect and/or confirm credit or debit card information, and process payments or refunds through the below payment methods, you must take action by Sept. 30 to ensure your phone is compliant and encrypted per the Payment Card Industry Data Security Standards (PCI DSS) Compliance policy 29.1.

Payment methods:

  • Point-of-Sale (POS) credit card terminal

  • PCI workstation and a payment gateway virtual terminal (e.g. CyberSource VT)

  • PCI Point-to-Point Encryption (P2PE) key pad

The Sept. 30 deadline ensures that University IT (UIT) can complete the encryption by the PCI DSS deadline in November.

Instructions for requesting encryption

1. Submit a Help request for the ITS Voice Communication Services team.

2. Within the request, write, “Please assign this ticket to the product management group for ITS Voice Communication Services."

3. Include the following information:

  • Phone Number   
  • User Name
  • SUNet ID
  • Type of Phone (Avaya, Cisco VoIP, or Copper Line)

4. Click Submit.

The encryption process will happen behind the scenes, and will not be noticeable. Once the desk phone is encrypted, an after-business hours process will “reboot” the equipment in order to activate it.

 


 

New Process for PCI DSS Compliance Vendor Evaluation

The process has changed for the evaluation and verification of payment card service providers. If you work with these providers, the submission is now done through ServiceNow rather than email.

To make a submission, complete an Attestation of Compliance using the PCI Security Standards Council official form. Submit the document(s) using a Help request or through the Merchant Services website..

For more details, please visit https://pcicompliance.stanford.edu/vendors.

Share Feedback

DISCLAIMER: UIT News is accurate on the publication date. We do not update information in past news items. We do make every effort to keep our service information pages up-to-date. Please search our service pages at uit.stanford.edu/search.