Action Required for PCI DSS Compliance
Two announcements are below for those who:
- Use a Stanford desk phone to collect or confirm credit or debit card information, and/or
- Work with payment card service providers
Please review this important information and take the necessary action.
Request Desk Phone Encryption for PCI DSS Compliance
If you use a Stanford desk phone to collect and/or confirm credit or debit card information, and process payments or refunds through the below payment methods, you must take action by Sept. 30 to ensure your phone is compliant and encrypted per the Payment Card Industry Data Security Standards (PCI DSS) Compliance policy 29.1.
Point-of-Sale (POS) credit card terminal
PCI workstation and a payment gateway virtual terminal (e.g. CyberSource VT)
PCI Point-to-Point Encryption (P2PE) key pad
The Sept. 30 deadline ensures that University IT (UIT) can complete the encryption by the PCI DSS deadline in November.
Instructions for requesting encryption
1. Submit a Help request for the ITS Voice Communication Services team.
2. Within the request, write, “Please assign this ticket to the product management group for ITS Voice Communication Services."
3. Include the following information:
- Phone Number
- User Name
- SUNet ID
- Type of Phone (Avaya, Cisco VoIP, or Copper Line)
4. Click Submit.
The encryption process will happen behind the scenes, and will not be noticeable. Once the desk phone is encrypted, an after-business hours process will “reboot” the equipment in order to activate it.
New Process for PCI DSS Compliance Vendor Evaluation
The process has changed for the evaluation and verification of payment card service providers. If you work with these providers, the submission is now done through ServiceNow rather than email.
To make a submission, complete an Attestation of Compliance using the PCI Security Standards Council official form. Submit the document(s) using a Help request or through the Merchant Services website..
For more details, please visit https://pcicompliance.stanford.edu/vendors.