How do I make sure that payment card data is kept safe throughout every transaction?
If your department is a Stanford merchant who accepts payment cards for financial transactions, you must periodically inspect your payment card devices to meet Payment Card Industry Data Security Standards (PCI DSS). Payment card devices are used to process transactions and capture payment card data.
Stanford merchant departments are encouraged to maintain documented procedures to periodically check for tampering with or substitution of their devices. This can include:
- Inspecting devices for signs of tampering, such as checking for unexpected wires or attachments to a device
- Checking the serial number of a device against your records to ensure that it has not been replaced
- Checking the general physical condition of the device
Device vendors also may provide security guidance and “how-to” guides to help determine whether the device has been tampered with.
If you have questions about inspecting devices:
- Email Stanford’s PCI compliance group
- Review Requirement 9.9.2 of Payment Card Industry Data Security Standards (PCI DSS)
- Visit Stanford’s Payment Card Industry Compliance website