Skip to main content

Payment Card Industry (PCI) Compliance

Ensuring safe transactions

Stanford takes seriously its commitment to respect and protect the privacy of its students, alumni, faculty, and staff, and to protect the confidentiality and availability of information essential to the Stanford community. Payment card data security is critical, and all merchants at Stanford must be Payment Card Industry (PCI) compliant.

The University IT PCI Compliance team only supports Stanford University merchants who process payment card transactions by using a Stanford merchant ID. University IT PCI Compliance is not responsible for any personal payment card transactions. For personal payment card issues, please work directly with the financial institution that issued your payment card.

Compliance Requirements

Compliance Requirements

Third-Party Service Providers

Third-Party Service Providers

Training

Training

Policies

Policies

Resources

Resources

Report Suspicious Activities

Report Suspicious Activities

UIT PCI Compliance Team

Information Security Office (ISO)

Photo of Shawn Kim

Shawn Kim
Director of Governance, Risk, and Compliance

Photo of T.C. Chen

T.C. Chen
Senior Information Security Officer

Photo of Annie Stevens

Annie Stevens
Senior Information Security Officer

  • Set and enforce PCI policies
  • Organize and certify the yearly PCI DSS attestation
  • Consult with Merchants on remediation for PCI incidents/findings
  • Perform quarterly security scanning
  • Perform regular PCI audits
  • Build and maintain PCI reporting metrics
  • Develop and maintain a PCI incident response plan
  • Perform vendor assessment as part of the Data Risk Assessment process
  • Build and maintain PCI training content
  • Manage PCI incidents

Get Help