Skip to content Skip to site navigation Skip to service navigation

Payment Card Industry (PCI) Compliance

Ensuring safe transactions

Report Suspicious Activities

View and Search Policies

FAQ

Stanford takes seriously its commitment to respect and protect the privacy of its students, alumni, faculty, and staff, and to protect the confidentiality and availability of information essential to the Stanford community. Payment card data security is critical, and all merchants at Stanford must be Payment Card Industry (PCI) compliant.

The University IT PCI Compliance team only supports Stanford University merchants who process payment card transactions by using a Stanford merchant ID. University IT PCI Compliance is not responsible for any personal payment card transactions. For personal payment card issues, please work directly with the financial institution that issued your payment card.

Compliance Requirements

Third-Party Service Providers

Training

Policies

Resources

Report Suspicious Activities

UIT PCI Compliance Team

Information Security Office (ISO)

  • PCI Internal Security Assessor (ISA)
  • PCI Compliance
  • Data Risk Assessment
  • File Storage Security
  • Process Improvement
  • Training and Education

View Shawn Kim's Stanford Profile

  • PCI Internal Security Assessor (ISA)
  • PCI Compliance
  • Data Risk Assessment
  • Certified Information Systems Security Professional
  • PCI-related Incident Response

View T.C. Chen's Stanford Profile

  • PCI Internal Security Assessor (ISA)
  • PCI Compliance
  • Data Risk Assessment
  • Certified Information Systems Security Professional
  • Phishing Awareness & Email Security

View Tadeu Perillo's Stanford Profile

  • Set and enforce PCI policies
  • Organize and certify the yearly PCI DSS attestation
  • Consult with Merchants on remediation for PCI incidents/findings
  • Perform quarterly security scanning
  • Perform regular PCI audits
  • Build and maintain PCI reporting metrics
  • Develop and maintain a PCI incident response plan
  • Perform vendor assessment as part of the Data Risk Assessment process
  • Build and maintain PCI training content
  • Manage PCI incidents
  • Collaborate with the ET compliance team to resolve vulnerabilities

Enterprise Technology (ET)

  • Payment Integration
  • Network and Application Security
  • Infrastructure Project Management
  • Certificated Information Systems Security Professional(CISSP)

View Joan Zhang's Stanford Profile

  • Network and Application Security
  • Infrastructure Management
  • Payment Integration

View Sreenivas Konduru's Stanford Profile

  • Maintain eCommerce redirect web pages
  • Maintain PCI VPN /remote desktop
  • Maintain the dedicated PCI network and infrastructure
  • Remediate vulnerabilities