Payment Card Industry (PCI) Compliance
Stanford takes seriously its commitment to respect and protect the privacy of its students, alumni, faculty, and staff, and to protect the confidentiality and availability of information essential to the Stanford community. Payment card data security is critical, and all merchants at Stanford must be Payment Card Industry (PCI) compliant.
The University IT PCI Compliance team only supports Stanford University merchants who process payment card transactions by using a Stanford merchant ID. University IT PCI Compliance is not responsible for any personal payment card transactions. For personal payment card issues, please work directly with the financial institution that issued your payment card.
UIT PCI Compliance Team
Information Security Office (ISO)

Shawn Kim
Director of Governance, Risk, and Compliance

T.C. Chen
Senior Information Security Officer

Annie Stevens
Senior Information Security Officer
- Set and enforce PCI policies
- Organize and certify the yearly PCI DSS attestation
- Consult with Merchants on remediation for PCI incidents/findings
- Perform quarterly security scanning
- Perform regular PCI audits
- Build and maintain PCI reporting metrics
- Develop and maintain a PCI incident response plan
- Perform vendor assessment as part of the Data Risk Assessment process
- Build and maintain PCI training content
- Manage PCI incidents