Overview
In accordance with Payment Card Industry Data Security Standards (PCI DSS) requirements, Stanford University has established a formal policy and supporting procedures for PCI Workstation and laptop usage policy. This policy is to be implemented immediately. It will be evaluated on an annual basis to ensure its adequacy and relevance according to the University’s needs and goals. This policy only applies to the PCI workstations and laptops with the Internet connections including Clover and FirstData terminals; however does not apply to stand-alone PTS devices and terminals that are provided by the Merchant Services Team from Wells Fargo Bank.
Policy
Stanford University will ensure that PCI Workstation and laptop usage policy adhere to the following conditions for the purposes of complying with the Payment Card Industry Data Security Standards (PCI DSS) initiatives (PCI DSS Requirements and Security Assessment Procedures):
- A Stanford employee or contractor can only use a dedicated PCI workstation or an approved laptop to perform payment card transactions for Stanford customers, clients or students.
- For card-in-present, mail order, fax order and phone order, it is in violation to enter/process customers' card transactions by any devices with internet connection other than the dedicated PCI workstations or approved laptops.
- For patching, upgrading, replacing and installing the next generation solutions of these payment workstations, laptops and accessories, UIT team is the service owner of the provision and maintenance, except for the R&DE Revel dining POS and P&TS parking meters.
- For replacement of a device, next generations and exceptions, only PCI SSC validated and UIT approved P2PE devices and solutions can be implemented by UIT or local IT staff.
Responsibility for Policy Maintenance
UIT PCI Compliance Services is responsible for ensuring that the aforementioned policy is kept current as needed for purposes of compliance with the Payment Card Industry Data Security Standards (PCI DSS) initiatives.
