Overview
In accordance with Payment Card Industry Data Security Standards (PCI DSS) requirements, Stanford University has established a formal policy and supporting procedures for payment systems and service vendors evaluation. This policy is to be implemented immediately. It will be evaluated on an annual basis for ensuring its adequacy and relevancy regarding Stanford University’s needs and goals.
Policy
UIT Compliance Services provides the web interface design for CyberSource integration to fully comply to PCI DSS requirements. Therefore the service is only available for an integration that is dedicated to a single merchant department and customers' payments are only for the one department's services under one CyberSource account and MID, at all time during the existence of the dedicated CyberSource account and MID.
The web interface can only be activated for the designated linked and active CyberSource account and MID. Once the linked CyberSource account or MID is deactivated, the web page and associated supporting web servers will be immediately removed by UIT for security and to meet PCI DSS requirements.
All requests require the management's approval from UIT Compliance Services. Delivery time varies.
Responsibility for Policy Maintenance
UIT’s PCI Compliance service is responsible for ensuring that the aforementioned policy is kept current as needed for purposes of compliance with the Payment Card Industry Data Security Standards (PCI DSS) initiatives.
