The Payment Card Industry Security Standards Council (PCI SSC) established the Payment Card Industry Data Security Standards (PCI DSS), current version 3.2.1, to help protect consumers’ high-risk payment card data. The PCI DSS requires all organizations that process, transmit and store payment card information to comply with a set of data controls, establish IT and physical security measures, and meet policy requirements to mitigate the risk of a security breach or the loss, theft, or abuse of payment card data.
The standard applies to all organizations that process cardholder information. As such an organization, Stanford University's compliance with PCI DSS is mandatory.
Any third-party vendor engaged by Stanford merchants to process payment card transactions on their behalf, or that is engaged in payment card financial services on our campus, must also comply with the PCI DSS.