Docs Illinois State

Payment Card Industry Data Security Standard (PCI DSS)

What is the PCI Data Security Standard?

PCI Security Standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The standards apply to all entities that store, process or transmit cardholder data – with requirements for software developers and manufacturers of applications and devices used in those transactions. The Council is responsible for managing the security standards, while compliance with the PCI set of standards is enforced by the founding members of the Council: American Express, Discover Financial Services, JCB, MasterCard and Visa Inc. 

The PCI DSS applies to all entities that store, process, and/or transmit cardholder data. It covers technical and operational system components included in or connected to cardholder data. If you accept or process payment cards, PCI DSS applies to

Who is Responsible for PCI DSS Compliance?

University departments, affiliated units, employees, contractors, consultants, temporaries, and other workers are all responsible for the PCI compliance of the University. The E-Commerce Committee, the Comptroller's Office, and the Information Security Office guide the University's compliance, risk management, and "paperwork" related to compliance.


The most recent copy of the standard can be obtained from the PCI Security Standards Council document library.