Payment Card Industry Data Security Standard (PCI-DSS)

Financial Information Privacy at GW focuses on protecting the collection, disclosure, and handling of personal financial information entrusted to the university. 

We work closely with the GW community to reduce the risks to our financial information by:

  • Participating in risk assessments
  • Classifying GW information and identifying proper safeguards
  • Connecting resources to protect GW information at risk
  • Developing and updating university policies that protect our information

Protecting Cardholder Information

Payment Card Industry Data Security Standard (PCI-DSS) is a regulation that applies to all entities involved in credit card payment processing, including merchants, processors, financial institutions and service providers, as well as all other entities that store, process or transmits cardholder data and/or sensitive authentication data.

PCI-DSS seeks to protect sensitive information involved in credit card payment processing:

  • Cardholder data (Primary Account Number (PAN), cardholder name, expiration date, service code)
  • Sensitive authentication data (magnetic stripe data or its equivalent on a chip, CAV2/CVC2/CVV2/CID numbers, PINs/PIN blocks)

At GW, PCI-DSS compliance involves all entities involved in the flow and lifecycle of credit card payment processing, which include:

  • GW entities who accept credit card payment
  • University divisions that manage the credit card acceptance process (GW Treasury Management)
  • External service providers that process credit card transactions on behalf of the university
  • GW network infrastructure that provides bandwidth to transmit credit card payment processing (Division of  IT)