Payment Card Industry Data Security Standard (PCI-DSS)
Financial Information Privacy at GW focuses on protecting the collection, disclosure, and handling of personal financial information entrusted to the university.
Protecting Cardholder Information
Payment Card Industry Data Security Standard (PCI-DSS) is a regulation that applies to all entities involved in credit card payment processing, including merchants, processors, financial institutions and service providers, as well as all other entities that store, process or transmits cardholder data and/or sensitive authentication data.
PCI-DSS seeks to protect sensitive information involved in credit card payment processing:
Cardholder data (Primary Account Number (PAN), cardholder name, expiration date, service code)
Sensitive authentication data (magnetic stripe data or its equivalent on a chip, CAV2/CVC2/CVV2/CID numbers, PINs/PIN blocks)
At GW, PCI-DSS compliance involves all entities involved in the flow and lifecycle of credit card payment processing, which include:
GW entities who accept credit card payment
University divisions that manage the credit card acceptance process (GW Treasury Management)
External service providers that process credit card transactions on behalf of the university
GW network infrastructure that provides bandwidth to transmit credit card payment processing (Division of IT)