Payment Card Industry Data Security Standard (PCI-DSS)

Financial Information Privacy at GW focuses on protecting the collection, disclosure, and handling of personal financial information entrusted to the university. 

Protecting Cardholder Information

Payment Card Industry Data Security Standard (PCI-DSS) is a regulation that applies to all entities involved in credit card payment processing, including merchants, processors, financial institutions and service providers, as well as all other entities that store, process or transmits cardholder data and/or sensitive authentication data.

PCI-DSS seeks to protect sensitive information involved in credit card payment processing:

  • Cardholder data (Primary Account Number (PAN), cardholder name, expiration date, service code)
  • Sensitive authentication data (magnetic stripe data or its equivalent on a chip, CAV2/CVC2/CVV2/CID numbers, PINs/PIN blocks)

At GW, PCI-DSS compliance involves all entities involved in the flow and lifecycle of credit card payment processing, which include:

  • GW entities who accept credit card payment
  • University divisions that manage the credit card acceptance process (GW Treasury Management)
  • External service providers that process credit card transactions on behalf of the university
  • GW network infrastructure that provides bandwidth to transmit credit card payment processing (Division of  IT)

Questions regarding PCI-DSS can be directed to GW Information Security and Compliance Services