This procedure informs current and potential MSU credit card merchants about responsibilities with respect to safeguarding customer data, receipting payments, and adhering to the Payment Card Industry Data Security Standard (PCI DSS). Improper protection of merchant card data, whether in electronic or paper form, could lead to a security breach that may result in regulatory notification requirements, loss of reputation, loss of customers and donors, fines, legal fees and litigation.
MSU's procedure presents options available to current and potential MSU credit card merchants. Additionally, the procedure lists the responsibilities of University Business Services office in maintaining effective internal control processes concerning the acceptance of credit card payments and in providing regular training of credit card merchants in proper safeguarding procedures.
Procurement and PCI
If your department or operation is considering the purchase or upgrade of a system that will accept, process, transmit or store credit card information, such as online credit card payments or a similar process, you first need to review Payment card Industry (PCI) Data Security Program and Standard in the Related Documents section below.
Any contract or purchase, at any cost, that involves software, hardware, equipment or services dealing with credit card payments on behalf of the university must be in accordance with PCI DSS Policy and must have prior approval from the PCI Working Team (PCI@montana.edu). Please supply the PCI Working Team with the vendor’s most recent attestation of compliance (AoC). Third party software applications must be configured to utilize Nelnet’s Payment Gateway.
All faculty, staff and students handling cardholder data on behalf of Montana State University must complete annual PCI training. If you need to be registered for this mandatory training, please email email@example.com.