The university supports the acceptance of credit cards as payment for goods and services to improve customer service, bring efficiencies to Cornell’s cash collection process, and increase the sales volume of certain types of transactions. In addition, the university must support unit compliance with industry standards governing credit card transaction processing, specifically Payment Card Industry Data Security Standard (PCI DSS).
All units must familiarize themselves with and adhere to the procedures set forth in Cornell university policies 3.17 Accepting Credit Cards to Conduct University Business and 5.4.2, Reporting Security Incidents, the university's PCI Incident Response Plan (PDF, 642 KB) and the PCI DSS requirements.
The Payment Card Industry Data Security Standard (PCI DSS) is a multifaceted security standard that include requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. The comprehensive standard is intended to help organizations proactively protect customer account data by providing a 12-requirement structure for securing cardholder data that is stored, processed and/or processed and/or transmitted by merchants and other organizations. The standard was developed by the PCI Security Standards Council, a global organization founded by the five major credit card companies with the intent of producing, maintaining, and educating merchants on standard practices and procedures to transact credit card business securely.
At worst, Cornell may be prohibited from accepting credit cards as payment.
The financial repercussions of non-compliance can be significant, especially in the event of a breach, and can have a domino effect on your business. Merchants who are compromised or found not to be in compliance risk incurring a number of fiscal and intangible costs, including, but not limited to, the following:
Customers can endure significant consequences when merchants fail to comply with accepted standards, including, but not limited to, the following: