Baylor University Payment Card Policy

Purpose:

The purpose of this policy is to help assure that Baylor University is (1) being good stewards of personal information entrusted to it by its constituents, (2) protecting the privacy of its constituents, (3) complying with the Payment Card Industry Data Security Standards, and (4) striving to avoid a security breach from unauthorized and inappropriate use of cardholders' information.

Policy:

The following statements comprise Baylor University's payment card policy:

  • Compliance with the Payment Card Industry Data Security Standards (PCI DSS) is required of all Baylor employees and departments that accept, process, transmit, or store payment cardholder information.
  • Only Baylor employees who are properly trained may accept and/or access cardholder information, devices, or systems which store or access cardholder information.
  • Only PCI DSS compliant equipment, systems, and methods may be utilized to process, transmit, and/or store cardholder information.
  • Each Baylor employee who has access to cardholder information is responsible for protecting that information in accordance with PCI DSS and University policy and procedures.
  • The events and circumstances of a suspected security breach which could negatively affect cardholder information or the University's compliance with PCI DSS must be immediately reported and investigated in accordance with the ITS Incident Response Policy.
  • Vendors and service providers operating on the Baylor campus that accept credit cards must execute a contract addendum assuring their compliance with PCI DSS. Non-Baylor employees who are acting on Baylor's behalf must comply with PCI DSS.

Because of the substantial penalties and fines that can be levied against Baylor University, PCI compliance is of the utmost importance. Please refer to the PCI website, http://www.baylor.edu/pci/, for PCI contact and other information.