UT Tyler Office of Information Security
What is PCI?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements that have been designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. This applies to any merchant that has a Merchant ID (MID).
Does PCI apply to UT Tyler?
Yes. UT Tyler currently has departments that accept payments with credit cards. PCI applies to all organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data.
What are the penalties for noncompliance?
The payment brands may fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. The bank will also most likely either terminate your relationship or increase transaction fees.
What is 'cardholder data'?
Cardholder data is any personally identifiable data associated with a cardholder. Account numbers, expiration dates, names, addresses, and social security numbers are all considered as card holder data. All personally identifiable information associated with the cardholder that is stored, processed, or transmitted is also considered cardholder data.