Skip Navigation
 

Gather Here. Go Far

With locations in Tahlequah, Muskogee and Broken Arrow, NSU is Oklahoma’s immersive learning institution. Choose from in-person, blended or online learning options.

Explore Our Degrees

Scholarships

NSU is committed to assisting students in applying and earning scholarships. Whether you are an incoming freshman or a continuing/returning student, NSU has a wide variety of scholarship options for students to choose from.

Learn More

Clubs and Organizations

From networking to leadership opportunities, NSU’s over 80 clubs and organizations allow our students to build lasting relationships while getting the full college experience.

Learn More

Transfer Students

Whether you’re an incoming or current transfer student, NSU’s transfer advisors are available to assist you with transcript evaluation, information on degree programs and support services. NSU is where You Belong.

More Information

Graduate College

Whether transitioning to graduate school or returning to higher education, NSU’s graduate college is your next step. Choose from over 25 master's degrees and several certificate programs.

Learn More
Policies/Business Finance/Purchasing/Card

Payment Card Industry Compliance Policy and Procedure

Approved by: Northeastern State University Executive Cabinet

Responsible Official: Business Affairs
918-444-2160

History: Adopted July 25, 2017
Related Policies: E-Commerce
Additional References:
Forms:

POLICY

PURPOSE

This policy ensures Payment Card Industry (PCI) compliance by all credit card merchants on the Northeastern State University campuses with national standards.

DISCLOSURE STATEMENT

Standards for PCI compliance are set by the PCI Data Security Standards (DSS) Board. Failure to comply with these standards may result in fines and/or the loss of the privilege of taking credit cards as a form of payment across the Northeastern State University campuses.

SPECIAL WORDING

eCommerce Business transactions over electronic means including the internet and other means for electronic interactions such as automated phone banks, touch screen kiosks, or even ATMs. Transactions can include debit/credit cards as well as electronic transfer of funds via ACH.

PCI Payment Card Industry

Payment Card Industry Data Security Standard [PCI DSS] Payment Card Industry Data Security Standard a proprietary information security standard for organizations that handle branded credit cards including Visa, MasterCard, American Express, Discover, and JCB. The requirements include network, security (physical/logical), and monitoring components, among others.

POLICY

Northeastern State University adheres to all PCI requirements to ensure the safety and integrity of all eCommerce transactions conducted under NSU's authority.

NSU will enforce PCI DDS compliance by all departments using eCommerce to perform business activities.

Bursar Services has the authority to enforce compliance.

PROCEDURE(S)

As the responsible authority over eCommerce and the devices used to effect eCommerce, Bursar Services is responsible for the following:

  1. Maintaining a list of all credit card devices including their location and serial numbers.
  2. Ensuring all devices and Ethernet lines are inspected regularly for tampering or replacement.
  3. Establishing a mandatory training program for employees who work with eCommerce devices.
  4. Conducting training to include how to check equipment and lines for tampering or replacement. If storage of cardholder data becomes necessary, training must include proper storage measures and how to destroy cardholder data when no longer needed.
  5. Maintaining a list of service providers with descriptions of services provided.
  6. Monitoring the PCI DSS compliancy of all service providers by requesting a copy of their PCI Compliancy documents yearly.
adobe image