By BreAnda Northcutt
October 29, 2015
With more than two million credit card transactions each year, UC Davis recently finished a compliance assessment that ensures merchants meet requirements for keeping customer data safe.
“UC Davis is committed to ongoing sustainable compliance and the highest level of security in regards to protecting our customers’ card data,” said Sylvia Montgomery, credit card compliance manager for Accounting and Financial Services. “The credit card compliance team worked with over 100 merchant departments across the university and health system to ensure all requirements are being adhered to in order to protect buyer’s financial data.”
Any merchants that accept credit cards are required to meet the payment card industry data security standard (PCI-DSS) to ensure proper handling of customer’s sensitive credit card data through controls that include trained people, reliable processes as well as secure technology.
With two million annual transactions, UC Davis falls into a category that requires a rigorous compliance assessment. Failure to validate compliance on a yearly basis can result in fines and have a negative impact on UC Davis.
Despite the rigorous assessment performed by external assessors, UC Davis merchants, Merchant Support, and UCD Information Security Office collaboratively worked together to ensure our compliance requirements were met.
“As the saying goes, pressure makes diamonds. It was tough to see the amount of pressure placed on Merchants and the entire PCI compliance team. However, after the trials and tribulations, the end product far exceeded meeting compliance but instead produced friendships and extraordinary collaboration between different departments, making any impossible, possible. You can’t get that from a diamond, no matter how much pressure you apply!” said Sophon Im, internal security assessor with IET’s Information Security Office.
With an increasing number of merchants on campus wanting to accept credit cards, university leaders are developing a PCI compliance program that includes on-boarding new merchants, training, monitoring, assessing, reporting and providing payment acceptance solutions that meet the business need of the merchant.