The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Any merchant that has a Merchant ID (MID) must comply and for the purposes of PCI DSS, GVSU is considered a merchant.

Stay up to date with latest requirements and ALERTS at Visa Merchant Resource Library

If you would like a quick reference guide on PCI standards click here!

GVSU CREDIT CARD TERMINAL PURCHASING

• Terminal Options to Purchase

TERMINAL INSPECTION REQUIREMENTS

• GVSU staff must follow the Daily Terminal Operation Inspection Policy and use the Daily Log Sheet
• GVSU Supervisors of PCI staff must follow the Monthly Operations Policy and verify with Monthly Terminal Operation Inspection Form
• GVSU PCI Response team must follow the Annual Terminal Operation Inspection Policy and verify with the Annual Log Sheet
• All GVSU PCI staff must follow the Credit Card Left Behind Policy and use the Left Behind Log Sheet
• Why We Need to Log
• Help with inspecting your terminal

GVSU GENERAL COMPLIANCE POLICIES FOR ALL STAFF INCLUDING PCI USERS

• GVSU Acceptable Use Guidelines
• GVSU Confidentiality and Security Policy

GVSU PCI COMPLIANCE POLICIES

• GVSU 2024 PCI Policy Document
• GVSU Onboarding New PCI Vendors
• GVSU PCI Annual Merchant Checklist
• GVSU PCI Processing Procedures
• GVSU PCI Primary Department Contact
• GVSU PCI Security Awareness Policy
• GVSU PCI Malware Policy
• GVSU PCI Incident Response Plan

FORMS

• PCI Change Request
• Request Loaner Terminals
• Loaner Terminal Credit Card Report
• Credit Card Refund Request

UNIVERISTY MARKETING PCI POLICIES

• Cybersource/CCAdmin Manual
• Software Development Lifecycle

NOTE: All suspected security breach incidents should immediately be brought to the attention of the CISO or any other member of senior IT management for investigation. Contact the Office of Information Technology at (616) 331-2035 or email [email protected].