Dartmouth College requires all departments that process, store or transmit credit card data remain in compliance with the Payment Card Industry Data Security Standard (PCI DSS). The purpose of the Merchant Credit Card Policy is to protect our customers’ credit card data, to uphold the College’s reputation, to reduce the financial costs associated with a breach of credit card information and to outline best practices for all aspects of credit card transactions.
PCI DSS was established by the credit card industry in response to an increase in identity theft and credit card fraud. Every merchant who handles credit card data is responsible for safeguarding that information and can be held liable for security compromises. This standard has 12 requirements, including controls for handling credit card data, computer and Internet security and an annual self assessment questionnaire.
The College launched the Card Privacy and Control (CPAC) Project in 2008. The project's objective was to review all credit card merchant accounts and to identify all the systems, applications and devices that process, store or transmit cardholder data. CPAC also identified and assisted in the implementation of any business or technological changes required to comply with PCI DSS.
Any College department that accepts credit card payments and retains sensitive cardholder data in paper or electronic format must comply with the Policy.
Any supervisor or manager with the responsibilities of processing, storing or transmitting credit card data. This includes Executive or Fiscal Officers who oversee the department.
Last Updated: 2/2/15