Skip to content Skip to navigation

Supporting PCI Compliance

Many business offices at Stanford are authorized to accept payment cards (i.e., credit, debit, and prepaid cards) in payment for services and products. These “Stanford Merchants”, like any business that accepts such cards, are required to comply with the Payment Card Industry Data Security Standard (PCI DSS) — a set of standards developed by the PCI Security Standards Council for optimizing the security of payment card transactions. Stanford is a participating organization in the Council.

The PCI Compliance Services team within Administrative Systems provides consulting and technical services to help Stanford Merchants achieve compliance. The team built and maintains a dedicated PCI infrastructure for processing payment card transactions, updating it regularly to meet evolving security and PCI DSS requirements and supporting Stanford Merchants’ business needs.

The PCI DSS requires an annual audit and validation of compliance, which is reported to the University’s bank.  PCI Compliance Services worked with Stanford Merchants to achieve Stanford’s first documented and validated PCI DSS v2.0 compliance in Spring 2014. The team couldn’t rest on those laurels, however; the PCI Council released Version 3.0 of the data security standard in late 2013, and merchants are required to be in compliance with the new standard by the end of December 2015.

To help Stanford Merchants and the University community understand PCI policies and processes, the PCI Compliance Services team launched a new PCI Security and Awareness Training course and published a PCI compliance website.  

Visit to learn more about PCI compliance.