University of Wisconsin–Madison

Payment Card Industry Data Security Standard (PCI-DSS)

Managing, maintaining and making sure UW-Madison is in compliance when processing credit card transactions.

Our responsibility

UW-Madison processes millions of dollars in credit card transactions each year.  This represents almost 3 million transactions from over 200 merchant accounts. The University is contractually responsible for protecting the payment card data used to process these transactions per the guidance provided by the Payment Card Industry Data Security Standard (PCI-DSS) and the credit card brands.

A payment card breach may result in fines from the credit card brands starting at $500,000. There are other costs with a credit card breach. This includes investigation costs, future audit costs, higher credit card processing fees, and most importantly the University’s reputation would be tarnished. This could result in fewer donors willing to support the University or business partners willing to acquire University resources. The estimated average cost of a credit card breach is $242 per payment card [1].

[1] IBM sponsored report by the Ponemon Institute; Cost of a Data Breach Report 2019

Does Protecting Credit Card Data Apply to you?

If customers pay your department with credit cards then PCI Compliance applies.  The reporting and contractual requirements can vary depending on your contractual requirements, processors, and how payments are received. 

What is the Office of Cybersecurity’s role? 

The Office of Cybersecurity works with departments that process credit cards to secure their systems.  This includes: 

  • Helping the campus report PCI Compliance to our various financial intuitions. 
  • Helping interpret the PCI Compliance and credit card brands guidance. 
  • Complete assessments to verify compliance standards are properly implemented.
  • Provide technical interpretation of risks related to credit card data. 

Get help

Credit card processing

If you are considering a solution to process credit cards please contact Payment Card Industry (PCI) help.

Contact PCI Help

Security assessment

For a security assessment of a potential credit card solution please contact Governance, Risk & Compliance (GRC).

Contact GRC