Managing, maintaining and making sure UW-Madison is in compliance when processing credit card transactions.
UW-Madison processes millions of dollars in credit card transactions each year. This represents almost 3 million transactions from over 200 merchant accounts. The University is contractually responsible for protecting the payment card data used to process these transactions per the guidance provided by the Payment Card Industry Data Security Standard (PCI-DSS) and the credit card brands.
- Payment Card Industry Security Standards Council
- Visa Operating Guides
- Mastercard Operating Guides
- American Express Operating Guide
A payment card breach may result in fines from the credit card brands starting at $500,000. There are other costs with a credit card breach. This includes investigation costs, future audit costs, higher credit card processing fees, and most importantly the University’s reputation would be tarnished. This could result in fewer donors willing to support the University or business partners willing to acquire University resources. The estimated average cost of a credit card breach is $242 per payment card .
 IBM sponsored report by the Ponemon Institute; Cost of a Data Breach Report 2019
Does Protecting Credit Card Data Apply to you?
If customers pay your department with credit cards then PCI Compliance applies. The reporting and contractual requirements can vary depending on your contractual requirements, processors, and how payments are received.
What is the Office of Cybersecurity’s role?
The Office of Cybersecurity works with departments that process credit cards to secure their systems. This includes:
- Helping the campus report PCI Compliance to our various financial intuitions.
- Helping interpret the PCI Compliance and credit card brands guidance.
- Complete assessments to verify compliance standards are properly implemented.
- Provide technical interpretation of risks related to credit card data.
Credit card processing
If you are considering a solution to process credit cards please contact Payment Card Industry (PCI) help.
For a security assessment of a potential credit card solution please contact Governance, Risk & Compliance (GRC).
Other campus resources related to PCI Compliance
- Campus PCI Compliance Policy
- Campus PCI Compliance Team Charter
- Credit Card Merchant Services and PCI Compliance
- Procedure 404.A, Open an Internet Storefront Merchant Account
- Procedure 404.B, Open a Merchant Account using EMV Chip or Swipe Machine
- Regent Policy Document 25-5, Information Security
- UW System Administrative Policy 350, Payment Card Compliance Policy
- UW System Administrative Policy 1010, Information Technology Acquisitions Approval [NEEDS NEW LINK]