Payment Card Industry Data Security Standard Implementation at UCSC

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements developed by credit card companies to ensure consistent data security measures for sensitive credit cardholder data.

UCSC Merchants, units and departments that accept credit card payments must comply with PCI DSS requirements. For information and guidance, please contact UCSC's Acting Campus Credit Card Coordinator at csmacfar@ucsc.edu or 459-4266.

For information about the PCI DSS itself, please visit the following PCI Security Standards Council web pages:

• About the PCI Data Security Standard (includes link to download the complete PCI DSS, v 1.1)
  • Note: See page 2 of the PCI DSS, v 1.1, for definitions of “sensitive credit cardholder data,” “system components,” and “cardholder data environment.”


• PCI DSS Supporting Documents (including the required Self-Assessment Questionnaires)
  • Questionnaires are also available directly at https://www.pcisecuritystandards.org/saq/instructions.shtml.

Additional Resources:

• MasterCard's PCI Merchant Education Program
  Free educational webinar series on PCI from MasterCard -- Registration required


• General UCSC computer security awareness information and training
  The following information combined satisfies the general computer security awareness training requirement for individuals with access to sensitive credit cardholder data
• "Computer Security Self-Paced Tutorial" (all of the individual modules or the condensed tutorial),
• Practices for Protecting Electronic Restricted Data: A Quick-Reference, and
• UCSC Password Strength and Security Standards

Comments and Questions:

Please send comments and questions about PCI compliance at UCSC to the Acting Campus Credit Card Coordinator at csmacfar@ucsc.edu or 459-4266.

Please contact itpolicy@ucsc.edu with comments about this web page.

rev. 8/12/08