Skip to main content
Pepperdine | Community

Payment Card Industry Data Security Standards (PCI DSS)

The Payment Card Industry Data Security Standards (PCI DSS) is a set of requirements designed and agreed upon by the six major credit card companies. To maintain a secure environment, these security requirements apply to all merchants that process, store, or transmit credit card information. PCI DSS is a mandated set of technical and administrative requirements, including internal controls, testing, and compliance training. All Pepperdine departments that provide credit cards as a form of payment for their customers must certify compliance with this standard, regardless of size or number of transactions.

Before accepting credit card payments, read the Payment Card Procedure and Payment Card Policy.

How to Fulfill Your Department's Mandatory Requirements for Payment Card Acceptance

In order to accept payment cards, Pepperdine University must maintain compliance with the PCI DSS at all times. Merchants/Departments must assess/attest compliance status annually by November and, if found to be non-compliant at any time, must be actively working toward compliance in accordance with the methodology and conditions set by their merchant services provider(s).

Attests of compliance are submitted on a Self-Assessment Questionnaire (SAQ) in Campusgaurd’s portal.

  • Training: Complete Campusgaurd’s online training. In addition, we recommend you attend the Information Security Briefing for Managers, which is available each year in March. Also, you may watch the Payment Card Training Video (requires login).
  • Complete: The appropriate SAQ for each credit card processing method accepted in your department
  • Attach: Your department's credit card handling procedures
  • Attach: Attestation of Compliance (AOC) if using an approved third-party service provider other than TRANSACT Payment. To locate a validated service provider, visit Visa's Global Registry of Service Providers. Additional requirements may include:
    • Quarterly perimeter scans conducted by the PCI-approved security assessor
    • Quarterly internal penetration tests
  • Submit: Completed SAQ in Campusgaurd’s portal by November

If you have any questions, please contact Susannah Stratford, finance systems manager at (818) 702-1373.

Last Updated: 09/26/2024