SUBJECT:

Payment Card Industry Data Security Standards

The major credit card firms (American Express, Diners Club, Discover, MasterCard and VISA) have mandated uniform policies, standards and procedures to ensure adequate protections are in place to minimize any compromise of personal credit card information. If your department or business unit accepts credit or debit cards, and you are not registered as a "merchant" with the General Accounting office, we ask that you immediately contact us to become registered. Failure to meet the prescribed security standards could subject your department or organization to fines up to $500,000 per incident.

To establish campus-wide compliance, all UCSD organizations (merchants) accepting credit or debit cards, regardless of size, volume, or method of operation, are subject to a validation process. This validation process will be performed by a vendor that was selected by a University-wide bidding process. There will be an initial assessment, as well as regularly recurring assessments for some merchants. The costs associated with these assessments must be borne by the units that maintain the credit/debit card operations. Compliance requirements may vary depending on how credit card information is captured, processed, stored or transmitted.

Again, it is important to contact General Accounting if you have not already done so. Unregistered organizations, or those failing to come into compliance with these data security standards, may be prohibited from accepting credit or debit cards. To register your organization, or if you have questions or concerns, please contact the campus credit card coordinator, Robert Colio, at (858) 534-4992 or at rcolio@ucsd.edu. More information on this process is available at:

http://blink.ucsd.edu/go/creditcard/

Bill McCarroll Manager General Accounting