• EIS Home
• About EIS
• Securing Institutional Data
• Documents and Presentations
• Further Resources
• Committees
• Staff Directory

Payment (Credit/Debit) Cards

Many MSU units accept credit/debit cards for payment of merchandise and/or services. Each such MSU unit is considered a merchant. The Payment Card Industry Data Security Standard (PCI DSS) was developed by Visa and MasterCard and has been adopted by other major payment card companies. PCI DSS is an extensive set of guidelines that help keep customers’ payment card information safe. Compliance with the PCI DSS is mandatory for all MSU merchants.

Compliance with PCI DSS guidelines is required

An MSU merchant unit who is found to be noncompliant at the time of a breach of cardholder information may be fined more than $500,000 by both Visa and MasterCard. The actual penalty amounts are at the discretion of Visa and MasterCard. It is our belief that the circumstances of the breach, including such factors as the severity of noncompliance and number of cardholders involved, will influence the amount assessed.

Below are resources that may assist MSU units with PCI/DSS compliance requirements:

Important Information Regarding Payment Card Industry Data Security Standard (PCI/DSS) (PDF)  Memo dated January 27, 2006, from David Brower and David Gift to Deans, Directors, Chairpersons, and Executive Managers regarding compliance requirements for MSU Units who accept debit or credit card payment for merchandise and/or services.

Securing Data Entry and Compliance with PCI/DSS Memo (PDF) dated July 16, 2010, to Deans, Directors, Chairpersons, and Executive Managers regarding new compliance interpretation affecting how payment is processed. To be compliant it is now necessary to use a dedicated workstation when entering card data on behalf of a customer into a PCI validated payment computer application.

Requirements for University-Related Activities that Accept Payment Cards (PDF) MSU Controller's Office guidelines for the acceptance and management of payment card activities at MSU. 

MSU Manual of Business Procedures contains information about the acceptance of online and electronic payments.  

Cashier’s Office The MSU Cashier’s Office website provides information on PCI/DSS compliance at MSU as well as a self-assessment questionnaire.

CASHNet at MSU A website that provides information to assist MSU units in transitioning from WebCredit to CASHNet for processing payments.

PCI Security Standards Council’s Resources for Merchants Provides information MSU units who accept payment need to know regarding PCI security standards and compliance.

For more information, please contact Ms. Mary Nelson, Cashier's Office Manager, 517-884-4150 or nelsonm@ctlr.msu.edu.

SID Home

Policy and Guidelines

• Institutional Data Policy
• Institutional Data Policy FAQ
• Guidelines for Internal and External Reporting of Data System Security Breaches (PDF)
• Payment (credit/debit) Cards

Resources

• Best Practices and Tools
• Keep IT Safe Brochure
• Classes and Workshops