The Payment Card Industry (PCI) Security Standards Council has developed a set of financial and information technology standards, called Payment Card Information Data Security Standards (PCI-DSS), to protect credit cardholders’ data.

Main Page Content

These standards govern all merchants and organizations that collect, process, store, or transmit credit card information. Learn more at

Effective July 1, 2010, banks are required to ensure that their credit card merchants (including SUNY Brockport) use only payment applications that are compliant and that the use of these applications follow strict requirements. In addition, SUNY Brockport itself must be PCI compliant, which includes stringent standards regarding manual and electronic handling and processing of credit cards. Failure to comply with the standards may result in fines and/or penalties being assessed against an organization. In the event of a credit data compromise, the credit card association may levy fines of as much as $500,000 and $25 per card compromised. In addition, there would be a number of other costs associated with such an information breach. In certain cases, an organization could have its ability to process credit cards terminated.

In an effort to ensure the University incurs the lowest level of potential risk in this realm, several initiatives are underway, including standardization of payment processing, establishment of a Payment Card Oversight Committee, and more. The Committee acts as a resource for campus departments, coordinates ongoing reviews of the University’s current credit card systems and processes, develops credit card policy and procedures, and retains a consultant to assist with the University’s required PCI certification.

The Director of Student Accounts and Accounting is the primary functional contact for the University’s credit card processing and services. If you have questions or need additional information about credit card processing in your department, please contact the Director at

Last Reviewed: 11/2019

Last Reviewed by: PCI Oversight Committee