PCI Compliance Policy

Syracuse University policy provides standards to open and manage merchant accounts for credit card receipts; to ensure proper control, integrity, and security of credit card data; and to ensure compliance with State and industry standards.

All credit card processing activities at the University require approval of the Office of the Treasurer. Departments may not process credit cards under any circumstances without the required approvals. University departments shall not sign any contracts or enter into any agreements involving credit card processing with a Third Party or purchase related equipment or software without approval. University departments may not set up their own banking relationships for payment card processing.

University departments are required to complete the necessary application forms and questionnaires to request approval to accept payments by credit card. The standard forms and instructions for their use are available from the Office of the Treasurer.

University departments are required to adhere to appropriate standards for credit card merchant services including training, outsourcing agreements with third-party providers, data and system security, Payment Card Industry (PCI) Data Security Standard (DSS)compliance, cost responsibility, fiscal responsibility, truncation and retention of merchant cardholder account numbers. The specific PCI standards may be found on the ITS website.

All new employees that will be processing credit cards are required to have a background check performed as part of the hiring process if a full time employee. Non-permanent employees (i.e., temporary employee, student employee, volunteer) are required to complete a Confidentiality agreement.

Departments are responsible for credit card processing transaction fees incurred as a result of their processing activities.

The official University Payment Card policy can be viewed here.