This page pertains to credit cards accepted by the University. For information concerning University purchasing cards ('procurement cards' or 'p-cards'), please refer to the Office of Purchasing Services.

Credit card information, like all other private information, is sensitive data that should be secured and handled in a way that is consistent with the highest industry standards and regulations. Due to the credit card payments received by Ball State, we are considered a merchant and subject to the Payment Card Industry Data Security Standards (PCI-DSS).

The BSU PCI Compliance Committee was created to ensure the University's continued compliance with the appropriate version of the PCI-DSS. The Committee has developed, and will update as necessary, the Credit/Debit Card Handling Procedure to ensure all University credit card acceptance operations remain in compliance with the PCI-DSS.

PCI-DSS compliance is very serious and failure to take appropriate actions or abide by the regulations can have severe and interminable consequences. Due to the importance of compliance, annual training must be undertaken by all areas with exposure to credit cards. Failure to participate in training may result in the removal of all credit card functions in your area.

Why is this important now?  Breaches and New Regulations

Credit Card security has always been an important issue; however, there has been an increased occurrence of data breaches. In fact, 2014 is known as the “Year of the Breach." These breaches can cost up to $500,000 in penalties plus the cost of notification and card replacement which could be millions. Not only is the financial cost to the merchant expensive, but the reputation risk could be devastating.

In the last three years 33% of all data breaches occurred in Higher Ed Institutions.

Source:  Privacy Rights Clearinghouse

A new version of PCI-DSS regulations is now in effect which requires more compliance and control measures for the merchant. Beginning October 1, 2015, the liability for purchases from fraudulent credit cards shifted to the merchant with the emergence of EMV chip cards. Merchants may be liable if they do not have the appropriate equipment in place or are not using it correctly.

BSU PCI Resources

If you have any questions, please contact the PCI Compliance Committee (creditcards@bsu.edu). The Committee members are:

  • Jeff George – Director of Financial Information Systems and Technology
  • Ben Johnson - Senior Information Systems Analyst
  • Tobey Coffman – Director of Information Security Services
  • Zach Mickler – Director of Accounting
  • Lisa Bevans – University Controller
  • Deb Howell - Assistant Director of Information Security Services
  • Chris Moore - Director of Cash & Investments