This page pertains to credit cards accepted by the University. For information concerning University purchasing cards ('procurement cards' or 'p-cards'), please refer to the Office of Purchasing Services.
Credit card information, like all other private information,
is sensitive data that should be secured and handled in a way that is
consistent with the highest industry standards and regulations. Due to the
credit card payments received by Ball State, we are considered a merchant and
subject to the Payment Card Industry Data Security Standards (PCI-DSS).
The BSU PCI Compliance Committee was created to ensure the University's continued compliance with the appropriate version of the PCI-DSS. The Committee has developed, and will update as necessary, the Credit/Debit Card Handling Procedure to ensure all University credit card acceptance operations remain in compliance with the PCI-DSS.
PCI-DSS compliance is very serious and failure to take
appropriate actions or abide by the regulations can have severe and interminable
consequences. Due to the importance of compliance, annual training must be undertaken by all areas with exposure to credit cards. Failure to participate in training may
result in the removal of all credit card functions in your area.
Why is this important now? Breaches and New Regulations
Credit Card security has always been an important issue; however, there has been an increased occurrence of data breaches. In fact, 2014
is known as the “Year of the Breach." These breaches can cost up to $500,000 in
penalties plus the cost of notification and card replacement which could be
millions. Not only is the financial cost to the merchant expensive, but the reputation
risk could be devastating.
In the last three years 33% of all data breaches occurred in
Higher Ed Institutions.
Source: Privacy Rights Clearinghouse
A new version of PCI-DSS regulations is now in effect which requires more compliance and control measures for the merchant. Beginning October 1, 2015, the liability for purchases from fraudulent credit cards
shifted to the merchant with the emergence of EMV chip cards. Merchants may be liable if they do not
have the appropriate equipment in place or are not using it correctly.
Ball State areas wishing to accept credit cards should follow the Approved Charging Department procedure to begin the approval process.
BSU PCI Resources
have any questions, please contact the PCI Compliance Committee (firstname.lastname@example.org). The Committee members are:
- Jeff George
– Director of Financial Information Systems and Technology
- Ben Johnson - Senior Information Systems Analyst
Coffman – Director of Information Security Services
- Zach Mickler
– Director of Accounting
- Lisa Bevans
– Associate Vice President & University Controller
- Deb Howell - Assistant Director of Information Security Services
- Chris Moore - Director of Cash & Investments