When NC State students, employees and even guests use credit or debit cards with an on-campus entity, they can rest assured their transactions are secure.
In March, NC State attested as fully Payment Card Industry (PCI) compliant for the second year in a row. This means that the university is meeting or exceeding all of the security requirements that the major card payment companies — Visa, MasterCard, Discover, and American Express — have in place.
The PCI compliance process is an ongoing annual effort undertaken by campus departments that accept card payments, either in person, over the phone or on the internet. It involves the collaborative efforts of the University Controller’s Office, OIT and many campus units on the implementation of many security processes, including but not limited to:
- Inspections of physical card readers for tampering
- Security camera recordings of high-traffic areas where credit cards are accepted
- Scans of web servers for vulnerabilities and constant checks for intrusions by malicious actors
These checks and controls are current standards developed by the PCI Security Standards Council, which was founded by the major card payment services; they are also based on actual industry findings of what card thieves are doing to steal cardholder information.
Multiple campus groups review these evolving standards and assure compliance with guidance from the Internal Security Assessors on campus and the Qualified Security Assessor firm that works with NC State.
With these regular checks and annual attestation, NC State works to keep all cardholder information secure now and in the years ahead.