University of Illinois System
Policies & Procedures

21.2.1 Become PCI Compliant

Policy Statement

All unit heads must ensure that their unit follows the Payment Card Industry Data Security Standard (PCI DSS) to keep credit/debit card data secure. All units must meet this standard or they will not be allowed to accept credit/debit cards.

Meeting this standard protects your unit. Data breaches can result in fines, penalties, and loss of privileges from the credit/debit card processor. This standard also protects your customers. Data breaches can lead to identity theft and can result in lawsuits. In addition, customers are reluctant to shop at locations with a history of data breaches.


To become PCI compliant:

  1. Consult with Merchant Card Services. They will help you complete a Self-Assessment Questionnaire to determine your compliance in the areas below:
  • Build and maintain a secure network
  • Protect cardholder data
  • Maintain anti-virus software
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

Additional Resources

PCI Security Standards Council
University PCI DSS Policies

Last Updated: September 16, 2016 | Approved: Senior Associate Vice President for Business and Finance | Effective: November 2008