November 16, 2022

PCI DSS Compliance - An Essential Part of Cybersecurity

By Chris Cavanaugh | chris.cavanaugh@wichita.edu

An essential part of cybersecurity is compliance with the Payment Card Industry Data Security Standard (PCI DSS), an initiative designed to protect payment card data. The university has a committee of finance and IT professionals dedicated to overseeing its compliance effort. What cybersecurity risk is most relevant to WSU?

University Response to PCI DSS

13.14 / Security of Credit Card Data

The university's Security of Credit Card Data policy provides overarching guidance. In sum, the policy specifies: 

  • All transactions by university departments and organizations that use payment card data (debit and credit) are subject to the standard.
  • All devices used to collect, process, store, or transmit payment card data must be issued and maintained by WSU Financial Operations and Business Technology.
  • All employees who collect, process, store, or transmit payment card data must participate in annual training conducted or coordinated by WSU.
  • All suspected security breaches will be reported to the Chief Information Officer and Chief Information Security Officer immediately upon identification.

Student buying books with a credit card.

(iStock/Nastasic)

Additionally, AVP Troy Bruun must review all contracts where a vendor accepts payment cards on behalf of WSU or remits to WSU any portion of proceeds. This review must occur before the contract's execution.

WSU PCI DSS Compliance Committee

This is the team charged with overseeing the university’s PCI DSS compliance effort, a collaborative effort with personnel from Financial Operations and Information Technology Services (ITS):

  • Troy Bruun, AVP for Financial Services (Chair)
  • Mark Rodee, Chief Information Security Officer
  • Keith Neufeld, Director of Networking and Telecommunications
  • Luke Klausmeyer, Business Technology Analyst
  • Robyn Bongartz, Director, Student and Accounts Receivable Fiscal Operations
  • Franklin Schulte, Accounts Receivable Manager
  • John Cramer, Manager Business Technology
  • Brian Fouch, Senior Financial Analyst

Risks Most Relevant to WSU

Non-compliance with PCI DSS can potentially lead to fines, lawsuits, reputational harm, and the inability to accept payment cards. While outside hacking is always a concern, internal data handling errors are more likely and present even greater risk. 

Data handling errors can include exposing cardholder data by:

  • Using unauthorized devices to process transactions.
  • Using email to send or receive cardholder data.
  • Retaining cardholder data in paper or electronic files.
  • Repeating cardholder data out loud where others can hear.

Have Questions or Need Help?

The Accounts Receivable department in Financial Operations has a direct email address for your payment card questions, creditcards@wichita.edu, or you may call 978-3070.

WSU Accounts Receivable has been at the forefront of implementing electronic payment options. You should feel free to contact them about any payment processing matter.