Payment Card Compliance Policy

The traditional vendor invoicing process -- take bids, get a quote, issue a purchase order, create an eRequest -- may be impractical for small and spur-of-the-moment (yet urgently needed) local purchases. That's why Ohio State uses a limited number of credit cards – payment cards (PCards) – to allow for an accessible and fast method to purchase of goods online or locally. The PCard policy requires all individuals handling, processing, managing or supporting the systems that process payment cards to comply with Payment Card Industry (PCI) Data Security Standards (DSS).

Payment Card Industry (PCI) Standards

Payment Card Industry (PCI) Standards are requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The standards apply to any person or unit that stores, processes or transmits cardholder data. The policy offers guidance for software developers and manufacturers of applications and devices used in those transactions. The Council developed and is responsible for managing security standards. Compliance with PCI standards is enforced by the founding members of the Council which includes Visa, MasterCard Worldwide, American Express, Discover Financial Services, JCB International and Visa Inc.

The Ohio State University Treasurer provides a comprehensive listing of payment card acceptance and PCI compliance resources.

Supporting Documents

Required Documents

Ohio State Payment Card Policy: Sets the requirements for Ohio State merchants using a payment card terminal as well as merchants processing or sending transactions using e-Commerce

Payment Card Forms and Information: Offers detailed information about forms, training and validated devices required for compliance with the PCI-DSS and the university Payment Card Compliance Policy

Other Documents

Forms for PCI

PCI Requirements Document

Ohio State Payment Card Policy Website

Those who handle, process, manage, or support payment card transactions should take PCI Training​.