What is the PCI SSC

PCI SSC Founding Payment BrandsThe Payment Card Industry Security Standard Council (PCI SSC) is an independent industry standards body providing oversight of the development and management of Payment Card Industry Data Security Standards (PCI DSS) on a global basis.

PCI SSC founding payment brands include:

  • American Express
  • Discover Financial
  • JCB International
  • MasterCard
  • Visa, Inc.

These payment brands develop and enforce the compliance program and fine/penalize non-compliant merchants.

PCI DSS applies to all entities involved in payment card processing (i.e. stores, processes, or transmits account data). It covers security for any system components included in or connected to a merchant's or service provider's cardholder data environment (CDE).

PCI SSC maintains PCI DSS compliance program in accordance with various security risk management policies.

CSU, Fullerton including university auxiliary organizations must conform to PCI standards when processing, transmitting, or storing credit cards. The university must do the following:

  • Maintain ongoing compliance
  • Vulnerability scan all systems quarterly
  • Penetration test, annually;
  • Maintain an inventory of all in-scope people, processes, and technology
  • Train in-scope users annually
  • Validate and produce an Attestation of Compliance annually

University auxiliary and affiliated organizations include, but are not limited to, the following entities:

  • CSU Fullerton Auxiliary Services Corporation (ASC)
  • The Cal State Fullerton Philanthropic Foundation (CSFPF)
  • Associated Students, Inc. (ASI)
  • Titan Student Centers (TSC)

Security is the responsibility of each person in our organization.