The security and stewardship of our campus community and the data we collect and manage is paramount. Toward that end, the College seeks to maintain, adhere to and foster an environment that reflects best practices. PCI DSS is the Payment Card Industry Data Security Standard. It is a set of comprehensive requirements for credit card account data security, developed by the credit card industry in response to an increase in identity theft and credit card fraud. As a merchant who handles credit card data, BCC is obliged to safeguard that information and adhere to the standards established by the Payment Card Industry Security Standards Council (PCI SSC) including, but not limited to, setting up controls for handling credit card data, computer and internet security and completing an annual self assessment questionnaire.
The BCC PCI-DSS Compliance Steering Committee
The BCC PCI-DSS Compliance Steering Committee is being formally established jointly by the College’s Executive Director of Finance and Business and Chief Information Office (CIO) to recognize its role in assisting the College with implementing and maintaining its compliance program relating to PCI-DSS industry standards, which apply to BCC since it accepts and processes payment card payments. This committee serves in an advisory capacity to the Vice President of Finance & Administration in guiding and monitoring the College’s cardholder data environment (CDE) to ensure compliance with PCI-DSS.
For more details, please consult the BCC PCI-DSS Compliance Steering Committee Charter
PCI DSS Objectives and Requirements
PCI DSS currently has six (6) objectives and twelve (12) requirements.
PCI-DSS Liaisons
Executive Director of Finance and Business
Gina Ugarte
Gina.Ugarte@bcc.cuny.edu
Chief Information Officer
Luisa Martich
cio@bcc.cuny.edu
Incident Reporting
Anytime a BCC employee reasonably believes College customer credit card information may be at risk, the employee should report it. To report an incident involving credit and debit card security, send an email to pci@bcc.cuny.edu or call one of the PCI-DSS liaisons immediately.
PCI-DSS Resources
PCI-DSS (v3.2.1)
PCI Security Standards Council
PCI-DSS Quick Reference Guide (v3.2)
BCC PCI-DSS Committee Charter (draft)
CUNY PCI-DSS Guidelines (May 2019)