The Payment Card Industry Data Security Standard (PCI-DSS) is a required set of policies and procedures for optimizing the security of credit card transactions. It was developed by the PCI Security Standards Council, which includes American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. International. The standard applies to all organizations which hold, process, or pass cardholder information; therefore, Boston University’s compliance with PCI-DSS is mandatory.

Secure credit card transactions provide departments with an easy way to receive payments or donations, and protect cardholders against misuse of their personal information.


  • IS&T provides a secure transmission infrastructure for processing credit card transactions.
  • Cardholder data is protected wherever it is stored.
  • Access to cardholder data is restricted on a business need-to-know basis.
  • Systems are protected by up-to-date anti-virus software.
  • Networks are monitored and tested to make sure security measures are in place and functioning.

Getting Started

If your department needs to accept payments by credit card, please review the University Cashier Policy on Credit Card Compliance and contact the University Comptroller.