PCI Program Frameworks: Learning to Cope with Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is an ever-evolving set of requirements that many schools have trouble working into their IT and business practices. Depending on the size and scope of each institution's payment environment, the burden that the PCI DSS places on an institution can vary. The trick to coping with these requirements (and the resulting burden) is developing a program to manage the evolving rules and business practices while striving to reduce the scope of affected technologies wherever possible. We will offer frameworks for developing a PCI compliance program, guidance on scope definition and reduction, and practical examples of where outsourcing PCI technologies creates opportunities and limitations for your electronic payment program and practices.