Skip to Content

Credit Cards and Payment Card Industry (PCI) Compliance

Data Security Standards

What is PCI?

PCI stands for Payment Card Industry. PCI Data Security Standards are national standards from the Payment Card Security Standards Council and apply to all organizations anywhere in the country that process, transmit or store credit cardholder data. The University and all departments that process payment card data have a contractual obligation to adhere to the PCI Data Security Standard (PCI-DSS). We must adhere to these standards to protect our customers and to continue to process payments using payment cards. Each year, departments and units that are conducting payment card activities must submit a Self-Assessment Questionnaire (SAQ) to U.Va. Payment Card Services assuring their compliance with the PCI data security standards.

PCI Security Standards Council

The PCI Security Standards Council was founded by the major credit card industries (American Express, Discover Card, JCB, MasterCard, and Visa) to manage the continued development, communication, clarification, and implementation of the PCI standards. The PCI SSC website is the best resource for questions related to the standards.

PCI Self Assessment Instructions & Guidelines

This document from the PCI SSC SAQ website is designed to help answer questions related to the PCI standards. Please refer to the "Selecting the SAQ and Attestation that Best Apply to Your Organization" section to help you determine which Self-Assessment Questionnaire you should complete.

Navigating PCI DSS: Understanding the Intent of the Requirements, v. 2.0

This document describes the 12 Payment Card Industry Data Security Standard (PCI DSS) requirements, along with guidance to explain the intent of each requirement. It is intended to provide a clearer understanding of the Payment Card Industry Data Security Standard, and the specific meaning and intention behind the detailed requirements to secure system components (servers, network, applications etc) that support cardholder data environments.

PCI Self-Assessment Questionnaires (SAQs)

These are the official PCI-DSS Self-Assessment Questionnaires (SAQs) developed and maintained by the PCI Security Standards Council. Each merchant department's PCI Coordinator is responsible for determining the SAQ version (A-D) that best suits their operations. SAQs must be submitted to the U.Va. Payment Card Services annually by the due date.

UVA Self-Assessment Questionnaires

A supplemental questionnaire has been adapted for University of Virginia use ONLY to address U.Va. specific questions. This quesionnaire must be completed in addition to the formal PCI DSS Self-assesment questionnaire. To view and/or obtain the U.Va. Supplemental PCI Self-Assessment Questionnaire PCI Coordinators should visit the UVA PCI Coordinators collab site. Access can be requested by contacting U.Va. Payment Card Services.

Questions about the University of Virginia's Credit Cards and Payment Card Industry compliance?
Contact U.Va. Payment Card Services at or view our staff listing.