Skip to main content

PCI Compliance

BYU is committed to protecting sensitive cardholder information. We adhere to the standards described in the Payment Card Industry Data Security Standards (PCI DSS). We also require all third party vendors that process credit cards in behalf of BYU to comply with the same standards.

If you suspect any compromise or breach of security related to credit card information, immediately contact Gene McMurtrey at ext. 2-3403.

Please click on the following links to access the related items:

PCI Data Security Standards (PCI DSS)

Security Awareness Education

Merchant Credit Card Policy - Located in the University Handbook (Through Route Y)

Merchant Credit Card / E-Commerce Policy

As stated in the Merchant Credit Card / E-Commerce Policy, BYU community credit card transactions involving commerce conducted across Internet platforms (e-commerce) must follow these procedures. Doing so will help to ensure that proper security, accessibility, branding, tax, and transaction compliance requirements are met. Departments, student organizations, and other business activities that do not adhere to these procedures put the university at risk for data security, tax collection / remittance, and other compliance-related violations that could be harmful to the entire BYU community.

E-Commerce Procedures

Soft Phone (RingCentral) Procedure

Please note that if taking credit card payments over the phone, all cardholder data must be communicated through a physical phone only. It is NOT PCI compliant to take credit card payments over a soft phone routed through your computer or a soft phone application. It is expected that all cashiers adhere to all PCI standards and BYU’s merchant credit card/e-commerce policy and procedures.


Gene McMurtrey


PCI Call Center Employee Training

PCI Call Center Supervisor Training

PCI Enterprise Employee Training

PCI Cashier Training

PCI Cashier Supervisor Training

PCI IT/Engineering Staff Training