Skip to main content

PCI Compliance

BYU is committed to protecting sensitive cardholder information. We adhere to the standards described in the Payment Card Industry Data Security Standards (PCI DSS). We also require all third party vendors that process credit cards in behalf of BYU to comply with the same standards.

If you suspect any compromise or breach of security related to credit card information, immediately report it to BYU OIT Information Security

Please click on the following links to access the related items:

PCI Data Security Standards (PCI DSS)

Merchant Credit Card Policy

Merchant Credit Card / E-Commerce Policy

As stated in the Merchant Credit Card / E-Commerce Policy, BYU community credit card transactions involving commerce conducted across Internet platforms (e-commerce) must follow these procedures. Doing so will help to ensure that proper security, accessibility, branding, tax, and transaction compliance requirements are met. Departments, student organizations, and other business activities that do not adhere to these procedures put the university at risk for data security, tax collection / remittance, and other compliance-related violations that could be harmful to the entire BYU community.

E-Commerce Procedures

Soft Phone (RingCentral) Procedure

Please note that if taking credit card payments over the phone, all cardholder data must be communicated through a physical phone only. It is NOT PCI compliant to take credit card payments over a soft phone routed through your computer or a soft phone application. It is expected that all cashiers adhere to all PCI standards and BYU’s merchant credit card/e-commerce policy and procedures.


The PCI DSS Training training is required to be taken annually by cashiers, supervisors, developers, programmers, or anyone who processes or has access to credit cardholder data. This course consists of five modules which all must be completed successfully to pass the training.

For Web Application Developers, please complete the Mastercard Merchant Cyber Security Training


Dane Larsen

Sabrina Warren