Payment Card Industry Security Standards Council (PCI SSC) established the Payment Card Industry Data Security Standards (PCI DSS to help protect consumers’ high-risk payment card data. The PCI DSS requires all organizations that process, transmit and store payment card information to comply with a set of data controls, establish IT and physical security measures, and meet policy requirements to mitigate the risk of a security breach or the loss, theft, or abuse of payment card data. All Vanderbilt merchant owners must adhere to the PCI DSS requirements daily; and complete the PCI Compliance Recertification Process annually (timeline below).
| Due Dates | Due Dates | |
|---|---|---|
| Task | Spring Recertification | Fall Recertification |
| Initial announcement of annual recertification sent. | 2nd week of January | Last week of August |
| Department submits/confirms list of employees for annual PCI training. | 4th week of January | 2nd week of September |
| PCI Compliance Coordinator conducts site visit. | January - February | September - October |
| All employees complete their PCI training. | 1st week of March | 1st week of November |
| Departments complete and submit their SAQs and other requested documentation. | 2nd week of March | 2nd week of November |
| Warming emails sent to departments who missed the deadline. | 3rd week of March | 3rd week of November |
| MID suspension begins until all required trainings and documents are received. | 4th week of March | 1st week of December |