| |
- All credit card merchants must be compliant with the PCI Standard. Further information on PCI and Harvard Credit Card Service may be found here.
- Visa and MasterCard require compliance with PCI standards. Additionally, they require that larger vendors (which includes Harvard) must be certified to be compliant by an approved third party vendor. The certification process requires completion of an annual questionnaire and quarterly remote vulnerability scans. All outward-facing IP addresses as well as URL's on network segments that have servers that accept, store or transmit credit card numbers must be tested and certified.
- Harvard has selected TrustWave Corporation to perform these tests. TrustWave provides test results directly to Bank of America, who is our acquiring bank for credit cards. Bank of America is responsible for reporting our compliance status to Visa and MasterCard.
- If you are using third party service providers in whole or in part to accomplish on line acceptance of credit cards, you may need to obtain a copy of their compliance certificate. Please check with Cash Management to see if the University already has received compliance certificates from your vendor.
- Cash Management coordinates the compliance efforts. Cash Management will pay for the first year cost of compliance.
| |
|
