Payment Card Industry (PCI)

Payment Card Industry Data Security Standards – PCI – DSS

The Payment Card Industry (PCI) Security Standards Council has developed the Payment Card Industry Data Security Standards (PCI DSS), a set of financial and information technology standards, to protect credit cardholder data. PCI DSS governs all merchants and organizations that collect, process, store, or transmit credit card information.

Processing Credit Cards

Georgetown’s PCI procedures ensure that departments processing credit card transactions do so in a manner that protects confidential customer data using industry best practices, by well-trained University personnel, and ensures that GU partners also protect customer data appropriately.

PCI requirements apply to all payment card (debit or credit card) transactions and data processed for or on behalf of Georgetown; compliance is a contractual obligation. Non-Compliance can result in fines or inability to continue accepting funds.

In order to effectively manage, control, and support PCI compliance, the University has established campus based Service Centers, through which all card processing and PCI compliance is administered. Each Campus is responsible for managing credit card processing and PCI compliance through central Service Centers and specialized Service Centers. Oversight of PCI Compliance is from Financial Affairs.  

All Service Centers and merchants are subject to an annual internal PCI Audit and an internal or external PCI assessment.  Further requirements and documentation are outlined in the PCI Service Center materials.

Service Centers and Coordinators

Main Campus

Central Service Center- Josh Ford
Student Affairs – Dustin Musser
School of Continuing Studies – Heather Malneritch
GU-Q – Shaida Sonde

Medical Center

Central Service Center – Victoria Kromer-Crooke

Law Center

Central Service Center – Cora Osborne
CLE – Simona Rosu

University Services

Central Service Center – Jon Hendrix
Advancement – Kishan Kariawasam
Office of Billing and Payments – Rico Headly-Soto

Questions about credit card processing can be directed to the appropriate coordinator, or to

Payment Card Industry (PCI) Training

Annual PCI Training is required for all authorized credit card processors.  

Applicable Georgetown University Policy

Payment Card Industry Data Security Standard (PCI DSS) Policy

PCI DSS Security Policy

PCI DSS Supplier Management Policy