The U-M Treasurer's Office oversees U-M's compliance with the requirements of the Payment Card Industry Data Security Standard (PCI DSS). ITS and Information Assurance (IA) work closely with Merchant Services in the Treasurer's Office to ensure ITS employs appropriate risk-based, administrative, physical, and technical safeguards and measures required of an IT service provider that maintains or processes credit and debit cards.
The ITS Payment Card Assurance (PCA) service provides merchants the option of using ITS-supported infrastructure and equipment that are PCI-compliant when setting up their credit card-processing systems. Meeting PCI DSS requirements is a shared responsibility and a cooperative effort across the university. ITS PCA services support a merchant's PCI-compliance, but individual merchants are still obligated to identify and meet their own risk-based PCI-requirements.