Vanderbilt University Medical Center Finance

Sarah Bettencourt, Manager – PCI Compliance and Point of Sale Services
3319 West End Ave., Suite 600
(615) 875-9523 or VUMC.PCI@Vanderbilt.edu

Payment Card Industry (PCI) Compliance

VUMC PCI Compliance

The Payment Card Industry Data Security Standards (PCI DSS) was developed by the founding members of the Payment Card Industry Security Standards Council (PCI SSC). The PCI SSC is responsible for managing the security standards, while compliance is enforced by the card brands, namely American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.

Therefore, Vanderbilt University Medical Center (VUMC) has a fiduciary responsibility to patients, students, donors, customers and payment card processors to comply with the PCI DSS when handling payment card transactions. Non-compliance can result in serious consequences for VUMC, including reputational damage, loss of customers, litigation, and substantial financial costs. Even worse they can bar VUMC from taking payment cards!

Per VUMC policy, no member is authorized to processes, transmits or stores payment card information (credit and/or debit) without prior approval from the Treasury and PCI department

What we do

All payment card collection, use, and processing must be conducted under the approval of VUMC Treasury and PCI Department, and should comply with current Payment Card Industry Data Security Standards (PCI DSS) and Payment Application Data Security Standards (PA DSS). In addition any area that processes, stores, maintains, transmits or handles payment card information will need to comply with all policy requirements in order to protect cardholder data and to protect VUMC from Risk. All outsourced payment card processing will need to obtain approval from VUMC Treasury and PCI Department and will be required to maintain PCI compliant networks and systems.

Contact Information

For questions or comments on any of the below listed please contact VUMC Treasury and PCI Department:

  • PCI Governance
  • Any area interested in accepting payment cards
  • Changing your current Payment Card Environment
  • Departmental Policy and Procedures
  • Annual Attestation (SAQ)
  • Equipment
  • Payment Applications
  • Suspected Breach