/Finance & Administration
Office of the Controller

PCI Compliance

Policy and Compliance Considerations

When collecting revenues, SUNY and campus policies on Payment Card Processing and IFR accounts states that any revenue producing activities must:

  • Be processed through a University-approved merchant account/system;
  • Be reviewed for PCI-DSS compliance; and
  • Be aligned with any relevant IFR (“Internal Fund Reimbursable”) rate approvals and University/State rules for collecting revenue.
  • Use an approved platform (e.g., Cvent) for registration and payments.
    • Another registration platform may be used only if the payment processor is approved by the campus.