PCI Compliance

Many, if not most, of the State’s agencies accept payment cards (i.e., credit cards, debit
cards, charge cards, etc.) to collect money for taxes, licenses, other services and goods.
They do so to accommodate the wishes of the constituency and to make the collection
process more efficient and economical for the State. These transactions and the systems that process them are constantly under attack by those attempting to acquire information that may be used for illicit purposes. To combat these attacks, the major credit card issuers created the Payment Card Industry Security Standards Council (PCI).

The PCI requires all entities that store, process or transmit cardholder data to maintain
payment security. This requirement extends to the State of Arizona, its agencies and
those individuals or organizations with whom the State contracts to store, process or
transmit cardholder data.

The PCI communicates its requirements through its technical and operational security
standards. Compliance with these standards is mandatory and failure to comply with
them may result in an entity’s being barred from accepting, processing, storing or
transmitting payment card transactions and/or data.

The Office of the State Treasurer has overall responsibility for compliance with PCI compliance.