What is PCI?
PCI refers to Payment Card Industry standards, which all merchants must comply with when conducting payment card transactions. The PCI standards provide guidelines for conducting transactions in many different circumstances. The guidelines include practices merchants must follow in the case of receiving payment card information by telephone. At WSU, the Treasury Services manages credit card processing and PCI compliance for the university.
WSU PCI & Merchant Services Policies
Payment Card Data Security Compliance - BPPM 30.61
Credit or Debit Card Acceptance - BPPM 30.62
Is Zoom Phone PCI Compliant?
Zoom Phone may be used to receive cardholder data at WSU under these conditions:
- A physical deskphone must be used. The “soft phone” implementation of Zoom Phone, by which one makes phone calls using an app running on a device, may not be used.
- The physical deskphone must be set up as a “common-area” phone, which means the number is not associated with one particular user’s identity.
- The common-area phone must have the following features disabled by ITS when the phone is installed: call recording, call forwarding, and voicemail.
How can my department arrange for a Zoom Phone that can be used to receive cardholder data?
Departments may use a WSU Zoom Request Form to order common-area phones suited for PCI use.
Can I connect a Zoom deskphone from home?
A Zoom common-area deskphone can generally be connected to other networks, including from a staff member’s home working location. The phone must be connected to a hardwired Ethernet jack; or in some home environments, this may require installing a WiFi adapter, which is a device that provides wireless connectivity through a USB port on the phone.
Do I need a separate phone for home and for office?
Yes. The common-area desk set described above cannot be relocated from home to office locations; it must remain static in the location associated with it for 911 emergency purposes. Depending on workflow needs, a second deskphone must be ordered in situations where a WSU merchant takes cardholder data over the phone from home.
Can cardholder data be taken by call center staff?
If using Zoom Phone, a common-area deskphone as described above must be used in any circumstance where a WSU merchant takes cardholder data over the phone.
What if I need a phone with regular Zoom Phone features like call forwarding and voicemail?
A common-area deskphone as described above must be used in any circumstance where a WSU merchant takes cardholder data over the phone. Workflows vary greatly between campus merchants. In some circumstances, it may be necessary to provide a deskphone exclusively for accepting credit card information, while staff use fully featured telephones for regular tasks.
What are the alternatives to taking cardholder data by phone?
WSU Treasury Services manages credit card processing and PCI compliance for the university, and can advise campus merchants on acceptable options.
Where can I find more information?
- WSU Payment Card Data Security Compliance: BPPM 30.61
- WSU Credit or Debit Card Acceptance: BPPM 30.62
- Consult with WSU Treasury Services. Resources are available at https://treasury.wsu.edu/
Need Help? You can submit a ticket from our Jira service desk: WSU Zoom Service Desk