Skip to content Skip to navigation

Administrative Systems PCI Infrastructure Services Reference

Compliance with the Payment Card Industry’s Data Security Standard (PCI DSS) is required for all merchants who accept credit cards at Stanford University.

Administrative Systems (AS) provides infrastructure technical services for PCI DSS compliance to ensure merchants meet the infrastructure compliance requirements. AS provides centralized services of monitoring, patching, anti-virus and logging for workstations that are installed and maintained in a PCI-dedicated secure environment. At the same time, AS also provides the standard IT desktop services for the dedicated PCI workstations to keep them up and running for payment and business needs.

For detailed support and services information, please refer to the following FAQ:

1. How do I request support for the PCI environment?

2. What are the support hours for the PCI environment?

3. What services are covered by AS?

4. What services are NOT covered by AS?

5. What is the process to obtain remote access to the PCI environment?

6. How do I set up two-step authentication for access to the PCI environment?

7. How do I log in to the secure PCI environment?

8. What is the maintenance schedule for the PCI environment?

1. How do I request support for the PCI environment?

Support requests should be submitted through the Stanford Services & Support Portal. Please use these specific links depending on the request type:

Request Type Purpose Link
PCI Merchant New staff PCI account requests and to remove existing PCI account access when staff leaves https://stanford.service-now.com/services?id=get_help
PCI Desktop General PCI workstation requests like password resets or machine malfunction https://stanford.service-now.com/services?id=get_help
PCI Server PCI server-specific requests https://stanford.service-now.com/services?id=get_help

[FAQ list]

2. What are the support hours for the PCI environment?

Support requests are handled during normal business hours of 8am-6pm, Monday to Friday.

For assistance outside of normal business hours or in case of an emergency, support can be obtained by calling on-call support at:  1-888-887-7861, ext 810

Note: Merchants must inform AS at least one week in advance of any critical business periods that require support above and beyond normal business hours.  To notify AS, please submit a Help ticket using this link: https://stanford.service-now.com/services?id=get_help

[FAQ list]

3. What services are covered by AS?

  • Build desktop, laptop and server systems using system image specifications agreed to by AS and merchants that are in compliance with PCI DSS standards
  • Help integrate merchant's peripherals, such as printers, scanners, copiers, etc., into the PCI environment
  • Troubleshoot all AS deployed PCI hardware and assist merchants with integrating their software into the AS PCI environment
  • Work with PCI merchant management to help purchase new hardware and software as needed for the PCI environment
  • Work with ITS Networking Team to provide network management and troubleshooting
  • Escalate problems that cannot be resolved by local desktop support staff and/or require additional infrastructure investigation by AS Operations, ITS, or other vendor (e.g., network, storage, etc.)
  • Meet with merchant management once per quarter (or as needed) to discuss support issues and any other relevant matters related to PCI environment support
  • Manage the PCI hardware inventory
  • Manage the PCI firewall
  • Manage the PCI Merchant Active Directory OU
  • Maintain documentation and records of PCI support activities
  • Respond to all client PCI help requests that come in via the Stanford Services & Support portal

[FAQ list]

4. What services are NOT covered by AS?

AS does not provide application support for proprietary and merchant specific point of sale (POS) systems, integrated business applications, and financial software that are specific to individual merchants such as: Micros, KABA, ClubProphet, Shift4, Paciolan, InfoGenesis and ProfitWatch.

For needed application support, individual merchants should maintain proper service and support contracts with respective application providers or vendors.

[FAQ list]

5. What is the process to obtain remote access to the PCI environment?

To obtain remote access, you will need to submit a request for two-step authentication.

Please see:

How do I set up two-step authentication for access to the PCI environment?

[FAQ list]

6. How do I set up two-step authentication for access to the PCI environment?

The PCI environment requires two-step authentication (also known as 2-factor authentication) to log in. The two-step authentication uses the Duo security application. You should have a smartphone or other mobile device to use the application.  AS also recommends setting up a landline in case the mobile device has issues or is lost.

Step 1: Request Personal Account Setup

To request a personal account setup, submit a Help request using this link: https://stanford.service-now.com/services?id=get_help

Include information in the request for both your mobile device and backup office landline including:

  • Full Name
  • SUNet ID
  • Contact phone number
  • Device Name (cell/work/home/etc)
  • Device Type (Mobile or Landline)

For your mobile device, please specify the platform from these choices:

Android iOS Windows phone Windows mobile J2ME
BlackBerry BlackBerry 10 WebOS Symbian Generic Smartphone

For your mobile device, please specify one of these four authentication methods:

(Note: AS recommends method  #1, Duo Push)

  1. Duo Push: Duo sends a login request to your phone. You just tap an Approve button to authenticate.

  2. Duo Mobile Passcodes: Duo generates a single use passcode that you key in (this is similar to Google Authenticator).

  3. SMS Passcodes: Duo sends a passcode via text message. You key in the passcode you receive.

  4. Phone Callback: Duo calls your phone. You press any key to authenticate.

Step 2: Duo Application Installation and Activation

You will receive 2 messages on your mobile device with instructions for installing and activating the Duo application.

The first message contains a link to install the Duo application on your device. If you have already installed Duo, you can skip this step.

The second message activates your device and associates it with the Duo account AS created for you in Step 1. The activation link is good for 24 hours and cannot be shared with other people on devices.

Once you have completed the installation and activation, your Mobile App should look something like this:

[FAQ list]

7. How do I log in to the secure PCI environment?

The PCI environment requires two-step authentication to log in. The two-step authentication uses the Duo security application.  If you do not have this application enabled on your smartphone or other mobile device, see:

How do I set up two-step authentication for access to the PCI environment?

Once two-step authentication has been enabled, follow the directions below to log in to the secure PCI environment.

Step 1: Use Remote Desktop to connect to host computer

Open your Remote Desktop Connection program, and enter one of the fully qualified host names:

pciinfraprd13.pci.stanford.edu      /or/       pciinfraprd14.pci.stanford.edu

Once you enter the qualified host name, select the Connect button.

 

In the Windows Security window, enter the following information and select the OK button:

pci\pci.your SUNet ID

your PCI password

 

Acknowledge the policy notice by selecting the OK button.

Step 2: Provide your Duo application (two-step) authentication

Once you acknowledge the policy,  you will see an authenticating message.

Open the Duo application on your mobile device.  Select the authentication method that was set up for you. (Duo Push in the example below)

Depending on the authentication method used, complete the next step. In the Duo Push method example below, the Login Request page will display, and you select the Approve button. This will complete the log in process.

Step 3:  Use Remote Desktop to connect to your host

Open your Remote Desktop Connection program, and enter the fully qualified host names of your computer (i.e. AS-PCI-SLAC.pci.stanford.edu).

In the Windows Security window, enter the following information and select the OK button:

pci\pci.your SUNet ID

your PCI password

Acknowledge the policy notice by selecting the OK button.

[FAQ list]

8. What is the maintenance schedule for the PCI environment?

The following hours are designated for AS to perform normal, non-emergency system maintenance:

  • Thursdays: 4:00-6:00 a.m.
  • Saturdays:  5:00-8:00 a.m.
  • Sundays: 5:00-8:00 a.m.

The PCI environment may not be available during these maintenance windows if work is being performed. Any non-emergency maintenance work that impacts AS PCI merchant services will be communicated at least one week prior to the activity, and will only be scheduled with approval of the merchants.

AS will contact merchants as soon as feasible about any emergency unscheduled maintenance or environment outage.

Monthly Patching Schedule

PCI Merchant Zone
  • Monthly patching to be done by 15th of the month.  Monthly system reboot by 22nd of the month or a force reboot by 30th of the month.

PCI Management Zone
  • Monthly patching to be done by the Wednesday after the 2nd Patch Tuesday of the month.

[FAQ list]