Colleen C. Davis
State Treasurer

Resources for State Agencies – PCI-DSS

A credit card secured with a lock


Credit Card Payment Security Requirements (PCI-DSS)

State Agencies that accept credit, debit, ACH, or other electronic payments must complete an annual payment security review.  These security requirements are known as Payment Card Industry Data Security Standards (PCI-DSS).  Agencies will be responsible for ongoing training, policy development and practice, and completion of a Self-Assessment Questionnaire (SAQ) each year.

There are 9 different SAQs.  Your merchant type, and the methods in which you handle, transmit, and store data will determine which is the right SAQ for your Agency.  OST will work with you to determine the appropriate SAQ type and will then make it available to you through Campus Guard’s online portal.

To get started, Agencies will need to do the following:

  1. Complete your Merchant Survey
  2. Submit the above survey to
  3. OST will review the survey, then contact you to establish a discovery call and guide you through the remaining steps of the process

Treasury staff will assist Delaware Agencies in this endeavor, in partnership with the Department of Technology and Information (DTI) and our contracted data security vendor, Campus Guard.  By working together, we can proactively protect and secure our payment systems.


Contact Information for Merchant Services

State of Delaware PCI-DSS Services

Office of the State Treasurer

Daniel Madrid

Chief Operating Officer

820 Silver Lake Blvd., Suite 100

Dover, DE 19904

(302) 672-6709 or

Qualified Security Accessor

CampusGuard Data Security

Brent Hobby

Security Advisor

(865) 236-1007

PCI DSS Annual Self Attestation Questionnaire Portal –


Helpful Resources