Payment Card Industry Data Security Standard (PCI DSS) Finance Policy

This policy sets out the requirements for protecting the security of all credit and debit card payments received and processed by the University.

All credit and debit card payments received and processed by the University are governed by the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is a global standard managed by the Payment Card Industry Security Standards Council and is mandatory for any company or organisation that stores, processes or transmits cardholder data. 

This policy seeks to minimise the number of occasions when card data is processed by the University to take payment for services/goods.  Where it is necessary for the University to process card data, this policy requires that the appropriate security measures are in place so that processing is PCI DSS compliant.

The policy applies to staff associated with the Cardholder Data Environment (CDE). Failure to comply with these requirements could result in the University being fined and no longer permitted to process card payments.

 

Back to: Policy centre