Payment Card Industry Data Security Standard (PCI DSS) is an auditable set of standards designed to ensure certain card data is stored securely by us and any third party which stores, transmits or processes such card data on our behalf.
The University must be PCI DSS compliant at all times to remain a member of the card scheme. An annual audit is carried out based on our Merchant Level which is dependent on the number of card transactions processed per year.
Departments must restrict access to Cardholder Data by business need-to-know and assign a unique ID to each person with computer access. All staff involved with such transactions should receive training annually.
When considering purchasing new payment software, departments must speak to the Finance Divisions in the first instance to ensure full compliance with the regulations.
The Finance Division and UIS are responsible for ensuring the University is PCI DSS compliant. If a Department breaches or suspects there has been a breach in cardholder data security, they must contact the University PCI Compliance Officer.
University PCI Compliance Officer:
Head of Accounting Services
Tel: 01223 766733
For further details, see Chapter 7, Cash and Banking