skip to content

Payment Card Industry Data Security Standard (PCI DSS) is an auditable set of standards designed to ensure certain card data is stored securely by us and any third party which stores, transmits or processes such card data on our behalf. The University must be PCI DSS compliant at all times to remain a member of the card scheme. An annual audit is carried out based on our Merchant Level which is dependent on the number of card transactions processed per year.

Departmental actions

Departments must restrict access to Cardholder Data by business need-to-know and assign a unique ID to each person with computer access. All staff involved with such transactions should receive training annually. The PCI DSS Compliance Training course is is mandatory for anyone involved in processing customer card payments and paperwork on behalf of the University.

When considering purchasing new payment software, departments must speak to the Finance Division in the first instance to ensure full compliance with the regulations. There may be a solution already in use in another department.

The Finance Division and UIS are responsible for ensuring the University is PCI DSS compliant. If a Department breaches, or suspects there has been a breach in cardholder data security, they must contact the University PCI Compliance Officer:

University PCI Compliance Officer:  
Chris Patten, Head of Accounting Services, Tel: 01223 766733

For further details, including the Data Security Standards, see FPM Chapter 7 - Cash and Banking.

Raven Login

Some items on this website are restricted. University members are encouraged to log in using Raven to make the best use of the site:
Login with Raven