PCI-DSS Security Policy

This policy sets out the requirements to protect the security of all credit and debit card payments received and processed by the University which are governed by the Payment Card Industry Data Security Standard (PCI-DSS).

Compliance with PCI-DSS is mandatory for any company or organisation which stores, processes, or transmits payment cardholder data. Failure to comply with these requirements could result in the University being fined and no longer permitted to process card payments. The policy applies primarily to staff associated with the Cardholder Data Environment (CDE) but extends to anyone else who processes card payments, even on a temporary basis.