The PCI Security Standards Council was founded in 2006 by the major card brands (including Mastercard, Visa and American Express) in response to the rising levels of card fraud. The result was the introduction of the PCI DSS – a set of requirements around how cardholder data is transmitted, processed and stored. All University departments that accept card payments are required to comply with the PCI DSS.
More information about the PCI Council can be found on their website.
The University’s PCI activities are managed between the University Information Security Team and the Cashiers. As part of the ongoing PCI compliance audit programme, departments are required to provide evidence of their adherence to the Standards, and should be prepared to cooperate with the Univeristy’s Internal Security Audit Team. Further information can be found on their website.
The University’s Cardholder Data Security Policy can be obtained from the PCI Sharepoint site.
Rules and Processes around how to handle card data can be found on the PCI Sharepoint site.
The PCI Training documents can be accessed via the PCI Sharepoint site.