View Current

Payment Card Security policy

This is the current version of this document. To view historic versions or versions that have not yet come into effect, click on the Historic or Future version links in the navigation bar.

Section 1 - Preamble

(1) This Policy was approved by Vice-Chancellor on 26 August 2013.

Top of Page

Section 2 - Purpose

(2) The Payment Card Industry Data Security Standards (PCI-DSS) are a set of industry standards to mitigate the risks associated with the handling of payment card data, including fraud and identity theft.

(3) The PCI-DSS applies to all entities (including merchants, processors, acquirers, issuers and service providers) that store, process or transmit data containing the primary account number of a holder of any of the above cards and requires them to comply with certain minimum standards and procedures whenever they do so.

(4) The Payment Card Security procedure documents how to comply with this Policy. The requirements of the Payment Card Security procedure are in addition to, and do not derogate from, the requirements of the Privacy policy.

Top of Page

Section 3 - Scope

(5) This Policy applies to all University staff, contractors or other parties who, in the course of doing business on behalf of the University, are involved in processing, storing or transmitting payment card data.

Top of Page

Section 4 - Policy

(6) The University is committed to safeguarding all payment card data it receives, and complying with PCI-DSS requirements. To support this commitment, the University will use, store, transmit and destroy payment card data in a manner which protects such data from misuse and from unauthorised transactions.

Top of Page

Section 5 - Procedure

(7) Refer to the Payment Card Security procedure.

Top of Page

Section 6 - Definitions

(8) For the purpose of this Policy:

  1. Merchant: Any person or entity (such as a school/unit) that accepts payment cards as payment for goods and/or services.
  2. Payment Card: Any credit or debit card accepted by the University.
  3. PCI-DSS: Payment Card Industry Data Security Standards, developed by the PCI Security Standards Council.