(1) This Policy was approved by Vice-Chancellor on 26 August 2013. (2) The Payment Card Industry Data Security Standards (PCI-DSS) are a set of industry standards to mitigate the risks associated with the handling of payment card data, including fraud and identity theft. (3) The PCI-DSS applies to all entities (including merchants, processors, acquirers, issuers and service providers) that store, process or transmit data containing the primary account number of a holder of any of the above cards and requires them to comply with certain minimum standards and procedures whenever they do so. (4) The Payment Card Security procedure documents how to comply with this Policy. The requirements of the Payment Card Security procedure are in addition to, and do not derogate from, the requirements of the Privacy policy. (5) This Policy applies to all University staff, contractors or other parties who, in the course of doing business on behalf of the University, are involved in processing, storing or transmitting payment card data. (6) The University is committed to safeguarding all payment card data it receives, and complying with PCI-DSS requirements. To support this commitment, the University will use, store, transmit and destroy payment card data in a manner which protects such data from misuse and from unauthorised transactions. (7) Refer to the Payment Card Security procedure. (8) For the purpose of this Policy:Payment Card Security policy
Section 1 - Preamble
Section 2 - Purpose
Section 3 - Scope
Section 4 - Policy
Section 5 - Procedure
Section 6 - Definitions
View Current
This is the current version of this document. To view historic versions or versions that have not yet come into effect, click on the Historic or Future version links in the navigation bar.