(1) This Policy was approved by Vice-Chancellor on 26 August 2013.
(2) The Payment Card Industry Data Security Standards (PCI-DSS) are a set of industry standards to mitigate the risks associated with the handling of payment card data, including fraud and identity theft.
(3) The PCI-DSS applies to all entities (including merchants, processors, acquirers, issuers and service providers) that store, process or transmit data containing the primary account number of a holder of any of the above cards and requires them to comply with certain minimum standards and procedures whenever they do so.
(5) This Policy applies to all University staff, contractors or other parties who, in the course of doing business on behalf of the University, are involved in processing, storing or transmitting payment card data.
(6) The University is committed to safeguarding all payment card data it receives, and complying with PCI-DSS requirements. To support this commitment, the University will use, store, transmit and destroy payment card data in a manner which protects such data from misuse and from unauthorised transactions.
(7) Refer to the Payment Card Security Procedure.
(8) For the purpose of this Policy: