Policy: Purchase card industry data security standards

Purpose

To ensure compliance with compliance with Payment Card Industry Data Security Standards (PCI DSS).

Overview of the University’s policy on compliance with Payment Card Industry Data Security Standards (PCI DSS).

This Policy applies across the University.

The University acknowledges that payment card facilities are a critical facility required to support efficient business practices and client service.
The University is committed to protecting the card data of its customers, and preserving healthy business relationships with card providers through compliance with Payment Card Industry Data Security Standards (PCI DSS).
In order to protect cardholder data the University will ensure that all card payments received by the University are processed by:

A PCI DSS compliant third party internet gateway (as nominated by Finance and Business Services); or
An EFTPOS machine noting that for non-card present transactions, card details collected over the phone shall be keyed directly into EFTPOS terminals and must not be written down, and card details collected on paper based forms completed by customers must be keyed into EFTPOS terminals immediately on receipt of paper, and the record of the card details deleted from the form without delay.

Information	Printable version (PDF)
Title	Purchase card industry data security standards
Document Type	Policy
Document Number	ANUP_000447
Version	8
Purpose	To ensure compliance with compliance with Payment Card Data Industry Data Security Standards (PCI DSS)
Audience	Staff
Category	Administrative
Topic/ SubTopic	Finance - Purchasing

Effective Date	17 Aug 2015
Next Review Date	26 Mar 2021

Responsible Officer:	Chief Financial Officer
Approved By:	Vice-Chancellor
Contact Area	Finance and Business Services
Authority:	Public Governance, Performance and Accountability Act 2013
Delegations	220
On 9 April 2021, the ANU Council assigned authority to approve academic policy to the Academic Board.