Policy: Purchase card industry data security standards
- The University acknowledges that payment card facilities are a critical facility required to support efficient business practices and client service.
- The University is committed to protecting the card data of its customers, and preserving healthy business relationships with card providers through compliance with Payment Card Industry Data Security Standards (PCI DSS).
- In order to protect cardholder data the University will ensure that all card payments received by the University are processed by:
- A PCI DSS compliant third party internet gateway (as nominated by Finance and Business Services); or
- An EFTPOS machine noting that for non-card present transactions, card details collected over the phone shall be keyed directly into EFTPOS terminals and must not be written down, and card details collected on paper based forms completed by customers must be keyed into EFTPOS terminals immediately on receipt of paper, and the record of the card details deleted from the form without delay.
|Printable version (PDF)|
|Title||Purchase card industry data security standards|
|Purpose||To ensure compliance with compliance with Payment Card Data Industry Data Security Standards (PCI DSS)|
|Topic/ SubTopic||Finance - Purchasing|
|Effective Date||24 Nov 2022|
|Next Review Date||24 Nov 2027|
|Responsible Officer:||Chief Financial Officer|
|Contact Area||Finance and Business Services|
Public Governance, Performance and Accountability Act 2013
Information generated and received by ANU staff in the course of conducting business on behalf of ANU is a record and should be captured by an authorised recordkeeping system. To learn more about University records and recordkeeping practice at ANU, see ANU recordkeeping and Policy: Records and archives management.