Policy: Purchase card industry data security standards
- The University acknowledges that payment card facilities are a critical facility required to support efficient business practices and client service.
- The University is committed to protecting the card data of its customers, and preserving healthy business relationships with card providers through compliance with Payment Card Industry Data Security Standards (PCI DSS).
- In order to protect cardholder data the University will ensure that all card payments received by the University are processed by:
- A PCI DSS compliant third party internet gateway (as nominated by Finance and Business Services); or
- An EFTPOS machine noting that for non-card present transactions, card details collected over the phone shall be keyed directly into EFTPOS terminals and must not be written down, and card details collected on paper based forms completed by customers must be keyed into EFTPOS terminals immediately on receipt of paper, and the record of the card details deleted from the form without delay.
|Printable version (PDF)|
|Title||Purchase card industry data security standards|
|Purpose||To ensure compliance with compliance with Payment Card Data Industry Data Security Standards (PCI DSS)|
|Topic/ SubTopic||Finance - Purchasing|
|Effective Date||17 Aug 2015|
|Next Review Date||26 Mar 2021|
|Responsible Officer:||Chief Financial Officer|
|Contact Area||Finance and Business Services|
Public Governance, Performance and Accountability Act 2013
On 9 April 2021, the ANU Council assigned authority to approve academic policy to the Academic Board.