Skip navigation

Policy: Purchase card industry data security standards

Purpose

To ensure compliance with compliance with Payment Card Industry Data Security Standards (PCI DSS).

Overview

Overview of the University’s policy on compliance with Payment Card Industry Data Security Standards (PCI DSS).

Scope

This Policy applies across the University.

Policy Statement

Principles

  1. The University acknowledges that payment card facilities are a critical facility required to support efficient business practices and client service.
  2. The University is committed to protecting the card data of its customers, and preserving healthy business relationships with card providers through compliance with Payment Card Industry Data Security Standards (PCI DSS).
  3. In order to protect cardholder data the University will ensure that all card payments received by the University are processed by:
  • A PCI DSS compliant third party internet gateway (as nominated by Finance and Business Services); or
  • An EFTPOS machine noting that for non-card present transactions, card details collected over the phone shall be keyed directly into EFTPOS terminals and must not be written down, and card details collected on paper based forms completed by customers must be keyed into EFTPOS terminals immediately on receipt of paper, and the record of the card details deleted from the form without delay.

Information

Printable version (PDF)
Title Purchase card industry data security standards
Document Type Policy
Document Number ANUP_000447
Version
Purpose To ensure compliance with compliance with Payment Card Data Industry Data Security Standards (PCI DSS)
Audience Staff
Category Administrative
Topic/ SubTopic Finance - Purchasing
 
Effective Date 24 Nov 2022
Next Review Date 24 Nov 2027
 
Responsible Officer: Chief Financial Officer
Approved By: Vice-Chancellor
Contact Area Finance and Business Services
Authority: Public Governance, Performance and Accountability Act 2013
Delegations 220

Information generated and received by ANU staff in the course of conducting business on behalf of ANU is a record and should be captured by an authorised recordkeeping system. To learn more about University records and recordkeeping practice at ANU, see ANU recordkeeping and Policy: Records and archives management.