Policy: Purchase card industry data security standards
Purpose
To ensure compliance with compliance with Payment Card Industry Data Security Standards (PCI DSS).
Overview
Overview of the University’s policy on compliance with Payment Card Industry Data Security Standards (PCI DSS).
Scope
This Policy applies across the University.
Policy Statement
Principles
- The University acknowledges that payment card facilities are a critical facility required to support efficient business practices and client service.
- The University is committed to protecting the card data of its customers, and preserving healthy business relationships with card providers through compliance with Payment Card Industry Data Security Standards (PCI DSS).
- In order to protect cardholder data the University will ensure that all card payments received by the University are processed by:
- A PCI DSS compliant third party internet gateway (as nominated by Finance and Business Services); or
- An EFTPOS machine noting that for non-card present transactions, card details collected over the phone shall be keyed directly into EFTPOS terminals and must not be written down, and card details collected on paper based forms completed by customers must be keyed into EFTPOS terminals immediately on receipt of paper, and the record of the card details deleted from the form without delay.