Payment Card Industry Data Security Standard (PCI DSS)
The University is required to meet the requirements of the Payment Card Industry Data Security Standard to be able to accept payments by debit or credit card.
PCI DSS is a worldwide information security standard defined and published by the Payment Card Industry Security Standards Council. The standard, which was introduced in 2004, was designed to help organisations processing card payments to reduce the risk of payment card fraud through increased controls around cardholder data, the cardholder data environment and its exposure to compromise. The standard applies to all organisations that store, process, or transmit cardholder data. Organisations that fail to meet the compliance requirements risk losing their ability to process payment card payments and/or receive fines. The current version PCI DSS v3.2.1 was published in May 2018.
The University’s Payment Card Data Security Policy details our responsibilities and the processes in place required for us to be able to accept debit and credit cards as payment methods for goods and services provided by the University and all subsidiaries.
In the event that you suspect an incident involving cardholder data please refer to the Incident Response Plan for guidance.
Global Payments Inc. are the University’s preferred Payment Services Provider. Where a new initiative or project is being considered which includes the implementation or amendment to card payments channels, the Financial Controller should be made aware. For further information, please see the Payment Service Provider Policy.
For further training and awareness, please see below :
For any other queries, please contact the PCI DSS Team at Pcidsscompliance at warwick dot ac dot uk
For further reading in relation to the Payment Card Industry Security Standards Council and PCI DSS, see the PCI Security Standards Council website.