The University of Warwick processes payment card information, for donations, services, tuition fees and other areas. Therefore the University is subject to the mandatory requirements of the Payment Card Industry Data Security Standards (PCI DSS) introduced in June 2007.
PCI DSS was created by the major credit card companies to improve consumer data protection. The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organisations proactively protect customer account data.
The main implication is that any risk from malicious activity, such as fraud and hacking, has been transferred to merchants (such as Warwick) from the credit card companies.
Subsequently it is everyone’s responsibility to ensure payment card data is stored and used in the right way as any incident involving loss in confidentiality or integrity of this information could have a serious impact on the day-to-day operations of the University as a whole, its income, and its reputation.
The University has agreed an Information Security Framework and Data Retention Policy which includes provisions for PCI DSS - for further information please click here