Precis | Print Friendly
Adding Bookmark..........
This policy applies to all University staff, contractors or other parties who, in the course of doing business on behalf of the University, are involved in processing, storing or transmitting payment card data.

Responsible Officer: Chief Financial Officer
Implementation Officer: Director, Corporate Finance

First approved by:
Vice-Chancellor on 26 August 2013

Amendments approved by:




Payment Card Security Policy


This policy was approved by Vice-Chancellor on 26 August 2013.
PURPOSE

The Payment Card Industry Data Security Standards (PCI-DSS) are a set of industry standards to mitigate the risks associated with the handling of payment card data, including fraud and identity theft.

The PCI-DSS applies to all entities (including merchants, processors, acquirers, issuers and service providers) that store, process or transmit data containing the primary account number of a holder of any of the above cards and requires them to comply with certain minimum standards and procedures whenever they do so.

The Payment Card Security Procedure documents how to comply with this policy. The requirements of the Payment Card Security Procedure are in addition to, and do not derogate from, the requirements of the Privacy Policy.

SCOPE

This policy applies to all University staff, contractors or other parties who, in the course of doing business on behalf of the University, are involved in processing, storing or transmitting payment card data.

DEFINITIONS

Merchant: Any person or entity (such as a school/unit) that accepts payment cards as payment for goods and/or services.

Payment Card: Any credit or debit card accepted by the University.

PCI-DSS: Payment Card Industry Data Security Standards, developed by the PCI Security Standards Council.

POLICY
The University is committed to safeguarding all payment card data it receives, and complying with PCI-DSS requirements. To support this commitment, the University will use, store, transmit and destroy payment card data in a manner which protects such data from misuse and from unauthorised transactions.
ASSOCIATED INFORMATION

Contracts Policy
Information and Communications Technology Security Policy
Information and Communications Technology Use Policy
Information and Records Management Policy
Payment Card Industry - Data Security Standards (PCI-DSS)
Privacy Policy
Procurement Policy



Printed copies of this document may not be current. Please refer to The Guide for the most recent version.
Deakin University 2015