Payment Card Industry Data Security Standard (PCI DSS)

The University of Leicester is committed to maintaining and achieving PCI DSS for all University managed payment services that process credit and debit cards.

PCI DSS applies to anyone at the University, or one of its subsidiaries, involved in acquiring, using, managing and maintaining systems or services used to take payments or taking payments by credit and debit card.

As an organisation the University of Leicester is contractually obliged to comply with the PCI DSS requirements as part of the agreement with Global Payments.

What is PCI DSS?

PCI DSS – the Payment Card Industry Data Security Standard is the security standard developed by the PCI Security Standards Council in conjunction with the credit card brands for the secure processing, management and taking of card payments within the merchant’s organisation.

The intention is to protect the customer’s credit and debit card data from theft, compromise or misuse, after the card data has been given to the merchant organisation to pay for goods, services, bills and fees.

In recent years high profile cyber-crime news stories have highlighted how vulnerable a customer’s  card data can be within the merchant environment and the need for the merchant to achieve PCI DSS compliance is becoming an essential requirement.

How does PCI DSS apply to me?

Credit and debit card information is sensitive information and we need to treat it as such.  The University of Leicester is classed as a merchant because it takes and processes credit and debit card data from its customers.

PCI DSS will apply to you because your role is either involved in directly or indirectly taking, processing, handling or transmitting credit and debit card payments/refunds within the University or one of the University subsidiaries.

The University's full PCI DSS Policy must be read by anyone involved in taking credit and debit card payments as part of their joining process. In addition, the University has produced an  Information Security Policy Overview which, in conjunction with the PCIDSS policy, provides users with further guidance on handling such data.

Anyone taking such payments needs to sign the documentation to confirm that they have read and understood the policy.  The primary contact person in each department with a credit/ debit card payment system should ensure this happens, maintain a signed list of people that use the credit/ debit card machine in their department and also confirm on an annual basis that this has been done via the PCI DSS declaration .

Support from Finance

As an organisation the entire University is responsible for achieving and maintaining PCI DSS compliance; however the Finance Division leads the University’s PCI DSS compliance work and should be your first contact for any PCI DSS and/or card payment related questions.

Finance can provide guidance, advice and training on all matters relating to PCI DSS and credit/debit card handling within the University.

If you have any questions on the policy, how to apply it in practice or any training needs in this area please contact us.

Share this page: