Finance DirectorateFinancial regulations and policies

University Policies and Regulations

What is PCI-DSS?

These are a set of standards the University of Strathclyde, as a merchant who takes payment by debit or credit card, must adhere to in order to achieve compliance. The standards are developed by the five card brands:

  • Visa
  • Mastercard
  • AMEX
  • JCB
  • Discover

The purpose is to ensure businesses reduce the risk of data theft and fraud by providing a secure environment for their customers to make payments.

Why is it important to the University of Strathclyde?

As an institution, we process thousands of card transactions per month. The ability to take card payments is essential. The University of Strathclyde is contractually obliged to achieve PCI-DSS compliance. Being compliant shows the merchant has worked to provide a secure payment environment that reduces the risk of data theft from their customers.

The consequences of a security breach resulting in card data being compromised are varied and can be significant:

  • inconvenience, distress, and financial loss to our customers
  • reputational damage to the University
  • direct financial penalties for the University
  • indirect financial costs associated with the University‚Äôs being assessed as higher risk, such as increased transaction costs and additional audit requirements
    The University's ability to take card payments could be constrained or even removed
  • GDPR implications, as this would be personal data loss

Information for staff

Documentation on policy and processes can be found on the PCI-DSS Sharepoint.

For further detail contact: Tracy Bennett, PCI-DSS Compliance Officer: tracy.bennett@strath.ac.uk

You can also contact the PCI-DSS team: pci-team@strath.ac.uk