Finance DirectorateFinancial regulations and policies
University Policies and Regulations
What is PCI-DSS?
These are a set of standards the University of Strathclyde, as a merchant who takes payment by debit or credit card, must adhere to in order to achieve compliance. The standards are developed by the five card brands:
- Visa
- Mastercard
- AMEX
- JCB
- Discover
The purpose is to ensure businesses reduce the risk of data theft and fraud by providing a secure environment for their customers to make payments.
Why is it important to the University of Strathclyde?
As an institution, we process thousands of card transactions per month. The ability to take card payments is essential. The University of Strathclyde is contractually obliged to achieve PCI-DSS compliance. Being compliant shows the merchant has worked to provide a secure payment environment that reduces the risk of data theft from their customers.
The consequences of a security breach resulting in card data being compromised are varied and can be significant:
- inconvenience, distress, and financial loss to our customers
- reputational damage to the University
- direct financial penalties for the University
- indirect financial costs associated with the University’s being assessed as higher risk, such as increased transaction costs and additional audit requirements
The University's ability to take card payments could be constrained or even removed - GDPR implications, as this would be personal data loss
Information for staff
Documentation on policy and processes can be found on the PCI-DSS Sharepoint.
For further details contact Gail Timmons, Cyber Security Compliance Officer: gail.timmons@strath.ac.uk
You can also contact the PCI-DSS team: pci-team@strath.ac.uk