What is PCI-DSS?
These are a set of standards the University of Strathclyde, as a merchant who takes payment by debit or credit card, must adhere to in order to achieve compliance. The standards are developed by the five card brands: Visa, Mastercard, AMEX, JCB adn Discover. The purpose is to ensure that businesses are reducing risk of data theft and fraud by providing a secure environment for their customers to make payments.
Why is it important to the University of Strathclyde?
As an institution we process thousands of card transactions per month. The ability to take card payments is essential. The University of Strathclyde are contractually obliged to achieve PCI-DSS compliance. Being compliant shows the merchant has worked to provide a secure payment environment that reduces the risk of data theft from their customers.
The consequences of a security breach resulting in card data being compromised are varied and can be significant:
- Inconvenience, distress and financial loss to our customers.
- Reputational damage to the University
- Direct financial penalties for the University
- Indirect financial costs associated with the University’s being assessed as higher risk, such as increased transaction costs and additional audit requirements
- The University's ability to take card payments could be constrained or even removed
- GDPR implications as this would be personal data loss
Information for staff
Documentation on policy and processes can be found here.
For further detail contact:
Tracy Bennett - PCI-DSS Compliance Officer