Multi-factor Authentication Required for myVPN Starting July 22, 2024 - Learn More

CSP - AHoU - Payment Card Information Protection

Payment Card Protection  

10. Payment Card Industry-Data Security Standard(PCI-DSS)

Does your unit work with UBC Treasury to comply with the Payment Card Industry – Data Security Standard (PCI-DSS) requirements for all merchant payment card handling?

Control or Process Description​

UBC Treasury maintains PCI compliance for UBC. Units are expected to work with Treasury to evaluate the most efficient way to be PCI compliant and to maintain compliance on an ongoing basis

Why is this Essential?

PCI-DSS is an industry standard for payment card handling enforced by acquiring banks and PCI Security standards council. It prevents a threat actor from accessing cardholder data (CHD) and using it to commit fraud, which affects consumer confidence and damages your reputation as a merchant. Non-compliance exposes university to substantial financial and reputational risks.

Reference Links​
UBC Finance - PCI DSS Compliance
Information Security Standards – M10 Internet-facing Systems and Services
Information Security Standards – M6 Security of Wi-Fi Infrastructure
Information Security Standards – U3 Transmission and Sharing of UBC Electronic Information


There are a number of types of payment cards, the most common being credit cards, debit cards and prepaid cards. Most commonly, a payment card is electronically linked to an account or accounts belonging to the cardholder.

Engage UBC Treasury for all initiatives or project that requires:
     > anyone who stores, process or transmit cardholder data
     > payment application software development
     > payment hardware manufacturing

Answer N/A if your Unit does not handle any payment card information, not even through a vendor. If your unit uses a vendor for handling payment card information, this question IS applicable to you.
What is Acceptable?

Working with treasury to understand the requirements and compliance. Compliance must be renewed annually.


UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Chats Two speech clouds. Facebook The logo for the Facebook social media service. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Telephone An antique telephone. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Twitter The logo for the Twitter social media service. Youtube The logo for the YouTube video sharing service. Bell Warning