10. Payment Card Industry-Data Security Standard(PCI-DSS)
Does your unit work with UBC Treasury to comply with the Payment Card Industry – Data Security Standard (PCI-DSS) requirements for all merchant payment card handling?
Control or Process Description
UBC Treasury maintains PCI compliance for UBC. Units are expected to work with Treasury to evaluate the most efficient way to be PCI compliant and to maintain compliance on an ongoing basis
Why is this Essential?
PCI-DSS is an industry standard for payment card handling enforced by acquiring banks and PCI Security standards council. It prevents a threat actor from accessing cardholder data (CHD) and using it to commit fraud, which affects consumer confidence and damages your reputation as a merchant. Non-compliance exposes university to substantial financial and reputational risks.
Reference Links
UBC Finance - PCI DSS ComplianceInformation Security Standards – M10 Internet-facing Systems and Services
Information Security Standards – M6 Security of Wi-Fi Infrastructure
Information Security Standards – U3 Transmission and Sharing of UBC Electronic Information
Instructions
There are a number of types of payment cards, the most common being credit cards, debit cards and prepaid cards. Most commonly, a payment card is electronically linked to an account or accounts belonging to the cardholder.
Engage UBC Treasury for all initiatives or project that requires:
> anyone who stores, process or transmit cardholder data
> payment application software development
> payment hardware manufacturing
Answer N/A if your Unit does not handle any payment card information, not even through a vendor. If your unit uses a vendor for handling payment card information, this question IS applicable to you.
What is Acceptable?
Working with treasury to understand the requirements and compliance. Compliance must be renewed annually.