Payment Card Information Protection

 
 

3. Payment Card Industry-Data Security Standard(PCI-DSS)

Does your unit work with UBC Treasury to comply with the Payment Card Industry – Data Security Standard (PCI-DSS) requirements for all merchant payment card handling?

Why is this control essential?

PCI-DSS is a regulatory requirement. It prevents a threat actor from stealing cardholder data (CHD) and using it to commit fraud, which affects consumer confidence and damages your reputation as a merchant. Non-compliance exposes university to substantial financial and reputational risks.

Reference Links​

UBC Finance - PCI DSS Compliance
Information Security Standards – M10 Internet-facing Systems and Services
Information Security Standards – M6 Security of Wi-Fi Infrastructure
Information Security Standards – U3 Transmission and Sharing of UBC Electronic Information

Instructions​

There are a number of types of payment cards, the most common being credit cards, debit cards and prepaid cards. Most commonly, a payment card is electronically linked to an account or accounts belonging to the cardholder.

Engage UBC Treasury for all initiatives or project that requires:
     > anyone who stores, process or transmit cardholder data
     > payment application software development
     > payment hardware manufacturing

Answer N/A if your Unit does not handle any payment card information, not even through a vendor. If your unit uses a vendor for handling payment card information, this question IS applicable to you.

What is Acceptable?

Working with treasury to understand the requirements and compliance. Compliance must be renewed annually.

 
 
 

---