3. Payment Card Industry-Data Security Standard(PCI-DSS)
Does your unit work with UBC Treasury to comply with the Payment Card Industry – Data Security Standard (PCI-DSS) requirements for all merchant payment card handling?
Why is this control essential?
PCI-DSS is a regulatory requirement. It prevents a threat actor from stealing cardholder data (CHD) and using it to commit fraud, which affects consumer confidence and damages your reputation as a merchant. Non-compliance exposes university to substantial financial and reputational risks.
Reference Links
UBC Finance - PCI DSS ComplianceInformation Security Standards – M10 Internet-facing Systems and Services
Information Security Standards – M6 Security of Wi-Fi Infrastructure
Information Security Standards – U3 Transmission and Sharing of UBC Electronic Information
Instructions
There are a number of types of payment cards, the most common being credit cards, debit cards and prepaid cards. Most commonly, a payment card is electronically linked to an account or accounts belonging to the cardholder.
Engage UBC Treasury for all initiatives or project that requires:
> anyone who stores, process or transmit cardholder data
> payment application software development
> payment hardware manufacturing
Answer N/A if your Unit does not handle any payment card information, not even through a vendor. If your unit uses a vendor for handling payment card information, this question IS applicable to you.
What is Acceptable?
Working with treasury to understand the requirements and compliance. Compliance must be renewed annually.