Compliance with policies is primarily enforced through process and standard documents. A serious breach of the policy may constitute gross misconduct and lead to dismissal. Failure to follow this policy will be considered under the University's conduct procedure (Ordinance 10, section 4: ) and may result in disciplinary action. Compliance and RequirementsĬompliance with this policy is mandatory. It also includes the issue and expiry dates, the cardholder’s name and the three-digit security code on the back of the card known as the Card Verification Value (CVV). ‘Credit/Debit card data’ or ‘cardholder data’ means most of the information on a credit card or debit card and includes the long 16-digit card number (Primary Account Number - PAN). The standard was created to increase controls around cardholder data to reduce credit card fraud. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organisations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover and JCB. This includes all members of the University (staff, students and associates), members of other institutions who have been granted federated access to use the University’s facilities, together with any others who may have been granted permission to use the University’s information and communication technology facilities by the Chief Digital and Information Officer. ScopeĮveryone involved with handling credit and debit cards, credit and debit card data and the systems processing such data within the University of Bristol are subject to this policy. ![]() ![]() It is designed to ensure we can meet the standards required by the Payment Card Industry’s Data Security Standard (PCI-DSS), which is a worldwide standard set up to help businesses (merchants) process card payments securely and reduce card fraud. This PCI-DSS Cardholder Data Policy is a sub-policy of the Information Security Policy (ISP-01) and outlines the University's requirement to comply with PCIS DSS to process card payments. Monitoring and Compliance Responsibilities
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |