PCI DSS is a set of security requirements governing the processing, handling and storage of credit, debit and other payment card details. The purpose of PCI DSS is to ensure we are providing a secure environment in which our customers can make payment by reducing the risk of card data theft and subsequent fraud.
The University needs to be compliant with PCI DSS as a condition of our contract with our acquiring bank. Any department that accepts payment by card must comply with the PCI DSS requirements which will contribute to the compliance of the University as a whole. Please see the Guidelines page for information on how to comply with PCI DSS in your area.
Please ensure that you contact the PCI DSS Team as early as possible when planning changes to your card data environment, whether it is a change to existing processes or installing a new service. We will assess the change against University policy and PCI DSS requirements, and will contribute to tender processes to ensure that any solution procured is compliant.
As part of our compliance, all staff who come into contact with cardholder data must complete the PCI DSS Awareness module. Additional information for managers is also available; please see the Training page for more information.
Our compliance is reviewed annually, and activities including document reviews, outlet visits and questionnaires allow us to assess our processes against the requirements.
If you have any questions relating to PCI DSS and how it applies to you, please email the PCI DSS team at pcidss@contacts.bham.ac.uk.