During 2012 the PCI Project team conducted a series of initial and follow-up visits to departments within Faculties and Divisions and as a result a number of issues have been identified where the handling of cardholder data (CHD) is not fully compliant with the PCI DSS.

Remediation guidelines have been developed to assist in reducing the risk of CHD breaches.  While some business practice changes can be made immediately to align with these guidelines, it is acknowledged that immediate full compliance with PCI DSS will not be possible and may be dependent on elements of an eCommerce solution.

A project to bring standardised eCommerce technologies to the University is currently in progress.  The eCommerce project aims to provide an online option for making payments for University’s goods and services.  This should provide an improved overall payment experience for users and reduce the greater risk of data compromise by reducing the handling of CHD by University Staff members.  The eCommerce project is working closely with the PCI DSS compliance project to ensure PCI DSS compliance is in scope for any eCommerce solutions implemented. 

The remediation guidelines have been sent to the Finance Managers in each area and can also be viewed under General Documentation on the FS website.  Where possible the University’s business practices should be reviewed and amended to address the PCI DSS compliance issues identified.  For further information visit the PCI web page on the Financial Services website or contact Leena Brij on x30088.  Leena can provide advice on PCI DSS and/or assist with potential options to remediate local issues/instances of non-compliance.