Finance


Payment Card Industry Data Security Standard (PCI DSS)

In order to be able to accept payment by debit and credit card, the University and subsidiaries must meet the requirements defined in the Payment Card Industry Data Security Standard (“PCI DSS”). PCI DSS is a worldwide information security standard defined and published by the Payment Card Industry Security Standards Council. The standard was created to help organisations that process card payments reduce the risk of payment card fraud through increased controls around cardholder information and its exposure to compromise. The standard applies to all organisations that store, process, or transmit cardholder information. Organisations that fail to meet the compliance requirements risk losing their ability to process payment card payments and/or fines. For further information view the PCI DSS Compliance Guide.

The Universities standard operating procedure describes the required responsibilities and processes in order to accept debit and credit cards as payment methods for goods and services provided by the University and subsidiaries.

The standard operating procedure describes how the requirements of PCI DSS will be applied to the permitted methods of accepting card payments. An “exception” is an alternative to one or more of the procedures specified in this document.

In the event that you suspect an incident involving cardholder data please refer to the Incident response plan for guidance.

For any other queries please contact the PCI DSS team - pcidss@manchester.ac.uk

Contact us