Overview

Edinburgh Napier has launched a dedicated webpage to help staff handling customer card payment information to comply with Payment Card Industry Data Security Standards (PCI DSS).

Customers who pay by debit and credit card are increasingly susceptible to card fraud and identity theft and the Univerisity and its staff have a responsibility to ensure that customer card information in its possession is handles safely and in accordance with the Payment Card Industry Data Security (PCI DSS) requirements.

PCI DSS is a worldwide data security standard governing the secure handling of cardholder details and compliance is mandatory with the University required to validate its compliance annually.

The new webpage aims to facilitate staff awareness and in turn provide a greater level of protection for our customers, reduce the risk of cardholder data breaches and prevent fraud.

Penalties

Although the programme is mandatory, it is not enforced by law. Instead, non-compliance penalties are carried out by the individual payment brands and how severe these are depends on the number of transactions an individual organisation processes. Further penalties for not complying range an increase in security auditing, to losing the ability to process card transactions altogether.

All University staff involved in taking credit or debit card payments MUST comply with the University's PCI DSS policy.

PCI DSS Documents and Guidance

PCI DSS guidance documents can be found on the PCI DSS section of the Finance A-Z documents page.