Accepting card payments: what you need to know

28 Jul 2021

How to protect yourself and our customers, suppliers and banks

What is PCI DSS?

The Payment Card Industry Data Security Standard, known as PCI DSS, is a set of requirements which explains how to protect yourself and customers when taking payments. We are currently being assessed as part of an annual process to ensure we are compliant for another year from the end of September 2021.

Why is it so important?

Financial fraud involving card payments totalled £1.2 billion in 2019. It is still a major problem and our University needs to ensure that we protect the personal details of any staff or students who make a card payment. Card data is packaged and sold to fraudsters – it is worth more if personal details are also available. British Airways was fined £20million in 2020 for their data breach which affected more than 400,000 customers.

How do we tackle card fraud at our University?

All parties involved in processing, storing or transmitting cardholder data need to protect data in accordance with PCI DSS standards.

People – All staff taking and supporting card payments are required to undertake the training and must be aware of their role and responsibilities.
Processes – All processes for taking and supporting card payments must be secure and approved by the Directorate of Finance.
Technology – The University card payment networks and infrastructure must be secure, and physically and logically segmented from the wider network.

What you need to do

All University staff should be aware of PCI DSS and the implications of non-compliance.
Staff involved in taking card payments should receive appropriate training from members of the Income Office.
If you take or process any card payments on behalf of the University your line manager should ensure that you receive the relevant support and training. If you haven’t received this, would like further information, or would like to report anything please contact us PCIDSS@manchester.ac.uk