FAQ

FAQ

What is PCI?

PCI stands for Payment Card Industry. ThePCI Security Standards Council (PCI SSC) , is an independent body that was created by the major payment card brands (Visa, MasterCard, American Express). It manages and administers the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards designed to ensure that ALL merchants who process, store or transmit payment card information maintain a secure environment. However, it is important to note that the payment brands and acquirers are responsible for enforcing compliance, not the PCI SSC.

Who does the PCI DSS apply to?

The PCI DSS applies to all merchants who accept, transmit or store any cardholder data regardless of size or number of transactions.

Where can I find documents relating to the PCI DSS?

The current documents can be found on the PCI SSC website.

If we are using third party processors do we still have to be PCI DSS compliant?

Yes. Just by using a third-party service provider it does not exclude a merchant from PCI DSS compliance. It may cut down on their risk exposure and consequently reduce the effort to validate compliance. However, it does not mean they can ignore the PCI DSS.

Who initiates the Annual Self-Assessment Questionnaire?

Each business unit belonging to the Commerce Group will be contacted by Financial Services to begin the annual SAQ process.

Who oversees the Commerce group PCI compliance process?

The Manager, Commerce & Receivables will oversee the Business Unit portion for PCI compliance.

Faculties

Students

Campus

Contact Us