Introduction

The PCIDSS Committee was founded in 2006 by American Express, Discover, JCB International, MasterCard and Visa Inc. They share equally in governance and execution of the Council's work. Their aim is to ensure that businesses are providing a secure environment for their customers to make payment by reducing risk of card data theft and fraud.
 

The Payment Card Data Security Standard (PCI DSS) requirement is necessary for all institutions accepting Credit/Debit Card Payments.  Without compliance College cannot accept card payments.  Failure to meet the requirements can expose the College to large fines and increased surveillance/audit costs should a security breach occur.  In addition, should a breach occur and non-compliance has been evidenced, College will also be held accountable for all fraudulent spending and, significantly, any regulatory fines for data protection breaches.

 Imperial College is a member of the PCI DSS special Interest Group (SIG) and has set up an IC PCI DSS commitee to ensure Imperial College maintains PCI DSS compliance. They can be contacted via email at pcidsscom@imperial.ac.uk

The Committee has the following responsibilities

  • Helping to formalise and complete a PCI DSS compliant process and environment within your allocated area  (project work)

  • Helping maintain ongoing compliance (ongoing work)

  • Maintaining knowledge base with the chosen area (ongoing work)

  • Assist in the completion of the PCI DSS questionnaire required for compliance (annual work)

  • At least quarterly formal meetings on PCI DSS compliance (ongoing work)

    Goals:PCI DSS Requirements:Goals:PCI DSS Requirements:Goals:PCI DSS Requirements:Goals:PCI DSS Requirements:Goals:PCI DSS Requirements:Goals:PCI DSS Requiremen

In order to be PCI DSS compliant, the College must meet the 12 PCI DSS requirements

Build and Maintain a Secure Network
PCI DSS Requirements:
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
 
Goals: Protect Cardholder Data
PCI DSS Requirements:
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
 
Goals: Maintain a Vulnerability Management Program
PCI DSS Requirements:
5. Use and regularly update anti-virus software or programs
6. Develop and maintain secure systems and applications
 
Goals: Implement Strong Access Control Measures
PCI DSS Requirements:
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
 
Goals: Regularly Monitor and Test Networks
PCI DSS Requirements:
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
 
Goals: Maintain an Information Security Policy
PCI DSS Requirements:
12. Maintain a policy that addresses information security for employees and contractors
 
All staff who have contact with a customers card data should be aware of PCI DSS requirements.