Payment Security & PCI DSS Policy

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards  defined and published by the Payment Card Industry Security Standards Council. The standard was created to help prevent payment card fraud through increased controls around data and its exposure to compromise and applies to all organisations that hold, process or exchange cardholder information.

 You can find Imperial College London's Payment Information Security Policy and Cardholder Data Handling Procedure below. Both these documents form part of our Payment Security Management System (PSMS) which is governed by our Payment Security Committee. If you have any queries about these documents, please email

 To report a payment security related incident, please refer to the incident reporting page.

 PSMS Payment Information Security Policy

PSMS Cardholder Data Handling Procedure

 All individuals handling card data are expected to comply with:

Conditions of use of IT resources

Information security policy

Change of vendor default password policy

Passwords – Code of Practice