HomeData Protection GuidelinesRecords RetentionBanking information (Direct Debit/Credit Card etc.)

Banking information (Direct Debit/Credit Card etc.)

In today’s environment, card data security has become important for every type of business that accepts card payments. If a school accepts card payments, whether in a face-to-face or card-not-present environment, it must secure all card information using the global industry standards.

The Payment Card Industry Data Security Standards (PCI DSS) are global information security standards which include a set of comprehensive requirements for enhancing payment account data security.

Requirements for all schools/ETBs that accept card payments

The PCI DSS include 12 key requirements which apply to schools/ETBs that accept or process card payments. These are:

  1. Installation and maintenance of a firewall configuration to protect data
  2. Do not use vendor-supplied defaults for passwords or other security parameters
  3. Protect stored data
  4. Encrypt the transmission of cardholder data and sensitive information
  5. Use and regularly update anti-virus software
  6. Develop and maintain secure systems and applications
  7. Restrict access to data by business need-to-know
  8. Assign a unique ID to each person with computer access
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security

These requirements apply to all schools/ETBs that store, transmit or process payment card data.