Business owners and their dedicated IT leads who are looking to purchase an e-commerce application or service from a service provider will need to anticipate, plan for, and advocate for a security assessment during the procurement phase. Such security assessments will involve a complete PCI DSS review of the service provider. Financial Resources reserves the right to reject merchant account applications if the PCI Compliance Office cannot confirm the service provider’s compliance with PCI DSS and their proposed payment transaction process.
Before a contract can be signed with, or awarded to, a service provider, the uOttawa business owner will need to ensure that any new or renewed master agreement between uOttawa and the service provider includes clauses governing PCI DSS.