The University’s wireless Point-of-Sale (POS) terminal environment has been awarded official PCI DSS certification, guaranteeing secure management of payment card transaction data. This initiative is part of the Digital Campus Transformation Plan 2020–2025.
What is PCI DSS certification?
The PCI DSS standard was created to protect and better manage payment cardholder data. This and other related standards are overseen by a standard council founded by the major payment card issuers (Mastercard, Visa, American Express, etc.).
To obtain this certification, all faculties and services at the University that process, transmit, and store payment card data must provide, on a yearly basis, proof of compliance to applicable PCI DSS requirements and appropriate training to their support staff to ensure that their infrastructures and systems are compliant. Spearheaded by the PCI DSS Compliance Office within the University’s Financial Resources Department, the PCI DSS initiative at uOttawa has benefited from the support of several internal partners, including Information Technology, as well as external firms specializing in cybersecurity. The aim of this collaboration is, of course, to ensure ongoing compliance with the payment card industry’s demanding and constantly evolving security standards.
Tangible Benefits
PCI DSS compliance drastically reduces the risk of data leakage and unauthorized access to critical cardholder information. It also optimizes the security of payment networks, while strengthening confidence in the University and maintaining its reputation.
And that’s not all! A new version of the PCI DSS standard will come into effect in March 2024, raising its level of security and compliance requirements to include phishing, social engineering, and other attacks against electronic payment applications. The next step will be to assess their impact on uOttawa and then prepare the necessary action plans to bring it up to the new requirements.
The PCI-DSS standard is evolutionary. It constantly adapts and strengthens its security requirements, to meet new cyber threats and anticipate potential vulnerabilities. The University of Ottawa will take full advantage of this to ensure its digital future.
For more information on this initiative, please contact the PCI DSS Compliance Office.