Policy information pertaining to the Payment Card Industry – Data Security Standard (PCI-DSS), and McMaster University Merchant requirements, is incorporated in Policy for the Acceptance of Payment Cards and eCommerce Payments. and The Information Security Policy can be found in link https://informationsecurity.mcmaster.ca/section/policy/.

McMaster University has targeted policy compliance for the university at the Self Assessment Questionnaire (SAQ) “C” level in order to cover the majority of our merchants who are using SAQ-A through C processes.

All McMaster University merchants are required to be in compliance with the PCI-DSS and McMaster University Policies, specifically Policy for the Acceptance of Payment Cards and eCommerce Payments. Overall responsibility for coordination of PCI compliance rests with McMaster University IT Security and Financial Affairs.

The following guidelines are presented to assist Merchants with understanding their role in compliance with PCI-DSS.

• Procedures for the Acceptance of Payment Cards and eCommerce Payments
• Fraud Policy
• Statement on Collection of Personal Information and Protection of Privacy
• Skimming Prevention – Best Practices for Merchants
• Chargeback tips

Terms of Reference