Payment Card Data Security Guideline

Legislative History:

Approved by the President and Vice-Presidents; July 1, 2012

Approval Authority: President

Signature: Mamdouh Shoukri

Description: Establishes the standard for all York University departments, offices and units accepting payment card transactions. Has associated Procedure.


Accepting payment card transactions is a convenient way to handle the sale of goods and services at York University. By accepting payment cards for transactions, the University has a responsibility to protect cardholder data and to ensure the security of that information.


In accepting payment cards, York University must comply with cardholder data protection and security requirements as established by the Payment Card Industry Data Security Standard ("PCI DSS").


All York University departments, offices and units accepting Payment Card transactions ("merchants") will be required to demonstrate their ongoing compliance with the PCI DSS, as outlined in the associated Procedures.


The Vice-President Finance and Administration shall authorize Procedures as necessary or desirable to give effect to this Guideline.