Left to right: Christopher Law IPS, Jeff Dumba, associate vice-president of financial services and Shari Baraniuk, CIO and associate vice-president, information and communication technology.

U of S achieves high security compliance

Around the world organizations are being challenged to put higher standards in place to protect consumer credit card data.

By University Communications

The frequency and severity of credit card fraud has had a major financial and reputational impact on organizations that have fallen victim to cyber-attacks and data breaches, said Jeff Dumba, associate vice-president of financial services. The University of Saskatchewan (U of S), Dumba continued, is taking a lead in the area of financial information security by becoming one of only a few post-secondary institutions in Canada to obtain Payment Card Industry Data Security Standard (PCI DSS) compliance.

"We are doing our part to protect the financial information of the people who place their trust in us," said Dumba. "This collaborative initiative between Financial Services and Information and Communications Technology involved reviewing the security processes and technologies within all units on campus that accept, transmit or store card holder data to ensure they meet the PCI DSS standards."

Dumba acknowledged, "the achievement demonstrates how the U of S reacts to fulfilling their obligations and that's by putting the right people in the right position to achieve the right outcomes."

The ever-increasing demand for credit card security has created the opportunity for the U of S to embark on this path of compliance. Under the guidance of IPS, a qualified security assessor, the university completed the self-audit program to achieve the compliance accreditation.

Established by major card providers such as VISA, MasterCard, Discovery and American Express, the PCI Data Security Council develops security protocols to increase controls around cardholder data and reduce credit card fraud. The PCI DSS accreditation is granted to organizations that can meet and maintain the stringent PCI DSS compliance standards set by the council.

The U of S, explained Shari Baraniuk, CIO and associate vice-president, information and communication technology (ICT), met and exceeded those standards.

"We are pleased with the outcomes and receiving PCI DSS compliance as it reflects the serious commitment the University of Saskatchewan has made to the university community and our customers that trust us with sensitive payment card information," Baraniuk said.

While PCI DSS compliance is a significant achievement, Baraniuk stressed that "security compliance is not a one-time event or the accountability of a single department. Maintaining and approving upon these security standards is a shared responsibility amongst many partners on campus and we will remain committed to ensuring the right security measures are in place to protect the financial information of everyone that interacts with the university."