UC must comply with the Payment Card Industry – Data Security Standard’s (PCI-DSS). This means the University must not receive or store any credit or debit card info in emails, Teams, OneDrive and other messaging. If UC is found to be non-compliant, the bank could remove our ability to accept credit and debit card payments.
We’ve now tightened up the security around this and we’re using industry scanning tools to identify, and block communications that meet certain rules.
What does this mean for you?
There are heaps of number sequences and length of numbers that may be a credit or debit card. This means some emails will be blocked if they have similar info to credit and debit card numbers, e.g. personal memberships and loyalty cards like FlyBuys; aasmartfuel; Columbus Coffee; Accor etc.
If you have these, or any other comms that may contain these number references, emailed to your @pg.canterbury.ac.nz or @uclive.ac.nz address, it would be worth changing these to your personal email address.
If you need to email the UC Student Finance team to show proof of payment for refund purposes, make sure credit card/debit card numbers are blacked out of any supporting documents or your email won’t get through to the team for processing.
Will the sender know their message has been blocked?
If the message is internal to UC, then ‘yes’ the sender should have a message pop up before sending the comms telling them that it is a likely breach and the email hasn’t sent.
If the message is from outside UC then ‘no’, the sender won’t know the recipient hasn’t receive the email.
If you are trying to pay for an item by credit/debit card, this should be through a secure payment gateway. These details should never be included in an email.
Need more info?
If you have any concerns, or need any more information, please contact firstname.lastname@example.org