Policy Tracking | Date |
---|---|
Approved | Insert date |
Revised | February 15, 2016 |
Reviewed | Insert date |
Credit card processing at the College complies with the Payment Card Industry Data Security Standards (PCIDSS). The following security requirements have been established by the payment card industry and adopted by the College to ensure compliance with the payment card industry. These requirements apply to all employees, systems, and networks involved with credit card processing, including transmission, storage, or electronic and paper processing of credit card numbers.
Authorized Employees
Credit card processing for official college business is restricted to Business Office personnel and other personnel authorized by the Chief Financial Officer. No other College employees are authorized to process such information for any reason.
Training
College employees who process credit card information or who have access to this information will complete annual data security training.
Procedures
Each College employee who processes credit card information must strictly adhere to the
following:
Data Retention
Credit card information, including the card number, cardholder name, CVV code, and expiration date should not be retained for any reason.
Restrictions
Employees may not send or process credit card data in any insecure manner including:
transmitting such data via mail, courier, email, or instant messaging. Credit card information may not be left exposed to anyone.
Network and Infrastructure
The Information Technology Department maintains additional procedures to ensure compliance with PCIDSS. These include:
Compliance
The College shall annually submit a PCIDSS security questionnaire to the North Carolina Community College System to ensure compliance with the PCI Data Security standards.