Credit Card Security Tip SheetCredit Card Data Usage and Retention
- Storage and retention of credit card data must be the minimum length necessary to meet University and/or regulatory requirements.
- University policy prohibits retaining or storing the cardholder's full credit card number, the three digit CVV code or the PIN verification value.
- At a minimum, the credit card number must be rendered unreadable for all stored or retained data.
- Media or storage containers with cardholder data must be labeled as "confidential".
- Cardholder data may not be sent via email, unless it is encrypted.
- Cardholder data must be secured against unauthorized removal and stored in a secured area.
- Any movement of cardholder data must be communicated to and pre-approved by the Treasurers Office.
- All physical areas containing cardholder data must have limited access.
- The preferred method of storage of cardholder data is a locked container.
- These areas must not be accessible to the public.
- All visitors to these areas must be escorted at all times by an employee with legitimate access.
- It is the department's responsibility to ensure the visitor's access to the area is authorized and logged for audit purposes.
- Visitors include employees, temporary employees, consultants, or contractors.
Deposit of Funds Form
- Third parties with access to cardholder data must be contractually obligated to comply with the payment card industry security requirements.
- The third party must provide documentation to the University of their compliance level.
- Do not send cardholder receipts with the DOF form - Cashiers Office does not need or want that detailed information.
- Attach and send only a transaction summary, settlement, batch or close report with individual card type subtotals to the Cashiers Office.
- The completed DOF form should show the total credit card deposit by credit card type and the supporting documentation should agree to the completed form.
- Include your departments Merchant ID # of the DOF form.
- The completed DOF form should show the total deposit by credit card type with an attached report that supports the information entered on the form.