Credit Card Data Securitycredit-card-security

The purpose of this document is to describe the responsibilities one assumes when one undertakes the collection, processing, storage, or dissemination of other people’s credit card data.

All credit card data printed on paper or received by fax must be protected against unauthorized access.

  • Do not keep credit (or debit) card numbers or copies of credit card payment slips on file.
  • Do not enter or store credit (or debit) card numbers in departmental databases, including computer hard drives, CDs, disks, and other external storage media.
  • Hand carry manual credit card payment slips to TCU cashiers on a daily basis using a secure envelope.
  • Do not transmit credit card data via email or the Internet unless the connection is secure or the information encrypted.
  • Store any credit card payment slips that have not yet been transmitted to the cashiers under lock and key.
  • Shred any existing paper documents that contain credit card data. Do not discard in the trash.
  • Delete credit card data from existing electronic databases, including computer hard drives, CDs, disks, and other external storage media.
  • Do not publicly display credit card data or leave unattended, even on your desk or the desk of a co-worker.
  • Do not disclose credit card data.

For further information on this certification requirement or assistance with sensitive personal information (SPI) protection, please see http://security.tcu.edu/SecuringSPI.htm or call Jim Mayne, TCU Information Services Network Security Engineer, at 817-257-6843.

Notify TCU Information Services Network Security Engineer, Aaron Munoz (817-257-6843 or a.v.munoz@tcu.edu).