{"id":241,"date":"2020-01-22T20:08:53","date_gmt":"2020-01-22T20:08:53","guid":{"rendered":"https:\/\/www.furman.edu\/offices-services\/information-technology-services\/?page_id=241"},"modified":"2022-12-15T17:00:22","modified_gmt":"2022-12-15T17:00:22","slug":"credit-card-data-security","status":"publish","type":"page","link":"https:\/\/www.furman.edu\/offices-services\/information-technology-services\/policies-security\/credit-card-data-security\/","title":{"rendered":"Credit Card Data Security"},"content":{"rendered":"<p><strong>Information Technology Services: <\/strong>\u00a0Associate Vice President for Information Technology\u200b\u200b<\/p>\n<p><strong>Last Revised:\u00a0<\/strong>08\/19\/14<\/p>\n<p><strong>Title:<\/strong>\u00a0Credit Card Data Security Policy<\/p>\n<p><strong>Applicable:<\/strong>\u00a0Furman University (Students, Staff, Faculty)<\/p>\n<p><strong>Contacts:<\/strong>\u00a0Information Technology Service Center ext. 3277<\/p>\n<p><strong>Background:<\/strong>\u00a0The Payment Card Industry Data Security Standard (PCI-DSS) is an information security standard for organizations that handle credit card information. The major credit card providers require that all organizations that use credit cards must certify that they comply with the provisions of this standard annually.<\/p>\n<p><strong>Policy:<\/strong>\u00a0Any systems or processes that require the use of a credit card must be in compliance with current Payment Card Industry Data Security Standard. Furman University is required to comply with all PCI-DSS terms for protecting credit card and related personally identifiable information (PII).<\/p>\n<p><strong>Guidelines:<\/strong><\/p>\n<ul>\n<li>Furman complies with PCI-DSS by following the requirements of PCI-DSS Self Assessment Questionnaire B. Requirements of PCI-DSS Self Assessment Questionnaire B include:\n<ul>\n<li>Furman credit cards transactions may only be processed on-campus by imprint machines or dial-out terminals connected via a phone line to an approved credit card processor.<\/li>\n<li>Standalone dial-out terminals may not be connected to any other systems on Furman\u2019s campus.<\/li>\n<li>Standalone, dial-out terminals may not be connected to Furman\u2019s network.<\/li>\n<li>Furman will not transmit cardholder data over its network.<\/li>\n<li>Furman will retain only paper report or paper copies of receipts with cardholder data, and these documents are not received electronically,<\/li>\n<li>Furman will not store cardholder data in any electronic format.<\/li>\n<\/ul>\n<\/li>\n<li>University credit card transactions may be processed by approved third party payment vendors that meet the PCI-DSS security and privacy requirements.<\/li>\n<li>Any contract for information technology hardware, software, or services must be reviewed by the Director of Enterprise Systems for compliance with PCI-DSS and University PII standards before the contract is executed. Any contracts for systems, software, or services requiring the use of credit card transactions or other PII may only be executed on behalf of the University by the University\u2019s Chief Information Officer.<\/li>\n<li>A Furman-owned computer, or computing device (e.g., tablet or smartphone), on Furman\u2019s network may not act as a \u201cvirtual terminal\u201d to process credit card transactions to an approved third party payment vendor.<\/li>\n<li>No systems developed by ITS staff may collect or maintain personally identifiable information such as Social Security Numbers or credit card numbers.<\/li>\n<li>The use of third-party build-your-own web form services (e.g., Wufoo) to collect credit card information, or other PII, is prohibited.<\/li>\n<li>Exceptions to this policy may only be approved by the University\u2019s Chief Information Officer.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Information Technology Services: \u00a0Associate Vice President for Information Technology\u200b\u200b Last Revised:\u00a008\/19\/14 Title:\u00a0Credit Card Data Security Policy Applicable:\u00a0Furman University (Students, Staff, Faculty) Contacts:\u00a0Information Technology Service Center ext. 3277 Background:\u00a0The Payment Card Industry Data Security Standard (PCI-DSS) is an information security standard for organizations that handle credit card information. The major credit card providers require that all [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":89,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-241","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.furman.edu\/offices-services\/information-technology-services\/wp-json\/wp\/v2\/pages\/241","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.furman.edu\/offices-services\/information-technology-services\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.furman.edu\/offices-services\/information-technology-services\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.furman.edu\/offices-services\/information-technology-services\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.furman.edu\/offices-services\/information-technology-services\/wp-json\/wp\/v2\/comments?post=241"}],"version-history":[{"count":0,"href":"https:\/\/www.furman.edu\/offices-services\/information-technology-services\/wp-json\/wp\/v2\/pages\/241\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.furman.edu\/offices-services\/information-technology-services\/wp-json\/wp\/v2\/pages\/89"}],"wp:attachment":[{"href":"https:\/\/www.furman.edu\/offices-services\/information-technology-services\/wp-json\/wp\/v2\/media?parent=241"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}