Created: 12.4.2009/Updated 2/20/2013
Purpose: To ensure credit card information is collected and processed in a secure and timely manner.
Drake will honor the sensitivity of cardholder data and expectations that this information will be protected from misuse and loss and from unauthorized access, modifications and disclosure.
Credit card information is to be received by appropriate staff only.
Hardcopy containing credit card information will be processed timely and destroyed in a secure manner immediately after processing. Credit card information received by mail should be locked in a secure location until the number can be processed and destroyed.
Credit card information obtained via an onsite event must be processed at the event location via a method that does not require documenting the credit card number, eliminating the need to transport credit card information.
No electronic credit card numbers should be transmitted or stored in any personal computer, e-mail account, or server maintained outside of Drake OIT.
See Drake OIT Security & Policy site for requirements when working with technology.”
Colleges and/or Schools or departments that wish to accept credit cards for events must have approval from Business and Finance before proceeding with event and/or communication regarding event Colleges/Schools and/or departments wishing to accept credit cards for events using web based credit card processing or other programs must have the approval of Business and Finance before proceeding with the involvement of OIT personnel to begin working on this process.
Send policy comments to: Web Administrator
Responsibility for Administration: Vice President for Business and Finance
Department Policy Resides in: Business and Finance