FN 16 Payment Card Handling and Acceptance (formerly 05-11-02)

Summary

This policy establishes the requirements for the acceptance and management of payment cards in any area of the University where payment cardholder data is collected, stored, or transmitted. Use of the term “payment card” shall include, but not be limited to, such terms as credit cards, debit cards, check cards, and other similar cards or applications that convey payment information. The University must comply with the Payment Card Industry (PCI) Data Security Standards (DSS) which is required of all merchants and service providers that store, process, or transmit cardholder data and applies to all payment channels, including retail, mail/telephone order, and e-commerce. These standards include controls for handling and restricting payment card information, computer and internet security, as well as the reporting of a payment card information breach. Security requirements for payment cardholder data must be strictly enforced to prevent breaches of personal information, significant fines to the University, and/or loss of reputation or good will. Failure to follow this policy may result in the loss of payment card processing privileges for the University department or unit and may result in employment action against individual employee(s).