Bursar FAQ's for PCI Compliance
Credit/debit card number, cardholder name, expiration date, security/CVV code.
Whenever possible, do NOT maintain paper/printouts. If needed, they should be stored in a locked filing cabinet or drawer with access limited to only those who need the information and destroyed per the records retention requirements in the PCI policy. http://www.usg.edu/records_management/schedules/.
No. Creating a document, even though it may not be saved on the computer, will create temporary copies of the cardholder data on the computer.
No. CSU computers may not be used to store or transmit cardholder data, even if the objective is to purchase University products or services. Only University-approved PCI-compliant hardware may be used for these tasks. To request a review of a specific need of this type or for any question related to this information, contact the Bursar’s Office or the Controller.
Depending on the situation, this may be allowed. If this is part of your job responsibilities, you must complete the University Cash Handling and PCI training (including periodic refreshers and updates) and/or consult with the University's Bursar’s Office to understand what is required to maintain PCI compliance.
No. Cardholder data should never be sent, received, or stored via email systems due to security concerns.
Depending on the situation, this may be allowed. To request a review of a specific need of this type, contact the Bursar’s Office.
CSU maintains mechanisms to support certain kinds of online credit card transactions. You must contact the Bursar’s Office and use one of the current approved PCI compliant methods.
All new software applications being considered by campus departments must go through a technology evaluation and security review as well as Bursar/Controller assessment. Contact ITS prior to discussions with a vendor so they can be involved in the process to determine if a similar solution already exists, ensure network compliance of proposed solution, and the ability to interface with other CSU systems. The requestor will be notified of the outcome of these reviews.
CSU maintains mechanisms to support certain kinds of online credit card transactions. You must contact the Bursar’s Office and use one of the current approved PCI methods.