Skip to main content

ITS News and Information

News and information from Information Technology Services

Credit Card Data Security

Business Office – Barbie Jefferson, Chief Financial Officer
Information Technology Services – Fred Miller, Chief Information Officer
Last Revised: 3/6/17
Title: Credit Card Data Security Policy
Applicable: Wofford College (Students, Staff, Faculty)
Contacts: IT Help Center ext. 4357

Background: The Payment Card Industry Data Security Standard (PCI-DSS) is an information security standard for organizations that handle credit card information. The major credit card providers require that all organizations that use credit cards must certify that they comply with the provisions of this standard annually.

Policy: Any systems or processes that require the use of a credit card must be in compliance with current Payment Card Industry Data Security Standard. Wofford College is required to comply with all PCI-DSS terms for protecting credit card and related personally identifiable information (PII).
 

Guidelines:

  1. The College Business Office is responsible for ensuring that Wofford College complies with PCI-DSS requirements.
  2. College credit card transactions may be processed by approved third party payment vendors that meet the PCI-DSS security and privacy requirements.
  3. Any contract for information technology involving the processing of credit cards, and related PII, must be reviewed and approved by the College’s Director of Purchasing and Risk Management.
  4. No systems developed by Wofford Information Technology Services staff may collect or maintain personally identifiable information such as Social Security Numbers or credit card numbers.
  5. The use of third-party build-your-own web form services (e.g., Wufoo) to collect credit card information, or other PII, is prohibited.
  6. Exceptions to this policy may only be approved by the College’s Chief Financial Officer.