Business Office – Chris Gardner, Chief Financial Officer
Information Technology Services – Fred Miller, Chief Information Officer
Last Revised: 06/11/19
Title: Payment Card Data Security Policy
Applicable: Wofford College (Students, Staff, Faculty)
Contacts: IT Help Center ext. 4357
Background: The Payment Card Industry Data Security Standard (PCI-DSS) is an information security standard for organizations that handle payment card information. The major payment card providers require that all organizations that use payment cards must certify that they comply with the provisions of this standard annually.
Policy: Any systems or processes that require the use of a payment card must be in compliance with current Payment Card Industry Data Security Standard. Wofford College is required to comply with all PCI-DSS terms for protecting credit card and related personally identifiable information (PII).
Guidelines:
- The College Business Office is responsible for ensuring that Wofford College complies with PCI-DSS requirements.
- Payment card information (credit or debit) may not be transmitted via email.
- College payment card transactions may be processed by approved third party payment vendors that meet the PCI-DSS security and privacy requirements.
- Any contract for information technology involving the processing of payment cards, and related PII, must be reviewed and approved by the College’s Director of Business Services and Risk Management.
- No systems developed by Wofford Information Technology Services staff may collect or maintain personally identifiable information such as Social Security Numbers or credit card numbers.
- The use of third-party build-your-own web form services (e.g., Wufoo) to collect credit card information, or other PII, is prohibited.
- Exceptions to this policy may only be approved by the College’s PCI Committee.
