Penn State University | Information Privacy and Security

home | phase i | best practices

Best Practices

NEVER e-mail credit card information.

Only employees who have a legitimate business “need-to-know” should have access to cardholder information.

Sanitize credit card numbers on any document where the complete number is visible.

Blackout credit card number (first 12 digits) and then photocopy.

Shred the original, retain the copy.

Cut out/off and shred card information.

Do not use wireless networks for the processing of Credit Cards.

Protect computer networks with hardware firewall and intrusion detection / protection.

Separate and encrypt credit card processing traffic from regular traffic.

Do not store credit card information online if possible.

If it is; Separate with a hardware firewall, and utilize encryption.

Monitor network for intrusion and anomalies 24x7.

Maintain all software, OS updates and virus signatures.

Limit Internet usage on computers that process credit cards.

Only retain information long enough to reconcile payments.

Shred documentation containing credit card information when it is no longer needed for business or legal reasons.

Lock computer terminals and paper storage areas when un-attended.


...home PHASE I PCI DSS FAQs Fact Sheet Best Practices Supporting Tools PSU Policies Links of Interest Educational Offerings	home \| phase i \| best practices Best Practices NEVER e-mail credit card information. Only employees who have a legitimate business “need-to-know” should have access to cardholder information. Sanitize credit card numbers on any document where the complete number is visible. Blackout credit card number (first 12 digits) and then photocopy. Shred the original, retain the copy. Cut out/off and shred card information. Do not use wireless networks for the processing of Credit Cards. Protect computer networks with hardware firewall and intrusion detection / protection. Separate and encrypt credit card processing traffic from regular traffic. Do not store credit card information online if possible. If it is; Separate with a hardware firewall, and utilize encryption. Monitor network for intrusion and anomalies 24x7. Maintain all software, OS updates and virus signatures. Limit Internet usage on computers that process credit cards. Only retain information long enough to reconcile payments. Shred documentation containing credit card information when it is no longer needed for business or legal reasons. Lock computer terminals and paper storage areas when un-attended.
Privacy and Legal Statements \| Copyright 2007 The Pennsylvania State University \| Contact Us