Credit Card Processing Information
Application to take credit cards
Application to become a merchant department
Important Policy and Process Changes to Help Protect Against Stolen Identities and Credit Card Fraud
From: firstname.lastname@example.org on behalf of Darwin, Mike [email@example.com]
Sent: Monday, October 03, 2011 1:25 PM
To: EMPLOYEE-L - All Samford Employees
Subject: [EMPLOYEE-L:4989] Important Policy and Process Changes to help protect against stolen identities and credit card fraud
To: Samford University Employees
From: Mike Darwin, Controller
David Hakanson, Chief Information Officer
Subject: Important Policy and Process Changes
Date: October 3, 2011
Due to regulatory requirements regarding payment instrument security and government identifier security, related policies and practices at Samford University have been revised. The regulations are intended to protect individuals from identity theft by guarding their Personally Identifiable Information (PII), and to protect both banks and individuals from credit card theft and fraud. Regulatory bodies include the Federal Trade Commission, Payment Card Industry Security Standards Council (PCI SSC), and others. PCI SSC regulates security for all credit card merchants (people and organizations who take credit cards), for American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc. The policy and practice changes were necessary to conform to the requirements of the regulatory bodies, which include the requirement for specifics in the policies themselves, as well as specifics in operating practice and processes.
Policies that have changed:
4.21 Credit Card Processing and Security Policy is a new policy that is required by PCI SSC to meet security and compliance requirements. All areas of the University that accept credit cards for payment in any way are directly affected by compliance requirements and this policy. Persons involved in this activity need to read and be familiar with this new policy. Further communications will come to persons known to be affected in the near future.
6.02 Data and Applications Security Agreements, renamed from Confidentiality-Security Agreement Policy. The policy has changed to reflect the regulatory requirements and to modify our practice regarding activities related to payment instruments and government identifiers. In the near future, employees will sign (electronically) an updated Confidentiality-Security Agreement that includes new text prohibiting processing of government identifiers unless specifically approved by the Director of Human Resources, and prohibiting processing payment transactions unless specifically approved by the Controller. There are also changes related to Data and Applications Security Agreements (formerly Confidentiality-Security Agreement Addendum).
6.04 Computing and Information Technology Values and Policy has been updated regarding ID and password responsibilities and management, and storage of PII and financial instrument information.
These policies can be viewed in their entirety at the Human Resources web page using the following link http://www.samford.edu/humanresources/policymanual.aspx
800 Lakeshore Drive
Birmingham, AL 35229