1. UD PCI GUIDELINES
A guide for compliance with PCI DSS and the University of Delaware Payment Card Program
ALWAYS
Process payments immediately using a solution approved by Treasury Services
Store documents in a locked safe if they contain payment card numbers
Cross-cut shred portions of documents containing cardholder data immediately after processing
Permit only authorized employees access to cardholder information based on a current, legitimate business need
Mask or remove all but the last four payment card digits on terminals, computers and receipts
Complete periodic training and attestation for PCI- related security and awareness
Document all device inspections using a UD PCI Device Inventory and Tampering Checklist Form
Immediately report suspected fraud or security incidents to your unit head, the IT Security Office and Treasury Services
NEVER
Never enter payment card information directly into a CASHNet page from your desktop, laptop, or mobile device while connected to the University network (or direct a customer to do so)
Never payment card information or accept payment card information via or voic (if received: don’t process it, delete it and contact the customer)
Never store payment card numbers, CVVs, or PINs electronically (e.g., in a database or spreadsheet)
Never share your username and password with anyone