Introduction
Purpose
There are specific standards that must be adhered to with regard to the processing or retention of card holder data. Card holder data is defined as, a full personal identification number, card holder name, expiration date and/or service code, additional sensitive information.
Scope of Applicability
This procedure applies to any official or administrator with responsibilities for managing university payment card transactions and those employees entrusted with handling payment card information.
Procedure
The customer's copy of a payment card transaction may not contain the primary account number (pan) and expiration date. Only the first six and last four digits of the card number may be printed. In accordance with Payment Card Data Security Standard requirement 3, Information that cannot be stored or retained in any form includes the 3-digit Card Validation Value or Code (CID/CAV2/CVC2/CVV2) located on the back of the card within the signature panel, magnetic stripe data (CAV/CVC/CVV/CSC) and personal identification number (PIN) data (number entered by a card holder during a card-present transaction and/or encrypted PIN block present within the transaction message). In the case of online payment transactions must be outsourced to a PCI compliant third-party.
Use of University Owned Computers as Payment Terminals
The use of university owned computer terminals as payment devices is strictly prohibited. Online payments must be outsourced to a PCI compliant third-party and initiated by the consumer. Online merchant department staff should never see credit card numbers, take them over the phone, by fax or email.
External Regulations and Consequences
University Policies, Standards, and Procedures
Contact Information
Primary Contacts
Subject |
Contact |
Telephone |
E-Mail |
General Questions and PCI Compliance |
Merchant Services |
919-843-0420 |
certifi@unc.edu |
Deposits and Reconciliation |
Cashier's Office |
919-962-5846 |
deposits@unc.edu |
Data Security |
ITS – Information Security |
919-962-4357 |
security@unc.edu or certifi@unc.edu |
TouchNet Connection |
TouchNet Administrator |
919-445-9319 |
certifi@unc.edu |
Important Dates
- Effective Date and title of Approver: July 1, 2006
- Revision and Review Dates, Change notes, title of Reviewer or Approver: July 18, 2011
- July 8, 2015: Updated information on PIN data.