Security of credit card data policy revised Security of credit card data policy revised

President Bardo has approved the following revision to the WSU Policies and Procedures Manual:

13.14/Security of Credit Card Data -- http://webs.wichita.edu/inaudit/ch13_14.htm
To improve the policy for purposes of the Payment Card Industry (PCI) Data Security Standards (DSS). The revisions to items 3 and 4 in the policy statement sharpen the specificity of retaining and destroying credit card data.

3. No credit card numbers or any documentation containing credit card numbers or cardholder data shall be transmitted or stored in any personal computer, or email account or any other form of electronic media used by an approved department or unit.

4. No paper documents, including but not limited to, paper receipts and hand-written notes, containing credit card numbers or cardholder data shall be permanently stored by an approved department or unit. Said documents must be destroyed within two days of processing.