Credit card information handling

Home Frequently Asked Questions (FAQ) z - Internal CS Credit card information handling....

As to remain compliant with PCI-DSS Regulations we require all staff that are inputting sensitive credit card information, PAN, CCV2, or Expiration information to be aware of and abide by set in place regulations.

Card information is never to be stored on our computers, network or in plain view.  Card information is never to be kept in plain text or received in an unencrypted transmission method.

If card information is received in such a method it is to be properly disposed of in accordance with 9.4.6 of the PCI DSS Regulations once no longer needed, and stored in a secured location until the time which it can be disposed of properly.  If you do not have a secure space to store the information get with Book Keeping to have them locked in a storage place.

When credit card information is received through phone  communications it is insured not to be recorded in the course of the conversation and IT is informed if sensitive information is recorded so that it can be destroyed in accordance with 9.4.7