Information Technology Services – Fred Miller, Chief Information Officer

Last Revised: 08/19/14

Title: Credit Card Data Security Policy

Applicable: Furman University (Students, Staff, Faculty)

Contacts: Information Technology Service Center ext. 3277

Background: The Payment Card Industry Data Security Standard (PCI-DSS) is an information security standard for organizations that handle credit card information. The major credit card providers require that all organizations that use credit cards must certify that they comply with the provisions of this standard annually.

Policy: Any systems or processes that require the use of a credit card must be in compliance with current Payment Card Industry Data Security Standard. Furman University is required to comply with all PCI-DSS terms for protecting credit card and related personally identifiable information (PII).

Guidelines:

  • Furman complies with PCI-DSS by following the requirements of PCI-DSS Self Assessment Questionnaire B. Requirements of PCI-DSS Self Assessment Questionnaire B include:
    • Furman credit cards transactions may only be processed on-campus by imprint machines or dial-out terminals connected via a phone line to an approved credit card processor.
    • Standalone dial-out terminals may not be connected to any other systems on Furman’s campus.
    • Standalone, dial-out terminals may not be connected to Furman’s network.
    • Furman will not transmit cardholder data over its network.
    • Furman will retain only paper report or paper copies of receipts with cardholder data, and these documents are not received electronically,
    • Furman will not store cardholder data in any electronic format.
  • University credit card transactions may be processed by approved third party payment vendors that meet the PCI-DSS security and privacy requirements.
  • Any contract for information technology hardware, software, or services must be reviewed by the Director of Enterprise Systems for compliance with PCI-DSS and University PII standards before the contract is executed. Any contracts for systems, software, or services requiring the use of credit card transactions or other PII may only be executed on behalf of the University by the University’s Chief Information Officer.
  • A Furman-owned computer, or computing device (e.g., tablet or smartphone), on Furman’s network may not act as a “virtual terminal” to process credit card transactions to an approved third party payment vendor.
  • No systems developed by ITS staff may collect or maintain personally identifiable information such as Social Security Numbers or credit card numbers.
  • The use of third-party build-your-own web form services (e.g., Wufoo) to collect credit card information, or other PII, is prohibited.
  • Exceptions to this policy may only be approved by the University’s Chief Information Officer.

Connect with Admission

Furman University is one of the nation's premier undergraduate liberal arts colleges. We offer outstanding academics, opportunities for a broad range of talented students with a passion for learning, a robust arts program, and NCAA Division I athletics.

Want more information about the admission process at Furman?

Contact us

Once you see our campus, making the right college decision will be so much easier.

Plan a visit

Undergraduate Evening Studies provides adults the opportunity to receive an education from one of the premier liberal arts universities in the nation.

Whether you are starting or continuing your education, or have been away from the classroom for a few months or several years, our program provides many services to assist you with accomplishing your educational and professional goals.

Apply now

Our graduate studies program is designed for the professional educator.

We know the challenges teachers and administrators face every day, and we are committed to helping you become a leader within your school system or district.

Apply now