Safe Credit Card Handling Policy
Contact
Information Technology Services (ITS)Humanities 316
651-696-6525
helpdesk@macalester.edu
Hours
Macalester College is dedicated to protecting your privacy and handling your information in a secure and confidential manner. All credit card transactions occur over secure connections in accordance with established industry guidelines, to protect you from any loss, misuse or alteration of information collected.
At Macalester, credit card security is very important. All credit card transactions processed at Macalester must comply with the Payment Card Industry Data Security Standard (PCI DSS), which is an information security standard for organizations that handle branded credit cards. The Payment Card Industry (PCI) Security Standards Council has developed a set of financial and information technology standards, called Payment Card Information Data Security Standards (PCI-DSS), to protect credit cardholders’ data.
Macalester College accepts credit cards as payment for a variety of goods and services. By accepting credit cards, Macalester assumes the responsibility of protecting cardholder data. Business Services manages the credit card compliance process at Macalester and partners with all departments that process credit cards to ensure processes and procedures align with this policy.
The PCI-DSS requirements vary depending on how the merchant (in this case, Macalester College) processes credit card transactions. Business Services is aware of all credit card processing for the College and works to ensure that each credit card processing arrangement is PCI compliant. It is the policy of Macalester College that no credit card numbers may be stored in any electronic or paper format for any reason. As such, Macalester has NO credit card processing arrangement that stores credit card numbers in any form. Business Services works with departments to ensure arrangements with third party or online providers are PCI-DSS compliant.
Campus PCI Practices Reviewed Annually
An annual review of Campus PCI practices will be led by the Business Service Systems Manager with the participation of Campus partners who accept credit card payments. The annual review will include compliance enforcement, review of Data Breach protocols, review of contacts, systems, provisioning, credentials, documentation and training. A detailed plan will be maintained by the Business Services System Manager.