How to keep payment card data secure
The Information Security Policy lets you know what your responsibilities are as a user of the Mount Royal University computer network. Understanding this policy protects you and the University.
- Everyone who handles payment card information is required to complete security awareness training. The training is delivered online through D2L Brightspace. If security awareness courses are not listed under My Courses in D2L Brightspace, you have not been registered for training.
- To register for training complete the registration form.
- Do not process payment card information for another department.
- Do not accept payment card information over an unsecured phone, unsecured fax or email.
- Do not process payments from walk-ins on your computer. Direct them to an approved terminal.
- Do not transfer customers calls from an unsecured phone line to a secured phone line for payment processing. Have them call the secured phone line directly.
To maintain our PCI compliance, all pin pads must be inspected for tampering daily and the inspection must be recorded in a log. Mount
Royal has created Pin Pad Tampering Guidelines and an inspection log template to make this process easier. Not sure exactly what to look for during your inspection? Check out the following quick reference guides:
Have more questions? Check out the PCI Wiki. It contains all you need to know about receiving, storing and processing payment card data in one easy to search site.