Best Practices

• NEVER e-mail credit card information.
• Only employees who have a legitimate business need-to-know should have access to cardholder information.
• Sanitize credit card numbers on any document where the complete number is visible.
  • Blackout credit card number (first 12 digits) and then photocopy.
  • Shred the original, retain the copy.
  • Cut out/off and shred card information.
• Do not use wireless networks for the processing of Credit Cards.
• Protect computer networks with hardware firewall and intrusion detection / protection.
• Separate and encrypt credit card processing traffic from regular traffic.
• Do not store credit card information online if possible.
  • If it is; Separate with a hardware firewall, and utilize encryption.
  • Monitor network for intrusion and anomalies 24x7.
• Maintain all software, OS updates and virus signatures.
• Limit Internet usage on computers that process credit cards.
• Only retain information long enough to reconcile payments.
• Shred documentation containing credit card information when it is no longer needed for business or legal reasons.
• Lock computer terminals and paper storage areas when un-attended.

Treasurer's Office, 1220 Beardshear Hall
Ames, IA 50011-2044
Phone 515-294-4363, Fax 515-294-9982,

• ISU INDEX
• A
• B
• C
• D
• E
• F
• G
• H
• I
• J
• K
• L
• M
• N
• O
• P
• Q
• R
• S
• T
• U
• V
• W
• X
• Y
• Z