Processing Best Practices

  1. Never accept credit/debit card transactions through email or by unsecured fax. If your department has no other means to accept credit card information, immediately contact Payment Card Operations.
  2. If accepting credit/debit card information over the phone, process while customer is on the phone. Any documents that contain card information must be shredded immediately upon processing of payment.
  3. Never retain paper or electronic data that contains the customer’s payment card number. Storage of cardholder data is NOT permitted at the University of Florida.
  4. Never store credit/debit card data on:
    • Any computer that is not professionally managed, such as your home computer
    • A laptop computer, tablet or smart phone or other portable devices
    • Removable media such as CDs, DVDs and USB thumb drives
  5. Annual training is required to retain job duties involved with handling credit/debit card payments.
  6. Separation of duties should be clearly mandated. No single individual should be processing payments, creating refunds and reconciling credit card revenue.
  7. Truncate all but the last four digits of credit card numbers on any document where the complete number is visible (after the transaction has been successfully processed).
  8. Permit only employees who have a legitimate business “need-to-know” access to cardholder information.
  9. Settle credit/debit card sales at the end of each day to secure next day funding.
  10. Record daily credit/debit card settlements in PeopleSoft if possible the following day.