Credit Card Processing and Security Policy
PURPOSE
The purpose of this policy is to define the guidelines for accepting and processing credit cards and storing personal cardholder information. The policy will help to ensure that cardholder information supplied to Yinka Ayefele Music Store is secure and protected.
POLICY
All transactions that Yinka Ayefele Music Store processes must meet the standards outlined in the policy.
- Electronic credit card numbers should not be transmitted or stored on a personal computer or e-mail account. Electronic lists of customer’s credit card numbers should not be retained. Credit card information should only be accepted online, by telephone, mail, or in person. This information should not be accepted via e-mail and departments should not e-mail credit card information.
- Physical cardholder data must be locked in a secure area. Access should be limited to individuals that require the use of the data. Access should also be restricted on a ‘need to know’ basis.
- Only essential information should be stored. Do not store the Card Verification Code (CVC). Do not store users PIN’s or the full data from a cards magnetic stripe.
- Credit card information should only be retained for the time needed to process, or if retained for reconciliation, for as long as one-year maximum if necessary.
- Credit card information, if it does not need to be retained, should be destroyed. Information should be destroyed by shredding (cross-cut) immediately after processing, or immediately after they no longer need to be retained.
- Credit card receipts may only show the up to the last five digits of the credit card number. If receipts show more than the last five digits, the receipts must be shredded or retained in a secure area.
- All departments must comply with the Payment Card Industry Data Security Standard.
SANCTIONS
If the requirements of the policy are not followed, suspension of physical and/or electronic payment options will result. Fines may also be imposed by the affected credit card company.
