The increased responsibility of accepting payment cards requires every merchant to be very careful in handling transaction data. Specifically, when maintaining or storing customers card numbers, it must be done in a secure fashion. Payment Card Industry Data Security Standards (PCI DSS) pertain to ALL transactions whether initiated via the telephone, over the counter, mail order, Internet, etc.

There are very specific guidelines and requirements regarding university data management and security that have been developed by the University Information Policy Office. These guidelines can be found on the web at https://datamanagement.iu.edu/.

Indiana University policy prohibits storage of credit card numbers in any database, computer, or LAN system. Transferring credit card numbers via unsecured channels (ex: email, unsecured fax, campus mail, etc.) is also prohibited.

Contact Payment Card Services