Payment Card Features Other Payment Card Data Security University of Illinois All payment card data must be kept secure at Reminders Payment Card Data Security all times.  Never share logins and/or passwords with others, including coworkers. Important cardholder data is embossed and imprinted on the front and back of all payment  Receipts, invoices, recording mechanisms, (credit and debit) cards. or other transaction documentation can only show the last four digits of the Front of Payment Card payment card’s Account Number. Verification Number: American Express only  The payment card’s Expiration Date, Security Code and Verification Number Account Number should not be recorded on any transaction The University of Illinois processes thousands of documentation. payment card transactions every day.  Be aware of phishing methods that University employees, temporary hires, Expiration Date attempt to trick you into providing card students, or volunteers who process payment

Cardholder Name data for malicious purposes. Never card transactions on behalf of the University are responsible for protecting and securing card provide a customer’s payment card information at all times. information, such as Account Number, Back of Payment Card Expiration Date, Security Code or Contact Information Magnetic Stripe Verification by phone or e-mail. If you have questions or concerns about payment card security, or suspect someone of handling card data  Merchant Card Services and the insecurely, call Merchant Card Services at 217-244-9384, University’s card processor, Global or send an e-mail to: [email protected].

Payments, will never contact a University of Illinois department or unit to request a Office of Treasury/Merchant Card Services customer’s Account Number, Expiration 506 S. Wright St. Signature Panel Security Code: Rm. 254 Henry Admin Bldg, MC-363 Visa, MasterCard, Discover Date, Security Code or Verification Urbana, IL 61801

Number. Phone: 217-244-9384 Fax: 217-239-6719 Web: www.treasury.uillinois.edu/merchant_card_services The Magnetic Stripe contains the Account Number, Cardholder Name, and Expiration Date, but does not contain the Security Code or Verification Number. Why are we doing this? Payment Card Handling Security: Payment Card Handling Security: The University of Illinois has an obligation to Card Present Card Not Present safeguard payment card information. As a Card Present transactions are face-to-face, In a Card Not Present transaction, you manually University employee, temporary hire, student, where the customer physically presents the enter the payment card data that is provided by or volunteer who processes payment card actual payment card for a transaction. a customer via mail, telephone, or faxed order. transactions, you are responsible for protecting and securing card information at all times. The payment card’s Magnetic Stripe is swiped In addition to the Cardholder Name, Account during a Card Present transaction and read by Number, and Expiration Date, the card’s billing Payment card data should be treated as the terminal or point-of-sale (POS) magnetic address (includes street number and ZIP code) carefully as any other confidential information stripe reader. and Security Code or Verification Number must because the customer trusts that his/her be entered during a Card Not Present payment card information will be protected. A Personal Identification Number (PIN) is a transaction. private code which is not stored on the What happens if payment card payment card or within the Magnetic Stripe. Card Not Present Security information is lost or stolen? The customer must enter their PIN during a  Phone, U.S. Mail, and stand-alone fax Stolen payment card data might be used to Card Present Debit transaction. machines are the only secure methods make counterfeit cards or sold for illegal for accepting payment card information Card Present Security purposes, such as facilitating identity theft. to process a sale/transaction.  Shield the payment card from other Such a breach in security could result in  Never send or accept payment card customers while processing the significant monetary fines to the University and information via e-mail. tremendous loss of reputation and trust from transaction.  Do not keep a copy of payment card customers:  Keep the customer’s payment card in data, such as Account Number,  An expensive forensic investigation his/her view. Expiration Date, Security Code or must be performed to determine how Verification Number, after the  Never ask a customer for his/her the breach occurred and how much transaction has been authorized. private Personal Identification Number data has been lost. (PIN).  Never store payment card data  The University department will be fined electronically, such as in a database or for the breach and other associated spreadsheet.

costs, such as the forensic investigation.  Keep any papers containing payment

card information secure at all times.  The entire University could lose the privilege to continue accepting payment (credit and debit) cards.