E-Commerce
Procedures
Last modified 4/10/2020
Cardholder Data Collection & Processing Procedures
The University collects cardholder data for the exclusive purpose of processing card transactions, and procedures must be followed for the collection, processing, and disposal of cardholder data.
Cardholder Data Retention Procedures
ISU does not have a legal, regulatory, or business need to store cardholder data after transactions complete. All cardholder data in ISU possession is deleted immediately after processing.
PCI-Compliant Password Procedures
The Payment Card Industry requires specific password and remote access procedures
Physical Device Inspection Procedures
Procedures must exist to maintain inventory and physically inspect physical PCI-compliant devices