E-Commerce

Procedures

Last modified 4/10/2020


Cardholder Data Collection & Processing Procedures

The University collects cardholder data for the exclusive purpose of processing card transactions, and procedures must be followed for the collection, processing, and disposal of cardholder data. 

Cardholder Data Retention Procedures

ISU does not have a legal, regulatory, or business need to store cardholder data after transactions complete. All cardholder data in ISU possession is deleted immediately after processing.

PCI-Compliant Password Procedures

The Payment Card Industry requires specific password and remote access procedures

Physical Device Inspection Procedures

Procedures must exist to maintain inventory and physically inspect physical PCI-compliant devices