User login

Close
 

E-Commerce: Electronic Protection of Credit Card Holder Information Policy

Effective Date: June 2008

Updated: August 2009

Policy Statement

This policy defines the requirements for systems and technologies that utilize, capture, and store credit card information in support of e-commerce for the University.

 

Reason for the Policy

The University uses e-commerce to conduct business which must adhere to the mandatory security standards and control requirements for protecting cardholders’ information.

 

Primary Guidance to Which This Policy Responds

This policy responds to the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS requirements for enhancing payment account data security was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, to help facilitate the adoption of consistent comprehensive industry-wide compliance requirements.

 

Responsible University Office & Officer

The office of Columbia University Information Technology Security is responsible for the maintenance of this policy, and for responding to questions regarding this policy.  The Chief Information Security Officer (CISO) is the responsible officer.

 

Revision History

This policy was established in March 2008. This policy was updated in August 2009 to include provision for web front-ends (i.e., website or webpage) using credit card information in support of e-commerce for the University.

 

Who is Governed by This Policy

This policy applies to individuals, schools, departments, centers, institutes, and programs (“University Departments”) that sell goods, services, information, or gifts and accept credit cards as a form of payment.

Who Should Know This Policy

Senior business officers, department administrators, all finance and administrative staff who accept credit cards as a form of payment; all technical staff that support business units which accept credit cards as a form of payment.

 

 

Exclusions & Special Situations

None

  

Policy Text

For full policy text, please see link in right hand menu