Payment Card Industry FAQ
How do we change the settings on our POS swipe machine so it only prints the last 4 credit card numbers?
In most cases, the machine itself is already PCI compliant. It is the software in the POS swipe machine that needs to be updated.
For Chase Paymentech’s machine, you must call Chase Paymentech’s support at 1-800-265-5158 and ask them to provide the steps and open the software download channel. The process will take 3-5 hours per machine depending on the internet connection used (dial-up or high speed Ethernet).
Can the PCI team provide help with upgrading the POS Swipe Machine software?
Unfortunately, we cannot. This is because Chase Paymentech must open the download channel and allow the software to be propagated from their servers to your POS machines.
Is there a deadline to make the recommended changes?
Our goal is to comply with the standards by April 2010. However, we encourage the business areas to make the suggested changes as soon as possible. Please let the PCI team know if you have completed the changes.
What are the best practices for exchanging email with credit card information?
NEVER SEND: SFU members should never email credit card information, either in the text of the email or in an attached document. SFU cannot control incoming unsolicited email with credit card information but should discourage students/customers from sending email with sensitive cardholder information. Email is not secure and there are sometimes copies of the email remaining at the various points that it travels through.
DESTROY EMAIL: If an unsolicited email with credit card information is received, print the email and delete it afterward. After the transaction is processed, black out the first 12 numbers and the card verification code (CVC) on the hard copy.
What are the best practices to retain documents with cardholder information?
For any hardcopies, after the transaction is processed:
- Blackout the first 12 digits of the credit card number and the card verification code. Make sure this is done properly so that the blacked-out numbers cannot be seen.
- Make a copy of the blacked-out document (or scan for electronic archival). This is the copy that you retain for archival purpose.
- Shred the original hardcopies, as sometimes you can still “see” the number by holding the document up to a light.