Skip to main content

Department of Mathematics

  1. NSM Home
  2. Department of Mathematics
  3. Resources
  4. For Faculty & Staff
  5. Administrative Forms
  6. Credit Card Handling

Resources

Credit Card Handling

The Math Department processes credit card transactions under Merchant ID 000000002846611 (Houston Journal of Mathematics, or HJM) with a First Data FD100Ti point-of-sale swipe card machine.  This manual describes how the Department of Mathematics receives, stores, and destroys credit card information to comply with Payment Card Industry Standards and associated SAM and MAPP policies.

download Credit Card Handling form

Cardholder Information Receipt

Credit card transaction requests are received via mail.  The transaction request should include the cardholder name, number, expiration date, card validation number (on the back side of the card), and the billing address.  The HJM Assistant takes the swipe card machine to the main office, unplugs the fax machine (holding on to the wire, otherwise it slips down) plugs the swipe card machine into the outlet with ┬   sign.

  • Process credit card transactions.
  • After processing all credit card transactions, before unplugging the machine, process a settlement to transfer the funds. 
  • Record the credit card transaction in the Audit log and make a receipt the same way.
  • Copy the settlement and give it to the Depositor while keeping one copy internally. 

In this process, the information is sent via credit card machine to Bank of America, and the batch is ran directly after the transaction is approved.  All originals and copies of the credit card number, as well as the expiration date and card validation number, are then collected by the HJM Assistant, who takes one copy, blacks out all but the last four digits of the card number, blacks out the expiration date and card validation number, makes a copy of the blackout copy (ensures that all information is not legible), and cross-cut shreds all of the copies with the full number.  The copy with only last four digits showing is filed in the HJM Assistant office and retained for the later of six months or at the fiscal year end.  In addition, the machine is set to only print the last four digits of the card number on the credit card receipt.

 

Note:

1.      If a situation arises when you need a consult concerning the transaction, mask the whole credit card number except for the last four digits.

2.      Do not consult with individuals not involved in the credit card process in the department.

3.      Do not use the credit card number in the cash/check log.

4.      In the event that an email is received containing cardholder data, the sender must be notified in a separate email of the HJM policies.  The email must never be forwarded or replied to directly.  Immediately, the recipient must print a copy of the email (for processing), delete the electronic version of the email, and purge the deleted records.

 

Cardholder Information Storage and Destruction

At all times after receipt, the credit card number is only in the possession of the HJM Assistant or the Certifier (DBA).  If the Assistant or the DBA are not present with the credit card number, it is kept at all times in a locked desk drawer.  The Assistant’s locked desk drawer is located in room 687 Hoffman Hall.  DBA approval must be obtained if and before this physical storage location is altered.

Note:

1.      If credit card information is housed in a desk drawer, the desk drawer and the office in which the desk is located must be locked as all times that the Assistant or DBA are not present.

2.      The credit card number, expiration date, or card validation number must never be scanned to any soft storage area.

3.      The Department of Mathematics prohibits the electronic access to merchant information at any time, because it may download credit card numbers to an unprotected PC.

4.      After 6 months or at the end of the fiscal year in which it was deposited, whichever is later, the copies kept in the HJM Assistant’s office must be shredded.

5.      Destruction of the information must be by incineration or cross-cut shredding.

 

Approval of Modifications to this Manual

Modification of this manual requires approval of the HJM Managing Editor and the Mathematics Department Business Administrator (Certifier/DBA).  The approved modified manual must be included in the department’s online Business Manual and a copy of the modified manual must be supplied to the College Business Administrator and the Business Services Customer Service team.  This manual should be reviewed and modified prior to annual PCI compliance surveys coordinated by the University.

 

Certification of Receipt and Understanding of this Manual

Before receiving any credit card information or processing any credit card transactions or deposits, and each year prior to the annual PCI compliance survey coordinated by the University, all employees with any role in the credit card or cash handling process must complete the certification section of this manual by printing and signing to the certification statement below.  This includes the HJM Managing Editor, the HJM Assistant, the Certifier/DBA, Cash Depositor, and any other receivers, depositors, or others that come into contact with the credit card information.  The certification statement must be countersigned by the Department Business Administrator, confirming that the employee has completed required training and meets the requirements to begin or continue to accept credit card payments.