Organizational Policy

This policy and procedures is used for the proper handling of credit and debit card transactions processed through automated systems and manual processing. This policy was made for any individual that will be accepting, storing, and processing credit and or debit cards either electronically or manually.

Any employee or individual that has access to process, accept, and store credit cards. Also any departments that would have access to credit card information, like technical support or any staff member that would have access to this information.

The policy and procedures are put into place to ensure that credit and debit card information is not exposed. Exposure could cause reputational damage and significant liabilities. Failure for any individual to comply with these policies and procedures will be subject to punishment by law and possible fines.

Anyone that accepts, stores, and processes credit and debit card payments are required to become PCI compliant. The five credit card associations Visa, Mastercard, American Express, Discover, and JCB have put together security standards called PCI and require that all individuals that process credit cards abide by this. Noncompliance of PCI can cause increase costs, suspension of accepting credit cards, and extreme fines if an account is compromised. PCI security information can be found at https://www.pcisecuritystandards.org.

Procedures for handling and processing credit and debit card transactions:

1. PCI compliance is mandatory for any and all departments that process or have access to credit and debit card transactions and information.

2. Credit and debit card transactions can only be processed by trained indiviuals.

3. All persons who has access to this information or processes these transactions are responsible for protecting this information.

4. Any credit and debit card information should be destroyed after it is no longer required to keep the information.

5. Appropriate audits must be done to ensure...