The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, etc. cards.
Defined by the Payment Card Industry Security Standards Council, the standard was created to increase controls around credit card fraud. As a small volume organization under the standards, the USM Foundation validates our compliance with the standards on an annual basis via a self-assessment questionnaire.
All units and personnel that collect credit card payment information are required to abide by the following security guidelines to prevent the loss or disclosure of customer credit card information in accordance with these standards.
- Credit card payments may be received via telephone, mail, web site, or point of sale.
- Card holder signatures must be obtained for mail and point of sale transactions
- All credit card payment information received must be promptly forwarded to the department responsible for processing gifts for a particular campus
- Credit card information must be sent in a sealed envelope marked “CONFIDENTIAL” and addressed to the appropriate person/department.
- Do not fax or e-mail credit card information
- Do not label the envelope “Credit card information
- Do not share, disclose, duplicate or store, in any fashion, a record of cardholder information
- Cardholder information must be kept in a secure location, such as a safe or locked file cabinet or drawer, when left unattended during regular working hours or overnight. You should treat credit card information as securely as you would treat cash
- Once a credit card transaction has been processed and approved the credit card number should be redacted from any donation forms or other documentation accompanying the payment
Credit card gifts are recorded in the Advance donor software system after the transaction has been authorized. These gifts are posted to the appropriate USM Foundation account throughout the month. Fees associated with the credit card transaction are charged to the account as an expense at month-end as part of the credit card bank reconciliation process.
Non-gift credit card receipts are recorded to the appropriate USM Foundation accounts at month-end as part of the credit card bank reconciliation process and are also charged the associated fees.
Credit card fees are allocated as a flat percentage of the credit card charge. This percentage is determined by the USM Foundation Director of Business Operations and is set so as to cover all of the various credit card and bank fees associated with processing a credit card transaction. This fee percentage is reviewed periodically and adjusted as needed to ensure all credit card fees are being allocated.