Milligan College is committed to respecting your privacy and the security of your personal information.
Credit Card Data Security
The policy covers the following specific areas contained in the PCI standards related to cardholder data: collecting, processing, transmitting, sorting and disposing of cardholder data.
Milligan has the following procedures and ensures that these components are maintained on an ongoing basis:
- Cardholder data collected are restricted only to those users who need the data to perform their jobs.
- Cardholder data, whether collected on paper or electronically, are protected against unauthorized access.
- All equipment used to collect data is secured against unauthorized use in accordance with the PCI Data Security Standard.
- Physical security controls are in place to prevent unauthorized individuals from gaining access to the personal computers, rooms, and cabinets that store the equipment, documents and electronic files containing cardholder data.
- The Department of Information Technology it responsible for PCI compliance for the electronic payment gateway (currently CashNet) and all other centrally administered servers that process, store or transmit cardholder data. Each department accepting payments is held responsible for PCI compliance for all departmental procedures and points of sale devices that process, store or transmit cardholder data. All controls, including firewalls and encryption, are documented and verified.
- Email is not used to transmit credit card or personal payment information, nor will it be accepted as a method to supply such information. In the event that it does occur, disposal as outlined in number 9 below is critical.
- No database, electronic file, or other electronic repository of information will store credit/debit card numbers, the full contents of any track from the magnetic stripe or the card-validation code.
- Portable electronic media devices are not be used to store cardholder data. These devices include, but are not limited, to the following: laptops, compact disks, floppy disks, USB flash drives, personal digital assistants and portable external hard drives.
- Cardholder data is destroyed immediately following the required retention period. Before disposal or repurposing, computer drives are sanitized in accordance with industry best practices.