Re: PCI Question-Credit Cards via Fax

[Felecia Vlahos <fvlahos () COX NET>]

Janet,

We accept faxes with the same restrictions you listed below (and a policy
requiring the University Controller's approval).  Many of our foreign
students rely upon fax for registration.  In the US we take for granted
our access to the Internet, but not everyone can register and pay online.

A trick presented at the Long Beach Treasury Institute PCI Seminar was to
have the payment info at the top and/or bottom of forms (used for fax, in
person, or mail in).  Then tear off and discard immediately (or store
separately) credit card info after payment is recorded.

Felecia Vlahos, CISSP
Information Security Officer
San Diego State University

On Fri, 02 Apr 2010 12:56:16 -0600, j.price <j.price () domail maricopa edu>
wrote:

> Does your institution accept credit cards via FAX?
>
> There are a number of security issues involved because a student sends
> first and last name, address, phone number, prior name, credit card
> number and expiration date.
>
> I have thought of designating one fax machine to receive the faxes, have
> the fax machine in a locked room with limited access.
>
> Any other suggestions besides eliminating the process all together?
>
> Thanks,
> Janet