Educause Security Discussion mailing list archives
Re: PCI Question-Credit Cards via Fax
From: Felecia Vlahos <fvlahos () COX NET>
Date: Mon, 5 Apr 2010 09:59:31 -0600
Janet, We accept faxes with the same restrictions you listed below (and a policy requiring the University Controller's approval). Many of our foreign students rely upon fax for registration. In the US we take for granted our access to the Internet, but not everyone can register and pay online. A trick presented at the Long Beach Treasury Institute PCI Seminar was to have the payment info at the top and/or bottom of forms (used for fax, in person, or mail in). Then tear off and discard immediately (or store separately) credit card info after payment is recorded. Felecia Vlahos, CISSP Information Security Officer San Diego State University On Fri, 02 Apr 2010 12:56:16 -0600, j.price <j.price () domail maricopa edu> wrote:
Does your institution accept credit cards via FAX? There are a number of security issues involved because a student sends first and last name, address, phone number, prior name, credit card number and expiration date. I have thought of designating one fax machine to receive the faxes, have the fax machine in a locked room with limited access. Any other suggestions besides eliminating the process all together? Thanks, Janet
Current thread:
- PCI Question-Credit Cards via Fax j.price (Apr 02)
- <Possible follow-ups>
- Re: PCI Question-Credit Cards via Fax Hudson, Edward (Apr 02)
- Re: PCI Question-Credit Cards via Fax Dave Ferguson (Apr 03)
- Re: PCI Question-Credit Cards via Fax Felecia Vlahos (Apr 05)