Re: Data Encryption Policies

[Theresa M Rowe <rowe () OAKLAND EDU>]

The issue we had here is refunds.  Evidently, to process a
refund on a credit card, you must have the credit card
number.  How do you process refunds if you are not storing
the credit card number?
Theresa Rowe


---- Original message ----
> Date: Wed, 7 May 2003 11:15:11 -0400
> From: Brian Reilly <reillyb () GEORGETOWN EDU>
> Subject: Re: [SECURITY] Data Encryption Policies
> To: SECURITY () LISTSERV EDUCAUSE EDU
>
> We address this in our information security policy, online at
> http://www.georgetown.edu/policy/technology/security.htm.
In practice,
> similar to IU, we strongly encourage all e-commerce
providers on campus to
> use a central credit card processing service, and never
actually store cc
> data on their servers.
>
> --Brian
>
> ______________________________________________
> Brian Reilly, CISSP
> University Network Security Officer
> Georgetown University, UIS
> <reillyb () georgetown edu>
> +1 202.687.2775
>
>
> On Tue, 6 May 2003, Sallie F Wright/cis/evp/Okstate wrote:
>
> > Does anyone have a data policy for storing ssn and credit
card numbers
> > encrypted?
> > Sallie Fulsom Wright
> > CIS Information Technology
> > System Security Officer
> > 405 744-2752
> >
> > **********
> > Participation and subscription information for this
EDUCAUSE Discussion Group discussion list can be found at
http://www.educause.edu/memdir/cg/.
> >
>
> **********
> Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/memdir/cg/.
Theresa Rowe
Assistant Vice President
University Technology Services
www.oakland.edu/uts - the latest news from University Technology Services at OU

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.