Terminal Credit Card devices

["Gibson, Nathan J. (HSC)" <Nathan-Gibson () OUHSC EDU>]

HELP!!!!

 

As anyone ran into an issue where terminal credit card devices print the
full credit card number on the MERCHANT copy of sales receipts. 

 

How did you approach this issue. I have found that some credit card
companies require the full credit card numbers to be printed on MERCHANT
copies of the receipt and that it be retained for up to 24 months after
the sale,  while others don't. And then to put icing on the cake we have
the PCI-DSS that tells us to not store anything unless it has a
legitimate business justification. 

 

So which document do you base your organization policies on-The Merchant
Operation agreement that tells you to keep the full credit card number,
or - Your Business Managers and the PCI-DSS,  that don't want to keep
the numbers. 

 

V/R,

Gibby

Nathan J. Gibson, CISSP-CISM-CCNA-MCSA

Information Security Analyst

The University of Oklahoma HSC

Office: (405) 271-2476 | Fax: (405) 271-2181 | Cell: (405) 397 5134

http://it.ouhsc.edu/services/infosecurity
<http://it.ouhsc.edu/services/infosecurity> 

______________________________________________

 

"Lack of will power has caused more failure than lack of intelligence or
ability." 
-- Flower A. Newhouse --

 

Confidentiality Notice

This e-mail, including any attachments, contains information from the
University of Oklahoma Health Sciences Center, which may be confidential
or privileged. The information is intended to be for the use of the
individual or entity named above. If you are not the intended recipient,
be aware that any disclosure, copying, distribution or use of the
contents of this information is prohibited.

 

If you have received this e-mail in error, please notify the sender
immediately by a "reply to sender only" message and destroy all
electronic and hard copies of the communication, including attachments.