A credit card number, such as a P-Card or Meeting Card, is classified as critical data. Responsible cardholders and purchasers have a responsibility to handle this information as securely as possible. Check out the tips below to learn how.
Card storage
P-Cards must be stored securely when not in use. Card Services recommends storing the P-Card in a locked drawer or other secure location. The card should only be accessible to those who are approved to use it. Never store a P-Card in your wallet alongside personal cards.
Sign out sheets
If multiple people are approved to use the P-Card, create a sign out sheet users must complete each time they use the card. A sign out sheet captures who is using the card, when, and why. Feel free to use the template provided by Card Services, or create your own to capture additional details that are relevant to your department.
Sharing card details
What if the person who needs to use the card can’t physically access the card? Storing credit card information on paper is one of the riskiest and most insecure methods of sharing card information. Never physically write down or share any credit card information unless you explicitly do so as part of your business processes. Any paper documents with credit card information must be securely destroyed immediately after use.
Never transmit card information via email, fax, scan, or end-user messaging technologies such as Teams or Slack. These technologies are not a secure transmission method for critical data. Instead, call the purchaser and read the card details to them, or use Secure Share to securely transmit card details. Remind the purchaser that card details must be securely and completely removed from their machine after use.
Saving card details online
Saving P-Card details online is strongly discouraged. In these situations, the security of IU’s credit card is only as strong as the merchant’s security. If the merchant’s database is breached, IU’s data is exposed and at risk. The one exception to this rule is Amazon Business. Amazon’s security has been vetted to securely store IU payment information.
Learn about these suggestions in the Card Program Management Best Practices video from the P-Card Essentials course.