Credit Card or Payment Card Industry (PCI) Information
Information related to credit, debit, or other payment cards. This data type is governed by the Payment Card Industry (PCI) Data Security Standards and overseen by the University of Michigan Treasurer's Office. Credit or debit card numbers cannot be stored in any electronic format without the expressed, written consent of the U-M Treasurer's Office. That office is responsible for the only PCI-compliant environment at the university.
If, for example, your unit is hosting a conference and needs to accept credit card payment for registration fees, contact the University of Michigan Treasurer's Office to arrange for this. You cannot handle the transactions using departmental computers.<\p>
Restrictions listed here do not apply to your own personal credit card information. However, it is recommended that you follow the same precautions with regard to your own personal information as you would with university data.
Examples:
- Cardholder name
- Credit/debit card account number
- Credit/debit card expiration date
- Credit/debit card verification number
- Credit/debit card security code
Laws/Regulations/Policies:
PCI Security Standards councilFrequently Used by:
- Staff
Category
Sensitive
Using Credit Card or Payment Card Industry (PCI) Information
This list shows which services can and cannot be used to store and share Credit Card or Payment Card Industry (PCI) Information. Click any service for more details.
Key: Permission Levels
- Permitted
- Permitted with IA Consultation
- Not Permitted
Permitted
- Backup
- Database
- Virtual Machines
- Servers
- Endpoint
- Storage- CIFS
- Fileshare
Permitted with ISPO Consultation
- Software
- Licensed Applications
Not Permitted
- Cloud Storage
- Cayuse
- Google Drive
