Credit Card Processing Standards

Introduction

LTS recommends that computers and applications which process credit card information implement these standards. These standards are only meant to address information security best practices and following them does not ensure compliance with university policy.

Computer Configuration

Computers involved in credit card processing should meet these criteria. Both servers and desktop computers are included in this group.

• Conform to LTS security standards
• Be reported to LTS for in-depth security scanning
• Be configured to use a static DHCP address. Please email noc at brandeis dot edu for more information.
• Use the Brandeis wired network and have any wireless capabilities disabled.
• Use strong encryption whenever credit card information is tranmitted over the network.

Other Standards

Web sites involved in credit card processing should use HTTPS. Where possible, web servers should be configured to use the SSLv3 protocol only.

Credit card information should never be transmitted via email.

Media used to store credit card information should be destroyed or securely wiped before disposal. Please email security at brandeis dot edu for more information.

This page was last modified on: Apr 18, 2007