MCC Credit Card Security Policies and Best Practices



MCC Staff are expected to safeguard all personal identifying information to prevent identity theft and to safeguard credit card information to prevent security breaches. These safeguards include, but are not limited to, the following Best Practices for Credit Card Processing at MCC:

  • Employees must never send a full 16 digit credit card Primary Account Number (PAN) and/or cardholder’s expiration date and card-validation code by end-user technologies such as e-mails, instant messaging, and chat functionality. The last 4 digits only (of the 16 digit credit card PAN) are acceptable and allowed if needed for reference purposes.
  • Employees must never send any documents via inter-office mail that contain a 16 digit credit card Primary Account Number (PAN) and/or cardholder’s expiration date and card-validation code. The last 4 digits only (of the 16 digit credit card PAN) are acceptable and allowed if needed for reference purposes.
  • Employees must never store any documents, either electronically on their computer or in paper format in their work area, that contain a 16 digit credit card Primary Account Number (PAN) and/or cardholder’s expiration date and card-validation code . Daily cashiering documentation that contains credit card information (that contain the last 4 digits of credit card PAN only) needs to be in a secured environment until it is forwarded for permanent storage at the Bedford Campus.
  • Employees are required to use a cross-cut shredder for all peripheral documentation (not used in MCC’s daily cashiering process) that contains a person’s 16 digit credit card Primary Account Number (PAN) and/or cardholder’s expiration date and card-validation code on a timely basis, and, in all cases, by the end of each day.
Last Modified: 12/5/16