Treasury: Credit Card Policy
Protecting the Security of Credit Card Information
In light of the frequent reports in the news of security breaches involving credit card information, this is an opportune time to review department/clinic responsibilities for protecting the security of its patients/customers.
The department of Treasury would like to remind all departments/clinics (credit card merchants) that accept payments via credit cards, of your security responsibilities. Credit card information must not be stored anywhere, including servers, laptops, external disks, or any other electronic manner unless specifically authorized by the department of Treasury. Each UTMB department is responsible for any losses due to poor internal controls. Your general obligations and responsibilities include:
- The Merchant or any agent of the Merchant shall not retain or store magnetic strip data subsequent to the authorization of the sales transaction.
- The Merchant shall not disclose a Cardholder's account information or any other personal information to third parties other than to the Merchant's agent for the sole purpose of assisting such Merchant in completing the transaction or as specifically required by law. Suspicious requests for account information should be reported immediately to Merchant's designated account manager at Bank or to Bank's client services agreement.
The department of Treasury is responsible for the coordination of all E-commerce and credit card acceptance throughout UTMB. If your department/clinic is accepting credit cards, you must be registered with Treasury. Departments/clinics are required to report any security breaches or suspected breaches to Treasury.
Please make sure that all employees involved in the administration or system support of credit cards are following these policies. Also, please feel free to contact Treasury at 409-747-7261 with any questions.