Credit Card/PCI Compliance Policy

The purpose of this policy is to ensure that the District’s handling of customer credit card information complies with credit card Payment Card Industry (PCI) requirements.

1. Under no circumstances will any officer or employee of the District record or save customer credit card information beyond the last 4 digits of the number.
2. Under no circumstances will any officer or employee of the District record or save security code information from a customer’s credit card.
3. All customer credit card transactions shall be via certified PCI credit card processing services.
   1. Intuit Credit Card Terminal
   2. Intuit GoPayment Service
4. Any and all customer credit card information will be fully destroyed upon the completion of the current transaction.
5. No media in any form will be maintained that contains customer credit card information.
6. We will discourage customers from using unsecure email to provide credit card information to us
   1. Credit card number should never be sent in the same email as the security information.
   2. If the customer does send the information by email (separately or in the same email) we will destroy the email and any printouts upon completion of the transaction.
7. Credit card payments from District clubs will only be accepted via the secure payment link on a District invoice which does not provide credit card information to the District.