PCI Data Loss Prevention

What you should know about emailing credit card information…

ECU has implemented a tool to detect when credit card information is being “sent” by an ECU email address. We are NOT “reading” your emails, however, the tool we are using does notify us when an email is sent and a credit card number is detected.  This is currently only in place for faculty, staff and departmental email addresses.

Email is NOT a secure method to send or receive credit card information. This is true whether you type the card information in the body of the email or it is included in an attachment.

ECU email is subject to public record and is intended for business use. You should NOT utilize your ECU email for sending personal, sensitive information.  If you would not want the information to be on the front page of the newspaper or on social media, then you should not send it via email.

Campus departments receiving credit card info from customers…

Departments should NEVER request customers to email them their credit card information!

Departments should NEVER process credit card information received via email.

If you receive credit card information from a customer/donor/patient via email, please do the following:

  • Contact the customer/patient/donor in a clean email or via phone.  Inform them that email is not secure, and their email had to be removed from your mailbox for their safety. In order to process their payment, they will need to submit their payment in another manner (online, phone, mail, etc) offered by your department.
  • Do NOT reply or forward the email/attachment with the credit card information.
  • Do NOT print the email/attachment with the credit card information.
  • Do NOT save the attachment with the credit card information.
  • Send an email to ecommerce@ecu.edu and provide the following information so that the email you received can be removed from your mailbox
    • Sender email
    • Recipient email
    • Date
    • Subject

ProCard Users

Bank of America credit card statements may show your full credit card number, so the statement should not be sent via email without redacting the credit card number.

A vendor should never request that your credit card information be emailed to them.  This is true whether you type the card information in the body of the email or it is included in an attachment.  If you must put your full credit card information on a form that will be faxed to the vendor, please redact the number before emailing the packet to the ProCard Office.

If you have ProCard specific questions, please contact us at procard@ecu.edu

Want more information or have questions?

Contact us at ecommerce@ecu.edu