May credit card information be submitted by email or fax?

No.  University policy prohibits emailing credit card information.  The University Payment (Credit/Debit) Card Processing Procedures section III. J.  state:

            “UNC Charlotte academic and business units are prohibited from accepting CHD via email, fax, or any electronic means including end-user messaging technology.”

Also, the PCIDSS, Payment Card Industry Data Security Standards (for more information see the PCI SSC website), state in section 4.2:

           “Never send unprotected PANs (Primary Account Numbers) by end-user messaging technologies (for example, e-mail, instant messaging, SMS, chat, etc.).”

It is absolutely against all credit card and University guidelines to send credit card information by email, or to accept that information from someone outside of the University. 

Faxing of cardholder information is not allowed unless preapproved by the eCommerce Office.  If you have a business need to fax cardholder information, contact Becky Smith at rebesmit@uncc.edu.

  • For a fax request to be approved, the fax machine  must be secure and operate via an analog line (not connected to the University network).  The fax machine must be located in a locked room and accessible only by those employees that have been designated as those allowed to interface with cardholder data.  Those employees must have completed the Requirements for Payment Card Processing.  Those requirements are further explained within the University Payment (Credit/Debit) Card Processing Procedures.