What do I do if credit card information is sent to me by email?

It is absolutely against all credit card and University guidelines to send credit card information by email, or to accept that information from someone outside of the University.  If you are sent credit card information by email, you must:

  • Obtain the email address of the sender and the date and time it was sent.
  • Permanently delete the email containing the sensitive data from your computer and associated files.  Do not reply to the original email or forward it.
    • To permanently delete the email in Gmail:
      • delete it from your inbox
      • locate "Trash" on the left control menu within Gmail
        • either, right click on the specific email in the trash folder and select "Delete Forever"
        • or, check the box in front of the specific email and select "Delete Forever" at the top of the trash folder
        • or, select "Empty Trash now" to delete the entire contents of the folder.
  • Create a new email to the sender.  State that the original email was received; however, the payment information could not be processed because University policy prohibits the acceptance of that information received via email.
  • Notify eCommerce (eCommerce@uncc.edu) immediately and send them:
    • A statement that sensitive cardholder data was received by you (or the name of the mailbox that you monitor)
    • The email address of the sender
    • Date and time that the email was received
    • Confirmation that the original email was permanently deleted from your computer and related systems. 
  • If the email was forwarded before the issue was realized, notify the individual(s) on campus to whom it was forwarded and direct them to these instructions.

Private highly restricted data cannot reside on the University servers and must be purged.