What do I do if credit card information is sent to me by email?

IMPORTANT REMINDER

Do not reply to the original email or forward it. Private, highly restricted data cannot reside on the University servers and must be purged. It is absolutely against all credit card and University guidelines to send credit card information by email or accept that information from someone outside the University.

If you are sent credit card information by email, you must:

  1. Obtain the email address of the sender and the date and time it was sent.
  2. Permanently delete the email containing the sensitive data from your computer and associated files.  

    NOTE:  To permanently delete the email in Gmail:

    • Delete it from your inbox
    • Locate the "Trash" on the left control menu within Gmail and do one of the following:
      • Right-click on the specific email in the trash folder and select "Delete Forever,"
      • Check the box in front of the specific email and select "Delete Forever" at the top of the trash folder OR
      • Select "Empty Trash now" to delete the entire contents of the folder
  3. Create a new email to the sender. 
  4. State that the original email was received; however, the payment information could not be processed because University policy prohibits the acceptance of that information received via email.
  5. Email Merchant Services immediately at eCommerce@charlotte.edu and send them:
    1. A statement that sensitive cardholder data was received by you (or the name of the mailbox that you monitor)
    2. The email address of the sender
    3. Date and time that the email was received
    4. Confirmation that the original email was permanently deleted from your computer and related systems. 
  6. If you forward the email before realizing the issue, notify the individual(s) on campus to whom it was forwarded and direct them to this FAQ.
Print Article