Skip to main content
University of Nebraska Omaha logo University of Nebraska Omaha
APPLY MY UNO DIRECTORY

APPLY MY UNO DIRECTORY
  • About Backback to Main menu
    • About
    • Leadership
    • Mission and Strategic Plan
    • Accreditation
    • Our City
    • Facts and Figures
    • Campus Safety
    • Buildings and Maps
    • Contact Us
  • Academics Backback to Main menu
    • Academics
    • Majors & Programs
    • Class Search
    • Catalogs
    • Academic Calendar
    • Colleges
    • Academic Affairs
    • Online Learning
    • International
    • Library
  • Admissions Backback to Main menu
    • Admissions
    • Undergraduate Admissions
    • Graduate Admissions
    • Tuition and Fees
    • Financial Aid
    • Registrar
    • Visit UNO
    • Request Info
    • Apply
  • Student Life Backback to Main menu
    • Student Life
    • Academic & Career Development Center
    • Accessibility
    • Housing & Residence Life
    • Inclusion
    • Service
    • Student Conduct & Community Standards
    • Student Involvement
    • Student Safety
    • Wellness
  • Engagement Backback to Main menu
    • Engagement
    • Academic Community Engagement
    • Service Learning Academy
    • Student Engagement Resources
    • Engagement Roadmap
    • Barbara Weitz Community Engagement Center
  • Research Backback to Main menu
    • Research
    • Research News
    • Centers and Institutes
    • Office of Research and Creative Activity
  • Athletics Backback to Main menu
    • Athletics
    • Baxter Arena
    • Omaha Mavericks Website
  • Alumni Backback to Main menu
    • Alumni
    • Transcripts
    • Thompson Center

Campus Policies

  1. UNO
  2. Campus Policies
  3. Primary Account Number (PAN) Data Security

Primary Account Number (PAN) Data Security

Policy Contents

  • Scope
  • Policy Statement
  • Reason for Policy
  • Procedures
  • Definitions
  • Related Information
  • History
  • Effective: 01-31-2015
  • Last Revised: 08-01-2016
  • Responsible University Administrator: Chief Information Officer
  • Responsible University Office: Information Security
  • Policy Contact: Information Security • security@unomaha.edu
  • Print or view PDF

Scope

This policy applies to all university personnel and entities responsible for managing and supporting systems within the scope of PCI, as well as those responsible for the acceptance and processing of payment card transactions.

This policy affects those PCI identified systems along with campus-wide implemented systems. Systems that are not centrally managed are to use this policy as best practice for information systems security within their respective information systems environments.

Policy Statement

The University of Nebraska Omaha (UNO) will ensure that unencrypted Primary Account Numbers (PAN) are not sent via end-user messaging technologies and that they adhere to the following conditions for purposes of complying with the Payment Card Industry Data Security Standards (PCI-DSS) initiatives.

Primary Account Numbers (PAN) will not be sent unencrypted via the following:

  • Email
  • Instant Messaging
  • Chat forums
  • Other applicable end-user technology

Cardholder data sent across open, public networks must be protected through the use of strong cryptography or security protocols such as AES-128 encryption and the TLS 1.2 network protocol.

Reason for Policy

In accordance with PCI-DSS requirements, UNO has established a formal policy supporting procedures regarding the encryption of PAN that are sent via electronic transmission.

Procedures

The procedures, which ensure that the unencrypted Primary Account Numbers (PAN) policy adheres to the requirements set forth for PCI-DSS compliance require observance of the aforementioned policies.

Definitions

Primary Account Number (PAN): Acronym for primary account number and also referred to as account number. Unique payment card number (typically for credit or debit cards) that identifies the issuer and the particular cardholder account.

Cardholder Data: Cardholder data is any personally identifiable information associated with a user of a credit/debit. Primary account number (PAN), name, expiry date, and card verification value 2 (CVV2) are included in this definition.

Encryption: Process of converting information into an unintelligible form except to holders of a specific cryptographic key. Use of encryption protects information between the encryption process and the decryption process (the inverse of encryption) against unauthorized disclosure.

Related Information

UNO Systems Access Control Policy

UNO Retention and Destruction/Disposal of Regulated Information Policy

 

References

This policy covers the following sections of PCI-DSS 3.2:

  • 3.4 Render PAN unreadable anywhere it is stored

History

This policy is an update to the Primary Account Number (PAN) Data Security Policy that was previously updated in 2015.

  • Next Steps
  • Visit UNO
  • Request Information
  • Apply for Admission
  • The UNO Advantage
  • Our City (Omaha)
  • Just For You
  • Future Students
  • Current Students
  • Work at UNO
  • Faculty and Staff
  • A-Z List
  • Popular Services and Resources
  • my.unomaha.edu
  • Academic Calendar
  • Campus Buildings & Maps
  • Library
  • Pay Your Bill
  • Course Catalogs
  • Internships & Career Development
  • Bookstore
  • MavCARD Services
  • Military-Connected Resource Center
  • Speech Center
  • Writing Center
  • Human Resources
  • Center for Faculty Excellence
  • Affiliates
  • University of Nebraska System
  • NU Foundation
  • Buffett Early Childhood Institute
  • Daugherty Water for Food Institute
  • National Strategic Research Institute
  • Peter Kiewit Institute
  • Rural Prosperity Nebraska
  1. University Policies
  2. Privacy Statement
  3. Accessibility
  1. 402.554.2800
University of Nebraska Omaha
University of Nebraska Omaha, 6001 Dodge Street, Omaha, NE, 68182
  • © 2022  
  • Emergency Information Alert
  • Report an Incident or Concern
Omaha Skyline

Our Campus. Otherwise Known as Omaha.

The University of Nebraska does not discriminate based on race, color, ethnicity, national origin, sex, pregnancy, sexual orientation, gender identity, religion, disability, age, genetic information, veteran status, marital status, and/or political affiliation in its education programs or activities, including admissions and employment. The University prohibits any form of retaliation taken against anyone for reporting discrimination, harassment, or retaliation for otherwise engaging in protected activity. Read the full statement.

scroll to top of page