The Payment Card Industry has addressed access to cardholder data through the Standards and identify what screening that potential employees must pass in order to gain access to cardholder data including reports. This standard is required for EMPLOYEES and recommended even if the employee is a cashier and exposed to one card at a time.
12.7 Screen potential personnel prior to hire to minimize the risk of attacks from internal sources. (Examples of background checks include previous employment history, criminal record, credit history, and reference checks.)
Note: For those potential personnel to be hired for certain positions such as store cashiers who only have access to one card number at a time when facilitating a transaction, this requirement is a recommendation only.
12.7 Inquire with Human Resource department management and verify that background checks are conducted (within the constraints of local laws) prior to hire on potential personnel who will have access to cardholder data or the cardholder data environment.
Performing thorough background investigations prior to hiring potential personnel who are expected to be given access to cardholder data reduces the risk of unauthorized use of PANs and other cardholder data by individuals with questionable or criminal backgrounds.
An Employee at the University undergoes a background check, completes an I-9 (eligibility to work legally in the US) and signs an offer contract among other.
Non-employees and work-study students are not subject to these requirements and even if they agree to them, we will not proceed as they have not been offered a position as an employee and do not have the same privileges and responsibilities.
Risk Management has created the form below, directed toward Medical Center volunteers that can be used as a guide to managing volunteers or other non-employee workers.