Corporate Card Security Tips

The Corporate Card should always be treated with at least the same level of care and security with which cardholders treat their own personal credit cards. Cardholders should keep the Corporate Card in a secure location and guard the Corporate Card account number carefully.

  • Always know where your card is.
    If you cannot find your card, expect the worst. Have your account canceled and request a new card. Departments retaining cards in a central location should keep the cards locked in a secure area. The cards should be stored separately from the cardholders' applications or any other documents that contain personal information about the cardholders.
  • Review your statements carefully.
    Cardholders should review their statements when they receive them and compare the charges that appear on their statements with their receipts to ensure all the charges are valid.
  • Conduct business with reputable companies.
  • Do not send your full 16 digit account number and expiration date to anyone via email.
    Email is not a secure method of correspondence without encryption. When sending emails to CorporateCard at duke.edu, please only include the last four digits of the account number.
  • Inform merchants that they should not store your credit card information for future purchases.
  • Be aware of phishing (pronounced 'fishing') schemes.
    Phishing is exactly that, fishing for information (e.g. personal credit card information, personal bank account information, social security number, etc.) The most common method of phishing is through fraudulent emails claiming to be from your bank or another institution that already has your personal information. The email requests that you confirm your information. This information can be used fraudulently to make unauthorized credit card purchases or for identify theft.
  • Ensure websites you use to make purchases are encrypting your credit card information.
    When a supplier's website utilizes encryption, there will be a small picture of a closed lock to identify the increased security. Another method to determine if encryption is being used is to check the URL of the current page of the website. If the URL begins with "http://", the page is NOT encrypted. If the URL begins with "https://", the page is encrypted.