The Corporate Card should always be treated with at least the same
level of care and security with which cardholders treat their own personal
credit cards. Cardholders should keep the Corporate Card in a secure location
and guard the Corporate Card account number carefully.
Always know where your card is. If you cannot find your
card, expect the worst. Have your account canceled and request a new card.
Departments retaining cards in a central location should keep the cards locked
in a secure area. The cards should be stored separately from the cardholders'
applications or any other documents that contain personal information about the
Review your statements carefully. Cardholders should
review their statements when they receive them and compare the charges that
appear on their statements with their receipts to ensure all the charges are
Conduct business with reputable companies.
Do not send your full 16 digit account number and expiration date to
anyone via email. Email is not a secure method of correspondence
without encryption. When sending emails to CorporateCard@duke.edufour
digits of the account number.
Inform merchants that they should not store your credit card
information for future purchases.
Be aware of phishing (pronounced 'fishing') schemes.
Phishing is exactly that, fishing for information (e.g. personal
credit card information, personal bank account information, social security
number, etc.) The most common method of phishing is through fraudulent emails
claiming to be from your bank or another institution that already has your
personal information. The email requests that you confirm your information. This
information can be used fraudulently to make unauthorized credit card purchases
or for identify theft.
Ensure websites you use to make purchases are encrypting your credit
card information. When a supplier's website utilizes encryption,
there will be a small picture of a closed lock to identify the increased security. Another method to
determine if encryption is being used is to check the URL of the current page of
the website. If the URL begins with "http://", the page is NOT
encrypted. If the URL begins with "https://", the page is encrypted.