Review these tips to keep your Stanford University-issued Purchasing Card (PCard) or Travel Card (TCard) safe.
How Departments and Cardholders Can Prevent Fraud on PCards and TCards
Safeguard the card
- When the card is not in use, keep it in a locked unit.
- Only use the card on secure websites and do not save the card number as a default payment method.
- Do not lend or share an individual Purchasing Card (PCard) or any Travel Card (TCard).
- Limit the use of department PCards to one or two designated employees who have completed training in PCard Policy and Procedure.
- Do not write down a PCard or TCard number, or share information about a card via email, text or other means. For department cards, ask the cardholder custodian to place orders as needed.
The department’s PCard custodian is responsible for ensuring controls are in place, securing physical access to the card and logging card usage.
Submit and Approve Transactions on Time
- Submit and approve transactions within 60 days to help identify and reduce fraud. The department is ultimately liable for any fraudulent and erroneous charges not resolved directly with the merchant.
Provide Departmental Oversight
- Run reports regularly in OBI to learn which cards belong to your department, who they are assigned to, and which transactions are outstanding. To launch OBI reports for credit cards, go to the Expense Requests and SU Card Activity (ERR) OBI Dashboard.
Respond to Changes in Staff Status
- If a cardholder/custodian leaves the university, cancel the university-issued card immediately.
- If a cardholder/custodian has transferred departments, cancel the current card and apply for a new card with the new department.
- If a cardholder/custodian is on extended university leave, such as sabbatical, family or medical leave, notify the Card Services Team via a support request to have the card temporarily suspended.
All card transactions should be properly expensed/cleared before the employee’s status changes.
General Tips to Prevent Credit Card Fraud
- Use separate email accounts for work and personal use.
- Use a unique password for each account.
- Use strong passwords and update them every two months.
- Protect your tech devices by using updated anti-virus software, operating systems and web browsers.
- Limit internet usage at work to core business-related sites.
- Avoid using unsecured public networks.
- Never click on a document or link that comes from an unknown source.
- Never share personal information about your job or travel plans via social media.
- Never disclose confidential information (such as credit card account number, CVV code, login or passwords) in a format that can be shared via email, text, messaging service or written document.