Establish and maintain the physical security of non-issued payment cards.

CONTROL ID
06402

CONTROL TYPE
Establish/Maintain Documentation

CLASSIFICATION
Preventive

This Control directly supports the implied Control(s):

This Control has the following implementation support Control(s):

Establish, implement, and maintain payment card disposal procedures., CC ID: 16137
Control the issuance of payment cards., CC ID: 06403
Inventory payment cards, as necessary., CC ID: 13547
Store non-issued payment cards in a lockable cabinet or safe., CC ID: 06404
Deliver payment cards to customers using secure methods., CC ID: 06405
Establish, implement, and maintain payment card usage security measures., CC ID: 06406
Notify customers about payment card usage security measures., CC ID: 06407
Establish, implement, and maintain payment card disposal procedures., CC ID: 16135

O51: For its computer center, head and branch offices, and affiliates, the organization shall establish a method for managing cards that includes following procedures for issuing, granting, retrieving, storing, and destroying cards to ensure security and to smoothly perform card-related operations. … (O51, O99, O99.2, O101, FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions, 7th Edition)
It is necessary to define the procedures for the disposal of cards that cannot be used due to creation errors, design changes, etc., and cards that are not delivered for a long time or retrieved due to account closure, such as disposing of cards by cutting and burning them with the attendance of a r… (P107.8., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
Assess whether inventory controls for plastic card stock make them physically secure. (App A Tier 2 Objectives and Procedures D.4, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)