Access to the web interface that is used to capture card swipes is authenticated by Kerberos user name and passphrase.

In addition, the authenticated user must have been defined in the Swipe Card System by an administrator. An employee of the CSAA must approve the granting of departmental administrator privileges to a staff member. A departmental administrator may then authorize other staff members or student employees/volunteers to actively capture card swipes (for their department only). 

When an AggieCard is swiped, only the student ID encoded in the magnetic stripe is sent to the web page. Any student ID that is sent to (or typed into) the web page is considered to be a password and does not display. For confirmation purposes the first name of the student will appear on the web page for a maximum of three seconds. 

No one who is capturing the card swipes has access to the data collected. 

Departmental administrators may be granted limited access to some public directory information about students who have utilized a service (provided by their department only). Any use of this information is subject to FERPA.

The CSAA is the institutional owner of the data collected. Access to the data will only be granted as a result of a specific request that complies with FERPA and relevant university policies.

Access to any reports created by the CSAA (based on the swipe card data) will be granted only to authorized individuals in the Division of Student Affairs and the university administration. If any report does contain Personally Identifiable Information (PII), the use of the report must be compliant with FERPA and relevant university policies.