Finance Department
PCI Compliance
Learn more about PCI Compliance at Rollins.
PCI DSS is the Payment Card Industry Data Security Standard. It is a set of comprehensive requirements for credit card account data security, developed by the credit card industry to counteract identity theft and credit card fraud.
As a merchant who handles credit card data, Rollins College is obliged to safeguard that information and adhere to the standards established by the Payment Card Industry Security Standards Council (PCI SSC) including setting up controls for handling credit card data, computer and internet security and completing an annual self-assessment questionnaire.
Each department and organization at Rollins that wants to accept credit card payments is responsible for following the PCI DSS standards, which includes an annual training and review of policy and procedures. You can review Rollins’ PCI DSS policies and procedures by clicking here. To learn more about the PCI Security Council, visit their website here.
For more information regarding PCI Compliance, please view this presentation provided by our consultants, CampusGuard:
Merchant General Information Presentation by CampusGuard
If you are a Student Organization, please review the student org credit card policy located here.
If you are accepting Credit Cards for an event, make sure to review and complete the Accepting Credit Card Checklist located here.
For additional questions/comments, please contact the Rollins PCI Compliance Coordinator at 407.628.6300 or PCICompliance@rollins.edu.
PCI DSS Goals and Requirements
PCI DSS currently has 6 goals and 12 requirements. They are as follows:
-
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters. -
Protect Cardholder Data
Requirement 3: Protect stored cardholder data.
Requirement 4: Encrypt transmission of cardholder data across open, public networks. -
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software.
Requirement 6: Develop and maintain secure systems and applications. -
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know.
Requirement 8: Assign a unique ID to each person with computer access.
Requirement 9: Restrict physical access to cardholder data. -
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data.
Requirement 11: Regularly test security systems and processes. -
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security.
You can review the latest version of the PCI DSS, currently version 3.2, by clicking here.
Any department or organization that wants to accept credit card payments must comply with each of the requirements. While the PCI Office and IT department at Rollins College manage a lot of the technical requirements, there are still requirements that need to be addressed at the department or organization level. Please contact the PCI Office if you have any questions here.
Some Do's and Don'ts
Do
- Only use Rollins PCI Office approved payment acceptance solutions
- Ensure cardholder data is destroyed once it is no longer needed
- Physically secure all payment acceptance devices from theft
- Understand the flow of cardholder data from cradle to grave
- Ensure third-party partners are PCI compliant
- Limit access to cardholder data only to those with legitimate business needs
Don’t
- Store cardholder data AT ALL
- Use unauthorized devices to accept payments
- Accept credit card information through email, text message, or fax
- Leave payment acceptance devices unsecured
- Hesitate to contact the PCI office with questions