PCI Compliance

Learn more about PCI Compliance at Rollins.

PCI DSS is the Payment Card Industry Data Security Standard. It is a set of comprehensive requirements for credit card account data security, developed by the credit card industry to counteract identity theft and credit card fraud.

As a merchant who handles credit card data, Rollins College is obliged to safeguard that information and adhere to the standards established by the Payment Card Industry Security Standards Council (PCI SSC) including setting up controls for handling credit card data, computer and internet security and completing an annual self-assessment questionnaire.

Each department and organization at Rollins that wants to accept credit card payments is responsible for following the PCI DSS standards, which includes an annual training and review of policy and procedures. You can review Rollins’ PCI DSS policies and procedures by clicking here To learn more about the PCI Security Council, visit their website here.

For more information regarding PCI Compliance, please view this presentation provided by our consultants, CampusGuard:

Merchant General Information Presentation by CampusGuard

For additional questions/comments, please contact the Rollins PCI Compliance Coordinator, at 407.628.6300 or PCICompliance@rollins.edu.

PCI DSS Goals and Requirements

PCI DSS currently has 6 goals and 12 requirements. They are as follows:

  1. Build and Maintain a Secure Network

    Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
    Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.
  2. Protect Cardholder Data

    Requirement 3: Protect stored cardholder data.
    Requirement 4: Encrypt transmission of cardholder data across open, public networks.
  3. Maintain a Vulnerability Management Program

    Requirement 5: Use and regularly update anti-virus software.
    Requirement 6: Develop and maintain secure systems and applications.
  4. Implement Strong Access Control Measures

    Requirement 7: Restrict access to cardholder data by business need-to-know.
    Requirement 8: Assign a unique ID to each person with computer access.
    Requirement 9: Restrict physical access to cardholder data.
  5. Regularly Monitor and Test Networks

    Requirement 10: Track and monitor all access to network resources and cardholder data.
    Requirement 11: Regularly test security systems and processes.
  6. Maintain an Information Security Policy

    Requirement 12: Maintain a policy that addresses information security.

You can review the latest version of the PCI DSS, currently version 3.2, by clicking here.

Any department or organization that wants to accept credit card payments must comply with each of the requirements. While the PCI Office and IT department at Rollins College manage a lot of the technical requirements, there are still requirements that need to be addressed at the department or organization level. Please contact the PCI Office if you have any questions here.

Some Do's and Don'ts

Do

  • Only use Rollins PCI Office approved payment acceptance solutions
  • Ensure cardholder data is destroyed once it is no longer needed
  • Physically secure all payment acceptance devices from theft
  • Understand the flow of cardholder data from cradle to grave
  • Ensure third-party partners are PCI compliant
  • Limit access to cardholder data only to those with legitimate business needs

Don’t

  • Store cardholder data AT ALL
  • Use unauthorized devices to accept payments
  • Accept credit card information through email, text message, or fax
  • Leave payment acceptance devices unsecured
  • Hesitate to contact the PCI office with questions

Finance Department
Rollins College
Mailing Address: 1000 Holt Ave.-2715
Winter Park, FL 32789
T. 407.646.2125
Office Location: 422 West Fairbanks Building