We do not store cardholder data.. Any cardholder information not submitted through an approved method will not be accepted and will be destroyed per PCI-DSS standards.. Any 3rd par
Trang 1Credit Card Protection
General Protection
We do not accept credit cards via email or other messaging applications
We do not store cardholder data
Any cardholder information not submitted through an approved method will not be accepted and will be destroyed per PCI-DSS standards
Any 3rd parties used to store, process, transmit, or that can affect the integrity of cardholder data must attest to their PCI compliance before Rollins College will enter into an agreement with them
Everyone involved with cardholder data goes through annual training
We annually attest to our PCI compliance
In-Person
Only approved PCI-compliant hardware and payment applications are used to process and transmit cardholder data
When available, more secure technologies (point-to-point encryption, tokenization, etc.) are used to process and transmit cardholder data
All hardware is periodically checked for tampering
Hardware is stored securely when not in use
Online
All payments made online are through a PCI-compliant payment gateway using a secure
connection
No sensitive data is stored from a transaction
Quarterly PCI Scans are performed to assess vulnerabilities
Upgrades and patches are performed in a timely manner as new vulnerabilities are discovered
Mail Order/Telephone Order (MOTO)
Point-to-point encryption (P2PE) technology is used to process and transmit cardholder data
Until it is processed, any cardholder data that comes in via mail is stored securely with limited access
Clean desk policies and guidelines on accepting cardholder data over the phone are
implemented