Credit Card Protection General Protection We not accept credit cards via email or other messaging applications We not store cardholder data Any cardholder information not submitted through an approved method will not be accepted and will be destroyed per PCI-DSS standards Any 3rd parties used to store, process, transmit, or that can affect the integrity of cardholder data must attest to their PCI compliance before Rollins College will enter into an agreement with them Everyone involved with cardholder data goes through annual training We annually attest to our PCI compliance In-Person Only approved PCI-compliant hardware and payment applications are used to process and transmit cardholder data When available, more secure technologies (point-to-point encryption, tokenization, etc.) are used to process and transmit cardholder data All hardware is periodically checked for tampering Hardware is stored securely when not in use Online All payments made online are through a PCI-compliant payment gateway using a secure connection No sensitive data is stored from a transaction Quarterly PCI Scans are performed to assess vulnerabilities Upgrades and patches are performed in a timely manner as new vulnerabilities are discovered Mail Order/Telephone Order (MOTO) Point-to-point encryption (P2PE) technology is used to process and transmit cardholder data Until it is processed, any cardholder data that comes in via mail is stored securely with limited access Clean desk policies and guidelines on accepting cardholder data over the phone are implemented