Any University unit that collects credit card information (Visa, MasterCard, American Express) must have security controls in place that comply with the Payment Card Industry Data Security Standard ("PCI"). These security controls include:
Must be protected behind a University network firewall.
Encrypt and protect cardholder data when either stored or transmitted.
Identify and protect systems from security vulnerabilities.