Background

Since the State University of New York at Fredonia (“Fredonia”) and related affiliates currently accept credit cards as a reliable and secure means of payment for services and products, Fredonia is required to obtain and maintain PCI-DSS compliance for each credit card processing entity (“merchant”) across campus. The Payment Card Industry Data Security Standards (PCI - DSS) is a mandated information security standard for organizations that store, process, access or transmit cardholder data (CHD or credit card numbers) in any format (e.g. electronic, paper-based, etc). A data security breach that stems from a gap in PCI compliance is, by definition, a breach of the contract between the merchant and the card brands. Consequences for having a breach of cardholder data include substantial fines up to $500,000 (per card brand) as well as forensic costs and reparation for the fraudulent transactions.

...