If your department or program is considering the purchase or upgrade of a system that will accept, process, transmit or store credit card information, such as online credit card payments or a similar functionality, the first step is to review the following to familiarize yourself with relevant policy.  

Payment card Industry (PCI) Data Security Program and Standard at http://www.montana.edu/ubs/pci/

In summary, the policy requires that any contract or purchase, at any cost, that involves software, hardware, equipment or services dealing with credit card payments on behalf of the university must be in accordance with PCI DSS Policy and must have prior approval from the PCI Working Team (PCI@montana.edu).

After reviewing the policy, please contact the working team; to get the ball rolling, request the vendor’s most recent attestation of compliance (AoC).  The Team will help you determine the best way to proceed, and ensure that the vendor software can be properly configured to utilize an approved Payment Gateway.