The Bursar Office oversees all credit card merchant accounts for the campus. The designated University Payment Card Coordinator in the Bursar's Office is charged with acting as the liaison between the university, the merchant bank, credit card processors, vendors and campus merchants. The University Payment Card Coordinator has delegated authority to approve and establish accounts with the campus' merchant bank and with internet and gateway providers on behalf of the University. The primary policy source for the handling of payment cards is University Policy 3610: Accepting and Handling Payment Card Transactions.
Accepting credit cards for payment provides a service to your customer by offering a convenient method to pay for goods and services. However, if your department is currently evaluating the decision to become a credit card merchant, there are several factors to consider. Accepting credit cards for payment involves risk of loss, processing fees, and requires compliance with data security requirements. Departments accepting payment cards are responsible for all expenses associated with payment card merchant accounts, including but not limited to equipment costs, banking fees, and cost(s) of compliance with the Payment Card Industry Data Security Standards. Campus departments should become familiar with all of these factors before making the decision to become a merchant.
The University Payment Card Coordinator is the best source of information for the requirements involved in accepting credit cards. Before making any arrangements or purchases related to credit card acceptance services and equipment, departments must consult and receive approval from the Payment Card Coordinator. The Payment Card Coordinator will review departmental needs and recommend the most efficient and cost effective method available.
To reduce their losses due to credit card fraud, five members of the payment card industry, Visa, Inc., MasterCard Worldwide, American Express, Discover Financial Services, and JCB International (Japan Credit Bureau), banded together to develop security standards for any organization that accepts, captures, stores, transmits, and/or processes payment card information either manually or through an automated system. This set of standards is referred to as the Payment Card Industry's Data Security Standard, or PCI DSS. The PCI DSS is an evolving set of comprehensive requirements designed to enhance payment account data security. The PCI DSS contains six categories of requirements. These include building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures, regularly monitoring and testing networks, and maintaining an information security policy.
The university is committed to complying with the PCI DSS by ensuring the secure handling of payment card information. All university merchants accepting payment cards are required to comply with the PCI DSS and validate their PCI DSS compliance annually by completion of PCI Self Assessment Questionnaire (SAQ). The University Payment Card Coordinator will coordinate the annual validation with all university merchants.
PCIDSS Standards & Documents are available at the Council Website.