Any department wishing to accept payment cards should email the Treasurer's Office with your request, and we will schedule a time to review your plan.
Becoming a Merchant
In order to accept payment cards in return for their goods/services, departments (merchants) must complete a Departmental Request to Process Payment Cards and a Merchant Agreement and return it to the Treasurer's Office. The University accepts VISA, MasterCard, Discover and American Express cards. It will take approximately three weeks for merchant numbers to be activated and to receive the appropriate equipment.
Equipment and Supplies
New merchants can either lease or purchase the equipment from the credit card processor. One terminal with a printer is the required equipment. A pin pad is only required if a merchant plans on accepting debit cards. Any equipment problems should be handled with the credit card processor through the 800 phone provided.
Data Security
Along with the privilege of accepting payment cards, every merchant must be very careful in handling transaction data. Sensitive cardholder data must be securely disposed of when no longer needed. All but the last four digits of the account number must be masked when displaying cardholder data. Never store credit card numbers. Data Security pertains to all transactions, whether they are initiated via the telephone, over the counter, mail order, Internet, etc. If you are not in compliance with any of these requirements, contact the Treasurer's Office, 294-4363, immediately for assistance.
Security Standards
The PCI DSS is a mandated set of requirements agreed upon by the five major credit card companies: VISA, MasterCard, Discover, American Express and JCB. These security requirements apply to all transactions surrounding the payment card industry and the merchants/ organizations that accept these cards as forms of payment. Further details about PCI can be found at the PCI Security Standards Council Web site.
In order to accept credit card payments, the university must prove and maintain compliance with the Payment Card Industry Data Security Standards. The university’s Payment Card Policy and additional supporting documents provide the requirements for processing, transmission, storage, and disposal of cardholder data transactions. This is done in order to reduce the institutional risk associated with the administration of credit card payments by individual departments and to ensure proper internal control and compliance with the Payment Card Industry Data Security Standard (PCI DSS).
Questions about how to comply with the PCI DSS should be directed to IT Security.