ACCEPTING CREDIT CARDS AND ELECTRONIC CHECKS TO CONDUCT UNIVERSITY BUSINESS

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "ACCEPTING CREDIT CARDS AND ELECTRONIC CHECKS TO CONDUCT UNIVERSITY BUSINESS"

Transcription

1 UNIVERSITY OF NORTH DAKOTA FINANCE & OPERATIONS POLICY LIBRARY ACCEPTING CREDIT CARDS AND ELECTRONIC CHECKS TO CONDUCT UNIVERSITY BUSINESS Policy 2.3, Accepting Credit Cards and Electronic Checks to Conduct University Business Responsible Executive: VP Finance & Operations Responsible Office: Student Account Services Issued: April 11, 2011 Latest Review / Revision: April 11, 2011 POLICY STATEMENT All University of North Dakota departments and colleges that conduct electronic-based financial transactions for the University, which include credit card or electronic check transactions, must be compliant with Payment Card Industry Data Security Standards, VISA Operating regulations, as well as other card type regulations, State Board of Higher Education, North Dakota University System, and UND policies and procedures, and all applicable laws and mandates. REASON FOR POLICY The University recognizes that accepting credit cards as payment for goods or services has become a common practice that improves customer service, brings certain efficiencies to UND's cash collection process, and may increase the sales volume of some types of transactions. In addition, the use of technology, such as the World Wide Web, provides easy access for many, and the use of credit cards is essential when sales are conducted electronically. SCOPE OF POLICY This policy applies to all members of the University community and should be read by: President Vice Presidents Deans, Directors & Department Heads Area Managers & Supervisors Faculty Staff Students Others: all those handling electronic fund transactions WEB SITE REFERENCES This policy: Policy Office: Vice President for Finance & Operations: Student Account Services: Page 1 of 13

2 CONTENTS Policy Statement 1 Reason for Policy 1 Scope of Policy 1 Web Site References 1 Related Information 3 Contacts 4 Definitions 5 Principles (overview) 6 Procedures 8 Obtaining Authorization to Accept Credit Card Payments 8 Methods of Processing Transactions 8 Refunds 9 Disputed Charges/Chargebacks 9 Recording and Reconciling Credit Card Transactions 9 Retention Periods 9 Network Scans 10 PCI Self Assessment Questionnaire 10 Responsibilities 11 Forms 12 Revision Record 12 Page 2 of 13

3 RELATED INFORMATION Criminal History Background Check Gramm Leach Bliley Act NDUS Information Security Procedures NDUS Privacy Statement Payment Card Industry Standards PTS Policies SBHE Identity Theft Prevention SBHE Job Applicant and Employee Criminal History Background Checks UND Identity Theft Prevention Program UND ITSS Identity Management Project UND ITSS Incident Response Policy UND Records Retention Schedule "What To Do If Compromised" VISA USA Fraud Investigations and Incident Management Procedures F/criminal%20history%20background%20checks.pdf &SID= l stry%20standards/session/l3npzc9ac1i1ak1oaw%3d%3d &SID=9 &SID= Policy_final.pdf ed.html Page 3 of 13

4 CONTACTS General questions about this policy can be answered by your department s administrative office. Specific questions should be directed to the following: Subject Contact Telephone Policy Content Authorization to Accept Credit Cards Authorization to establish Touchnet Marketplace upay or ustores site Credit Card Fees Student Account Services Student Account Services Student Account Services Student Account Services (701) (701) (701) (701) Office or Department / Web Address Disputed Charges Bank of North Dakota (800) Ext Equipment Problems Bank of North Dakota (800) Ext Recording & Reconciling Transactions Records Management Student Account Services Office of Records Management (701) (701) Page 4 of 13

5 DEFINITIONS Credit Card(s) Credit Card Processing Machine Department Electronic Funds Transaction Gramm Leach Bliley Act (GLB) Act Payment Card Industry (PCI) Data Security Standards (DDS) Payment Card Industry Assessment Survey Privacy Statement Touchnet Marketplace upay & ustore site Touchnet Paypath echeck SBHE NDUS ITSS PA-DSS PTS A method of payment which includes credit and debit cards. A machine or device used to process credit card transactions. Examples include: Trans330, Trans380, Trans460, Omni3200SE. A UND department that is considering acceptance or has been approved to accept credit cards or electronic checks to conduct University business. The term is used for a number of different concepts, such as cardholder-initiated transactions, where a cardholder makes use of a payment card (e.g., credit or debit card); electronic payments by businesses, individuals, or students, using electronic check clearing (banking information). Key rules under the Act govern the collection and disclosure of customers' personal financial information. A multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data. For more information on PCI-DSS, PA-DSS, PTS, CISP, SDP, and other related information, visit Departments accepting credit card transactions must complete a Payment Card Industry Standard Assessment survey on an annual basis, or as requested. This survey assessess whether the department is in compliance with the required PCI standards. The Assistant Controller will distribute the survey and provide the due date to have it completed. Failure to completed a survey indicating compliance may result in the revocation of the ability to accept credit card transactions. Information provided to cardholders/customers informing them of UND s commitment to privacy and security. Third party vendor and software which follow applicable PCI standards and guidelines that enables University departments to build and operate secure web-based shopping cart applications and online payment pages. For Marketplace upay and ustores sites, Touchnet Payment Gateway is used for electronic payment processing (electronic check and credit cards). Third party vendor and software for campus online billing and payment processing, for Campus Connection accounts, which follow applicable PCI standards and guidelines. TouchNet PayPath is used for electronic processing of online credit card payments to Campus Connection. Online electronic check payments to Campus Connection accounts are processed through TouchNet Payment Gateway. Electronic Check State Board of Higher Education North Dakota University System Information Technology Systems and Services Payment Application Data Security Standards PIN Transaction Security Page 5 of 13

6 DEFINITIONS continued CISP SDP Magnetic Stripe Data CAV2, CVC2, CID, CVV2 Data PIN Data PAN VISA s Cardholder Information Security Program MasterCard s Site Data Protection Program Data encoded in the magnetic stripe used for authorization during a card-present transaction. Entities may not retain full magnetic-stripe data after transaction authorization. The only elements of track data that may be retained are account number, expiration date, and name. Data are the three-or four-digit value printed on or to the right of the signature panel or on the face of a payment card used to verify cardnot-present transactions. Data is the personal identification number entered by cardholder during a card-present transaction, and/or encrypted PIN block present within the transactions message. Primary Account Number Page 6 of 13

7 PRINCIPLES OVERVIEW Many departments on campus process credit card transactions, either infrequently or in the course of daily business. For purposes of this policy, debit cards are treated the same as credit cards; any reference to credit cards includes credit and debit card transactions. It is the University's responsibility to protect the privacy of its customers, as well as maintain compliance with the GLB Act and PCI-DSS. All University of North Dakota departments and colleges that conduct electronic-based financial transactions for the University, which include credit card or echeck transactions, must be compliant with PCI-DSS, VISA Operating regulations, as well as other card type regulations, SBHE, NDUS, and UND policies and procedures, and all applicable laws and mandates. Failure to be compliant in all areas may result in the revocation of departmental authorization to accept electronic-based financial transactions and departmental responsibility for paying all related penalties. Departments must obtain prior approval to accept electronic-based financial transactions. Requests should be submitted to the Assistant Controller and should indicate one of the following methods of processing: 1. Credit card machine (example Trans 330, Omni 3200E) 2. Touchnet Marketplace upay or ustores site(s) 3. UND approved third party vendor (also requires Bank of North Dakota approval) Exceptions to processing in any other manner may be granted only after a written request from the department is approved by the Controller or designee. In order to accept credit cards online for goods or services, departments must first consider establishing a Touchnet Marketplace upay or ustores site. Departments are responsible for setting up their Marketplace upay or ustores site, which includes all programming, testing, and maintenance of the site. Student Account Services will provide a Marketplace manual for reference. If a department feels that Touchnet Marketplace will not serve their needs, approval to contract with a third party vendor must be obtained, in advance, from the Assistant Controller. Bank of North Dakota approval is also required. The written request should include justification as to the reasons Touchnet Marketplace would not serve their needs. In addition, prior to entering into a contract with a third party vendor/processor, the department and the third party vendor must have a secured website and must provide certification that the internet site/provider is PCI compliant and will remain compliant. The service provider and the payment gateway and version must be provided and must be compliant. This certification should be obtained from the internet/third party provider and submitted to the Assistant Controller. Certification must be provided on an annual basis or as requested. In addition to receiving approval from the Assistant Controller, approval is required from Bank of North Dakota. The Assistant Controller will forward the departmental request to Bank of North Dakota. Credit cards for accounts receivable payments (accounts in Campus Connection) are only accepted online via Campus Connection and are processed through Touchnet Paypath. Currently, VISA is not an accepted online payment option via Campus Connection for accounts receivable payments. Student Account Services may approve the acceptance and processing of credit card transactions for payment by third party payers, including federal agencies, as determined by the Controller or Assistant Controller. Some federal agencies or third party vendors mandate payment by credit card. ACCEPTABLE CREDIT CARDS The University is required to process credit card transactions through the Bank of North Dakota. All requests to contract with a processer other than the Bank of North Dakota must be approved, in advance, by the Assistant Controller. Any exceptions must also be approved, in writing, by the Bank of North Dakota. The Assistant Controller will forward departmental requests to the Bank of North Dakota for approval. Page 7 of 13

8 Credit card types that may be accepted within the department or via the departmental Touchnet Marketplace site for goods and services include MasterCard, VISA, Discover, and American Express. Departments must request approval from Student Account Services to accept electronic payments (credit cards or echecks). Upon approval, the Assistant Controller will obtain all necessary merchant ID numbers from the Bank of North Dakota. CREDIT CARD FEES Merchant fees are charged by the processer on all credit card transactions. The fees vary and are based on the card type accepted and the method of acceptance (swiped versus manually entered). In addition to a percentage on the amount of the transaction, a per transaction fee and a monthly merchant account fee is charged. Merchant fees for credit card transactions for student accounts receivable payments via Campus Connection are not assessed to the university, but instead, a convenience fee is assessed to the individual making payment at the time of the transaction. Merchant fees assessed to the university are generally charged to the funding source that the revenue is credited at the time of the original transaction. Fees will be charged to the departmental fund via journal entry/import on a monthly basis by Student Account Services. As departments are developing rates (fees for goods or services) they should recognize the credit card merchant fee as a cost of doing business. Should the department choose to recover the fee, they must build it into the overall rate structure. In other words, departments processing transactions on a credit card machine or through Touchnet Marketplace cannot assess a convenience fee or any other additional fee to the customer if the customer pays via a credit card. SECURITY Departments must remain compliant with PCI-DSS, VISA Operating regulations, as well as other card type regulations, SBHE, NDUS, and UND policies and procedures, and all applicable laws and mandates. Security standards include PCI-DSS, PA-DSS, PTS, VISA s CISP, and MasterCard's SDP. Access to system components, banking information, and cardholder data must be limited to only those individuals whose positions require such access. Departments are responsible for providing and training their employees with applicable policies and procedures to ensure compliance with PCI Standards, SBHE, NDUS, and UND policies and procedures, and all other regulations pertaining to electronic payments. All paper and electronic media that contain cardholder data should be physically secure and confidential. All cardholder data should be disposed of according to records retention policy and PCI-DSS. Documents should be cross-cut shredded, pursuant to the Records Retention Schedule, so that cardholder data or financial information cannot be reconstructed. If a department suspects that credit card records may have been compromised in any way, whether through malicious intent or due to a weakness in the handling and processing of credit card transactions, they are to notify the Controller or Assistant Controller immediately. All security incidents will follow the UND Incident Response Policy. VISA USA Fraud Investigations and Incident Management Procedures, "What to do if Compromised", will be utilized as a reference for any security incident. Departments must adhere to SBHE, NDUS and UND policy and procedures regarding background checks for employees having access to credit card and electronic payment information. Refer to the requirements indicated in the UND Criminal History Background Policy and the Payment Card Industry Standards to determine if specific staff, working with credit card and electronic payment information within your department, are required to have a background check. All expenses related to background checks are the responsibility of the department. Page 8 of 13

9 PROCEDURES Obtaining Authorization to Accept Credit Card Payments Departments must obtain prior approval from Student Account Services to accept and/or process electronic check payments or credit card transactions (via credit card machine, online via Touchnet Marketplace, or processed through a third party vendor). Requests should be made via to the Assistant Controller. If approved, Student Account Services will assist the department in obtaining the required information or equipment, such as a merchant ID number or credit card processing machine. Student Account Services will also assist in providing the department with procedures for processing credit card deposits and reconciling on a daily basis. If a department has not obtained approval to accept and process electronic payments (echecks and credit cards), the department should not be accepting electronic payment/credit card information. If a department is interested in contracting with a third party vendor to process electronic transactions (credit card or echeck), prior approval is required to be obtained from the Assistant Controller and the Bank of North Dakota. The Assistant Controller will forward departmental requests to the Bank of North Dakota. Methods of Processing Transactions The acceptable methods for accepting cardholder information for processing credit card transactions include: 1. In person - Departments should avoid writing down credit card information. Transactions should be processed immediately via credit card machine if taken in person. 2. Telephone If the CVV code is obtained from the back of the card, it must be destroyed immediately after the transaction is processed. The department should verify the address if sending merchandise and may choose to have return receipt to confirm delivery of goods. 3. By fax Only if fax machine is in a secure, limited access location, accessible only by authorized personnel. 4. Mail This is not the preferred method. All documents containing cardholder data must be secure and disposed of according to records retention and PCI Data Security Standards. No storage of magnetic stripe data, CVV, PIN, or other similar information may be retained. 5. Touchnet Marketplace upay or ustores site Must obtain advance approval to establish a upay or ustores site. Departments are responsible for setting up their Marketplace upay or ustores site, including programming, testing, and maintenance. Student Account Services will provide the department with a Marketplace manual for reference. 6. Third Party Vendor/Processor This method may be approved in rare instances when it is proven that other methods are not feasible. Departments must obtain approval from the Assistant Controller and the Bank of North Dakota prior to entering into a contract with the vendor/processor. Credit card information must not be requested or sent electronically (i.e. , instant messaging). If the cardholder sends credit card information electronically, departments may still process the transaction, but should reply to the cardholder with the following verbiage: "It is important that UND protects the privacy of our customers, and therefore, does not accept credit card information electronically, as the system is not a secured site. Please discontinue sending credit card information electronically. Please contact the department providing the goods or services to request available payment options." Departments should attach a copy of the response to the merchant copy of the transaction being processed and retain in accordance with the records retention policy. Departments must not store any credit card information, including CVV codes or PIN numbers. This information should never be retained in a customer database or electronic spreadsheet. All CVV codes, PIN numbers, and other documents containing cardholder data (except those listed in the Retention Periods section of this document) must be shredded immediately after the transaction has been processed. It is in violation with PCI Data Security Standards to store magnetic stripe (i.e. track) data, CAV2, CVC2, CID, or CVV2 data, or PIN data after transaction authorization on any system. Page 9 of 13

10 Refunds and Credits Credit card regulations require credits/refunds to be issued to the credit card used in the original transaction. When goods or services are purchased using a credit card and a refund (full or partial) is necessary, the refund should be credited to the original credit card from which the purchase was made. Customer requests to issue the credit/refund to an alternate card should be denied. This ensures compliance with credit card regulations and reduces the risk for fraudulent transactions. Exceptions should be approved by the Assistant Controller or departmental head/manager on a case-by case basis. When issuing a credit/refund to a credit card, departments may need to obtain the full credit card number from the customer at the time the refund/credit is issued, as the full cardholder number may not be available or readily accessible. If the entire card number was not retained from the original transactions, the last four digits should be verified with the last four digits of the card used in the original transaction. Departmental refund policies should be clearly stated within the department, on the departmental website, and on the departmental upay/ustores site. Disputed Charges / Chargebacks Occasionally, the Bank of North Dakota will send a notification to the University of a disputed charge. A copy of this chargeback notification will be forwarded to the appropriate department by Student Account Services. The department is required to provide all requested information in response to the notification by the due date indicated. Failure to provide requested information in a timely manner will result in the department being charged for the transaction in question and will be unable to appeal the chargeback. Recording and Reconciling Credit Card Transactions Departments are required to reconcile credit card sales on a daily basis, prior to submitting the deposit for processing. All discrepancies should be resolved in a timely manner and prior to submitting the deposit for processing. Student Account Services will also provide the department with a monthly merchant statement for each card type accepted. Upon receipt of the statement, departments should review and reconcile to their credit card transactions. When submitting deposits to Student Account Services, the credit card deposit form should be submitted with: 1. Daily Totals Report - This includes the daily totals for MasterCard, VISA, Discover, and American Express. No credit card numbers are included. a. This report should be printed twice (one copy for Student Account Services and one copy is to be retained by the department) 2. Daily Settlement Report - This indicates the amount settled successfully. No credit card numbers are included. a. Departments should transmit and settle their batches daily. Retention Periods Documents supporting the credit card transaction must be retained by the department according to the University's Records Retention Schedule, the PCI-DSS, and this policy. Departments are considered to be the originating department and should securely retain the following documents for receipts processed with a Tender Type of Credit Card: 1. Merchant Copy of Sales Slip - Includes the customer signature, and should only include the last four digits of the credit card number. The PAN should be masked. Page 10 of 13

11 2. Daily Totals Report - Includes the daily totals for each card type (MasterCard, VISA, Discover, and American Express). No credit card numbers are included. 3. Daily Detail Report This is a listing of the daily credit card transactions, including authorization codes. The full credit card number should not be included on this report. If the full credit card number is included and retained, it must be stored in a secure, locked location with limited access. For those transactions processed within the individual departments, Student Account Services securely retains the following documents for receipts processed with a Tender Type of Credit Card: 1. Daily Totals Report - Includes the totals for each card type (MasterCard, VISA, Discover, and American Express). No credit card numbers are included. 2. Daily Settlement Report This indicates the amount settled successfully. No credit card numbers are included. For Touchnet Marketplace transactions (upay and ustores), departments should securely retain the following: 1. Merchant Revenue Report 2. upay Revenue Report All transaction documents, as stated above, must be secured by the department, in a locked cabinet/room with limited access. Network Scans Departments using networks or servers for credit cards transactions should have network scans by an approved vendor, according to PCI regulations. These scans may also be requested by the Bank of North Dakota on a periodic basis. All fees associated with the network scans are the responsibility of the individual department. Departments are responsible for retaining all documentation for quarterly scans and may be required to provide proof of required scans. PCI Self Assessment Questionnaire Departments are required to complete a PCI Self Assessment Survey on an annual basis, or as requested, and submit to the Assistant Controller by the established due date. Departments are required to submit a revised survey if there have been any changes since the last survey. Failure to provide a completed PCI Self Assessment Survey that meets all PCI standards may result in the revocation of the ability to accept electronic transactions (credit card or e-check). Page 11 of 13

12 Departmental Compliance Confirmation Form Departmental heads/managers are required to submit the Departmental Confirmation for Compliance with UND Policy 2.3 Form on an annual basis. This form confirms that all departmental employees responsible for electronic transactions (credit card or e-check have been adequately trained and are knowledgeable of UND policy 2.3 Accepting Credit Cards and Electronic Checks to Conduct University Business and all applicable regulations pertaining to these transactions. RESPONSIBILITIES Department Accepting Credit Cards for Goods or Services Request/obtain prior approval from Student Account Services to accept and/or process echeck and credit card transactions, to establish a Touchnet Marketplace upay or ustores site, or to contract with a third party vendor for electronic payment/credit card processing. Must be compliant with all PCI-DSS, VISA Operating regulations, as well as other card type regulations, NDUS, and UND policies and procedures, and all other laws and mandates. Submit a completed PCI Self Assessment Survey on an annual basis, or as requested, and submit to the Assistant Controller by the established due date. Departments are required to submit a revised survey if there have been any changes since the last survey. Submit a Departmental Confirmation for Compliance with UND Policy 2.3 Form on an annual basis. Must be in compliance with all PCI-DSS regarding credit card transactions, including PCI-DSS, PA-DSS, PTS, CISP, and SDP and other related regulations. Notify the Controller or Assistant Controller immediately if there is a suspicion that credit card records may have been compromised in any way. Follow UND Incident Response Policy and VISA s What To Do If Compromised procedures. Must provide training and applicable information to all employees that are associated with electronic processing, including credit card transactions to ensure that the department remains compliant with PCI-DSS, SBHE, NDUS, and UND policies and procedures, and all other laws and mandates. Should consider costs of merchant fees and network scans when determining rates for goods and services. Responsible for all merchant fees; responsible for all fees/penalties associated with non-compliance with PCI Standards or incidents of security or cardholder information being compromised. Must follow the established procedures for processing credit card deposits. Departments must not store any credit card information, including CVV codes or PIN numbers. This information should never be retained in a customer database or electronic spreadsheet. All CVV codes, PIN numbers, and other documents containing credit card information (except those listed in the Retention Periods section of this document) must be shredded immediately after the transaction has been processed. It is in violation with PCI Data Security Standards to store magnetic stripe (i.e., track) data, CAV2, CVC2, CID, or CVV2 data, or PIN data after transaction authorization on any systems. Reconcile and transmit credit card transactions on a daily basis. Retain required electronic payment information, including credit card documents in a secured location according to the University s Records Retention Schedule, PCI Data Security Standards, and this policy. Page 12 of 13

13 Student Account Services FORMS Do not request electronic payment information, including credit card information, via . When this information is received by the department via , departments are required to notify the sender to discontinue sending credit card information via , as it is not a secured location. This notification should be attached to the merchant copy of the transaction for credit card transactions. When disposing of credit card or electronic check information, all documents must be shredded according to the Records Retention Schedule and PCI Data Security Standards. Must adhere to the refund policy, as stated in this document. Refunds/credits should be only issued to the credit card used in the original transaction. Requests from customers to issue the refund/credit to an alternate card should be denied. Must adhere to the requirements for background checks, as stated in UND's Criminal History Background Check and PCI Standards. Must adhere to SBHE and UND's Identity Theft Prevention Program and UND's Identity Management Project. Grant authorization to departments to accept and process credit card or electronic check transactions, to establish a Touchnet Marketplace upay or ustores site, or to contract with a third party vendor for electronic payment/credit card processing. Assist in obtaining Bank of North Dakota approval for contracting with a third party vendor for credit card processing. Assist the department in developing procedures for daily reconciling of electronic payments (echecks and credit card transactions). Retain documents supporting credit card transactions, pursuant to the University s Records Retention Schedule, PCI Standards, and this policy. Process monthly charge to department for merchant fees, chargebacks, and any other related expenses, via journal entry/import. Deposit Form it%20form%20final% xls REVISION RECORD Policy Implementation (Interim) Extension Granted to Interim Policy Revision: Clarification, New Material Policy Implementation (Final) Page 13 of 13

POLICY SECTION 509: Electronic Financial Transaction Procedures

POLICY SECTION 509: Electronic Financial Transaction Procedures Page 1 POLICY SECTION 509: Electronic Financial Transaction Procedures Source: NDSU President NDSU VP for Finance and Administration NDSU VP for Information Technology A. Purpose / Rationale Many NDSU

More information

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL PAYMENT CARD INDUSTRY COMPLIANCE (PCI) Effective June 1, 2011 Page 1 of 6 (1) Definitions a. Payment Card Industry Data Security Standards (PCI-DSS): A set of standards established by the Payment Card

More information

Department PCI Self-Assessment Questionnaire Version 1.1

Department PCI Self-Assessment Questionnaire Version 1.1 Department PCI Self-Assessment Questionnaire Version 1.1 2009 Attestation of Compliance Instructions for Submission This Department PCI Self-Assessment Questionnaire has been developed as an assessment

More information

6-8065 Payment Card Industry Compliance

6-8065 Payment Card Industry Compliance 0 0 0 Yosemite Community College District Policies and Administrative Procedures No. -0 Policy -0 Payment Card Industry Compliance Yosemite Community College District will comply with the Payment Card

More information

SECTION 509: Payment Card and Electronic Funds Transfer (EFT) Procedures

SECTION 509: Payment Card and Electronic Funds Transfer (EFT) Procedures Page 1 SECTION 509: Payment Card and Electronic Funds Transfer (EFT) Procedures SOURCE: NDSU President NDSU VP for Finance and Administration NDSU VP for Information Technology It is the University s responsibility

More information

University Policy Accepting and Handling Payment Cards to Conduct University Business

University Policy Accepting and Handling Payment Cards to Conduct University Business BROWN UNIVERSITY University Policy Accepting and Handling Payment Cards to Conduct University Business Table of Contents Purpose... 2 Scope... 2 Authorization... 2 Establishing a new account... 2 Policy

More information

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS 1. Introduction Debit and Credit Card Receipt Standards apply to the administration

More information

Information Technology

Information Technology Credit Card Handling Security Standards Overview Information Technology This document is intended to provide guidance to merchants (colleges, departments, organizations or individuals) regarding the processing

More information

BUSINESS POLICY. TO: All Members of the University Community 2012:12. CREDIT CARD PROCESSING AND SECURITY POLICY (Supersedes Policy 2009:05)

BUSINESS POLICY. TO: All Members of the University Community 2012:12. CREDIT CARD PROCESSING AND SECURITY POLICY (Supersedes Policy 2009:05) BUSINESS POLICY TO: All Members of the University Community 2012:12 DATE: April 2012 CREDIT CARD PROCESSING AND SECURITY POLICY (Supersedes Policy 2009:05) Contents Section 1 Policy Statement... 2 Section

More information

Appendix 1 Payment Card Industry Data Security Standards Program

Appendix 1 Payment Card Industry Data Security Standards Program Appendix 1 Payment Card Industry Data Security Standards Program PCI security standards are technical and operational requirements set by the Payment Card Industry Security Standards Council to protect

More information

Credit Card Handling Security Standards

Credit Card Handling Security Standards Credit Card Handling Security Standards Overview This document is intended to provide guidance to merchants (colleges, departments, auxiliary organizations or individuals) regarding the processing of charges

More information

UTAH STATE UNIVERSITY POLICIES AND PROCEDURES MANUAL

UTAH STATE UNIVERSITY POLICIES AND PROCEDURES MANUAL UTAH STATE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Credit Card Handling and Acceptance Policy Policy Number: C3875 Effective Date: November 8, 2006 Issuing Authority: Office of VP Business and

More information

The University of Georgia Credit/Debit Card Processing Procedures

The University of Georgia Credit/Debit Card Processing Procedures The University of Georgia Credit/Debit Card Processing Procedures The University of Georgia currently accepts four major credit cards (MasterCard, Visa, Discover and American Express) for payment of services

More information

TERMINAL CONTROL MEASURES

TERMINAL CONTROL MEASURES UCR Cashiering & Payment Card Services TERMINAL CONTROL MEASURES Instructions: Upon completion, please sign and return to cashandmerchant@ucr.edu when requesting a stand-alone dial up terminal. The University

More information

POLICY NAME : MERCHANT (PCI) POLICY AND PROCEDURES ACCEPTING CREDIT/DEBIT CARD PAYMENTS

POLICY NAME : MERCHANT (PCI) POLICY AND PROCEDURES ACCEPTING CREDIT/DEBIT CARD PAYMENTS Publication Date 2009-08-11 Issued by: Financial Services Chief Information Officer Revision V 1.0 POLICY NAME : MERCHANT (PCI) POLICY AND PROCEDURES ACCEPTING CREDIT/DEBIT CARD PAYMENTS Overview: There

More information

PCI Policies 2011. Appalachian State University

PCI Policies 2011. Appalachian State University PCI Policies 2011 Appalachian State University Table of Contents Section 1: State and Contractual Requirements Governing Campus Credit Cards A. Cash Collection Point Approval for Departments B. State Requirements

More information

Saint Louis University Merchant Card Processing Policy & Procedures

Saint Louis University Merchant Card Processing Policy & Procedures Saint Louis University Merchant Card Processing Policy & Procedures Overview: Policies and procedures for processing credit card transactions and properly storing credit card data physically and electronically.

More information

This policy applies to all GPC units that process, transmit, or handle cardholder information in a physical or electronic format.

This policy applies to all GPC units that process, transmit, or handle cardholder information in a physical or electronic format. Policy Number: 339 Policy Title: Credit Card Processing Policy, Procedure, & Standards Review Date: 07-23-15 Approval Date: 07-27-15 POLICY: All individuals involved in handling credit and debit card transactions

More information

2.0 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI-DSS)

2.0 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI-DSS) CSU, Chico Credit Card Handling Security Standard Effective Date: July 28, 2015 1.0 INTRODUCTION This standard provides guidance to ensure that credit card acceptance and ecommerce processes comply with

More information

. Merchant Accounts are special bank accounts issued by a merchant. . Merchant Level: This classification is based on transaction volume.

. Merchant Accounts are special bank accounts issued by a merchant. . Merchant Level: This classification is based on transaction volume. Credit Card Procedures and Policies Texas A&M Health Science Center offers university departments the convenience of accepting credit cards in payment for goods and services provided. All University departments

More information

SAN DIEGO STATE UNIVERSITY RESEARCH FOUNDATION CREDIT CARD PROCESSING & SECURITY POLICY MERCHANT SERVICES POLICIES & PROCEDURES

SAN DIEGO STATE UNIVERSITY RESEARCH FOUNDATION CREDIT CARD PROCESSING & SECURITY POLICY MERCHANT SERVICES POLICIES & PROCEDURES SAN DIEGO STATE UNIVERSITY RESEARCH FOUNDATION CREDIT CARD PROCESSING & SECURITY POLICY MERCHANT SERVICES POLICIES & PROCEDURES POLICY STATEMENT Introduction Some San Diego State University Research Foundation

More information

CREDIT CARD PROCESSING POLICY AND PROCEDURES

CREDIT CARD PROCESSING POLICY AND PROCEDURES CREDIT CARD PROCESSING POLICY AND PROCEDURES Note: For purposes of this document, debit cards are treated the same as credit cards. Any reference to credit cards includes credit and debit card transactions.

More information

UW Platteville Credit Card Handling Policy

UW Platteville Credit Card Handling Policy UW Platteville Credit Card Handling Policy Issued: December 2011 Revision History: November 7, 2013; July 11, 2014; November 1, 2014; August 24, 2015 Overview: In order for UW Platteville to accept credit

More information

Dartmouth College Merchant Credit Card Policy for Managers and Supervisors

Dartmouth College Merchant Credit Card Policy for Managers and Supervisors Dartmouth College Merchant Credit Card Policy for Managers and Supervisors Mission Statement Dartmouth College requires all departments that process, store or transmit credit card data remain in compliance

More information

688 Sherbrooke Street West, Room 730 James Administration Building, Room 524

688 Sherbrooke Street West, Room 730 James Administration Building, Room 524 'McGill Sylvia Franke, LL.B., B.Sc. Albert Caponi, C.A. Chief Information Officer Assistant Vice-Principal (Financial Services) 688 Sherbrooke Street West, Room 730 James Administration Building, Room

More information

Credit Card Processing and Security Policy

Credit Card Processing and Security Policy Credit Card Processing and Security Policy Policy Number: Reserved for future use Responsible Official: Vice President of Administration and Finance Responsible Office: Student Account Services Effective

More information

CREDIT CARD MERCHANT POLICY. All campuses served by Louisiana State University (LSU) Office of Accounting Services

CREDIT CARD MERCHANT POLICY. All campuses served by Louisiana State University (LSU) Office of Accounting Services Louisiana State University Finance and Administrative Services Operating Procedure FASOP: AS-22 CREDIT CARD MERCHANT POLICY Scope: All campuses served by Louisiana State University (LSU) Office of Accounting

More information

http://www4.uwm.edu/bfs/depts/acct/creditcardacceptance/credit-card-acceptance.cfm

http://www4.uwm.edu/bfs/depts/acct/creditcardacceptance/credit-card-acceptance.cfm Section: Accounting Revised Date: 05/31/2011 Procedure: 2.2.23 Credit Card Acceptance Home Page http://www4.uwm.edu/bfs/depts/acct/creditcardacceptance/credit-card-acceptance.cfm Operating Principles:

More information

University Policy Accepting Credit Cards to Conduct University Business

University Policy Accepting Credit Cards to Conduct University Business BROWN UNIVERSITY University Policy Accepting Credit Cards to Conduct University Business Purpose Brown University requires all departments that are involved with credit card handling to do so in compliance

More information

Merchant Card Processing Best Practices

Merchant Card Processing Best Practices Merchant Card Processing Best Practices Background: The major credit card companies (VISA, MasterCard, Discover, and American Express) have published a uniform set of data security standards that ALL merchants

More information

New York University University Policies

New York University University Policies New York University University Policies Title: Payment Card Industry Data Security Standard Policy Effective Date: April 11, 2012 Supersedes: N/A Issuing Authority: Executive Vice President for Finance

More information

TEXAS TECH UNIVERSITY HEALTH SCIENCES CENTER EL PASO

TEXAS TECH UNIVERSITY HEALTH SCIENCES CENTER EL PASO TEXAS TECH UNIVERSITY HEALTH SCIENCES CENTER EL PASO Operating Policy and Procedure HSCEP OP: PURPOSE: REVIEW: 50.37, Payment Card Processing by TTUHSC El Paso Departments The purpose of this Texas Tech

More information

Viterbo University Credit Card Processing & Data Security Procedures and Policy

Viterbo University Credit Card Processing & Data Security Procedures and Policy The requirements for PCI-DSS compliance are quite numerous and at times extremely complicated due to their interdependent nature and scope. The University has deemed it necessary for those areas currently

More information

A8.700 TREASURY. This directive applies to all campuses of the University of Hawai i.

A8.700 TREASURY. This directive applies to all campuses of the University of Hawai i. Prepared by Treasury Office. This amends A8.710 dated July 2001. A8.710 April 2005 A8.700 TREASURY P 1 of 5 A8.710 Credit Card Program 1. Purpose To provide uniform procedures for the processing of credit

More information

PCI General Policy. Effective Date: August 2008. Approval: December 17, 2015. Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS:

PCI General Policy. Effective Date: August 2008. Approval: December 17, 2015. Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS: Effective Date: August 2008 Approval: December 17, 2015 PCI General Policy Maintenance of Policy: Office of Student Accounts PURPOSE: To protect against the exposure and possible theft of account and personal

More information

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY PURPOSE The Payment Card Industry Data Security Standard was established by the credit card industry in response to an increase in identify theft

More information

Payment Card Industry Data Security Standards

Payment Card Industry Data Security Standards Payment Card Industry Data Security Standards PCI DSS Rhonda Chorney Manager, Revenue Capital & General Accounting Today s Agenda 1. What is PCI DSS? 2. Where are we today? 3. Why is compliance so important?

More information

INFORMATION SECURITY POLICY. Policy for Credit Card Acceptance to Conduct College Business

INFORMATION SECURITY POLICY. Policy for Credit Card Acceptance to Conduct College Business DELAWARE COLLEGE OF ART AND DESIGN 600 N MARKET ST WILMINGTON DELAWARE 19801 302.622.8000 INFORMATION SECURITY POLICY including Policy for Credit Card Acceptance to Conduct College Business stuff\policies\security_information_policy_with_credit_card_acceptance.doc

More information

Accepting Payment Cards and ecommerce Payments

Accepting Payment Cards and ecommerce Payments Policy V. 4.1.1 Responsible Official: Vice President for Finance and Treasurer Effective Date: September 29, 2010 Accepting Payment Cards and ecommerce Payments Policy Statement The University of Vermont

More information

Credit and Debit Card Handling Policy Updated October 1, 2014

Credit and Debit Card Handling Policy Updated October 1, 2014 Credit and Debit Card Handling Policy Updated October 1, 2014 City of Parkville 8880 Clark Ave. Parkville, MO 64152 Hours: 8:00-5:00 p.m. Monday -Friday Phone Number 816-741-7676 Email: cityhall@parkvillemo.gov

More information

ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS:

ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS: Boston College Policy ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS: PURPOSE OF POLICY: The purpose of this policy is to establish procedures for accepting payment cards at Boston College

More information

McGill Merchant Manual

McGill Merchant Manual McGill Merchant Manual The McGill Merchant Manual is a complementary document to the Merchant (PCI) Policy and Procedures and serves to aid Merchants in ensuring their operations comply with Payment Card

More information

EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )

EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy ) EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy ) Background Due to increased threat of identity theft, fraudulent credit card activity and other instances where cardholder

More information

Payment Cardholder Data Handling Procedures (required to accept any credit card payments)

Payment Cardholder Data Handling Procedures (required to accept any credit card payments) Payment Cardholder Data Handling Procedures (required to accept any credit card payments) Introduction: The Procedures that follow will allow the University to be in compliance with the Payment Card Industry

More information

ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS:

ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS: Boston College Policy ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS: PURPOSE OF POLICY: The purpose of this policy is to establish procedures for accepting payment cards at Boston College

More information

UNL PAYMENT CARD POLICY AND PROCEDURES. Table of Contents

UNL PAYMENT CARD POLICY AND PROCEDURES. Table of Contents UNL PAYMENT CARD POLICY AND PROCEDURES Table of Contents Payment Card Merchant Security Standards Policy and Procedures... 2 Introduction... 4 Payment Card Industry Data Security Standard... 4 Definitions...

More information

Dartmouth College Merchant Credit Card Policy for Processors

Dartmouth College Merchant Credit Card Policy for Processors Mission Statement Dartmouth College Merchant Credit Card Policy for Processors Dartmouth College requires all departments that process, store or transmit credit card data remain in compliance with the

More information

Policies and Procedures. Merchant Card Services Office of Treasury Operations

Policies and Procedures. Merchant Card Services Office of Treasury Operations Policies and Procedures Merchant Card Services Office of Treasury Operations 1 Welcome! Table of Contents: Introduction Establishing Payment Card Services Payment Card Acceptance Procedures Payment Card

More information

SECTION: SUBJECT: PCI-DSS General Guidelines and Procedures

SECTION: SUBJECT: PCI-DSS General Guidelines and Procedures 1. Introduction 1.1. Purpose and Background 1.2. Central Coordinator Contact 1.3. Payment Card Industry Data Security Standards (PCI-DSS) High Level Overview 2. PCI-DSS Guidelines - Division of Responsibilities

More information

Policy Title: Payment Cards Policy Effective Date: 5/5/2010. Policy Number: FA-PO-1214 Date of Last Revision: 11/5/2014

Policy Title: Payment Cards Policy Effective Date: 5/5/2010. Policy Number: FA-PO-1214 Date of Last Revision: 11/5/2014 Policy Title: Effective Date: 5/5/2010 Policy Number: FA-PO-1214 Date of Last Revision: 11/5/2014 Oversight Department: Financial Services Next Review Date: 10/1/2016 1. PURPOSE The for Radford University

More information

UGA Cooperative Extension Service Credit Card Machine Policy

UGA Cooperative Extension Service Credit Card Machine Policy UGA Cooperative Extension Service Credit Card Machine Policy PCI compliance requires that each office have their own set of policies and procedures for handling credit cards. College wide policies reflect

More information

CREDIT CARD POLICY DRAFT

CREDIT CARD POLICY DRAFT APPROVED BY Ronald J. Paprocki I. Policy Statement Any office of the University that processes credit card transactions may do so only in the manner approved by the University Treasury Office and in compliance

More information

EASTERN OKLAHOMA STATE COLLEGE ACCEPTING AND HANDLING CREDIT AND DEBIT CARD PAYMENTS POLICIES AND PROCEDURES

EASTERN OKLAHOMA STATE COLLEGE ACCEPTING AND HANDLING CREDIT AND DEBIT CARD PAYMENTS POLICIES AND PROCEDURES EASTERN OKLAHOMA STATE COLLEGE ACCEPTING AND HANDLING CREDIT AND DEBIT CARD PAYMENTS POLICIES AND PROCEDURES This document describes Eastern Oklahoma State College s policy and procedures for the proper

More information

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 What is the PCI DSS? And what do the acronyms CISP, SDP, DSOP and DISC stand for? The PCI DSS is a set of comprehensive requirements

More information

WASHINGTON STATE UNIVERSITY MERCHANT ACCOUNT AGREEMENT FOR UNIVERSITY DEPARTMENTS

WASHINGTON STATE UNIVERSITY MERCHANT ACCOUNT AGREEMENT FOR UNIVERSITY DEPARTMENTS WASHINGTON STATE UNIVERSITY MERCHANT ACCOUNT AGREEMENT FOR UNIVERSITY DEPARTMENTS I. Introduction, Background and Purpose This Merchant Account Agreement (the Merchant Agreement or Agreement ) is entered

More information

CREDIT CARD SECURITY POLICY PCI DSS 2.0

CREDIT CARD SECURITY POLICY PCI DSS 2.0 Responsible University Official: University Compliance Officer Responsible Office: Business Office Reviewed Date: 10/29/2012 CREDIT CARD SECURITY POLICY PCI DSS 2.0 Introduction and Scope Introduction

More information

CREDIT CARD PROCESSING & SECURITY POLICY

CREDIT CARD PROCESSING & SECURITY POLICY FINANCE AND TREASURY POLICIES AND PROCEDURES E071 CREDIT CARD PROCESSING & SECURITY POLICY PURPOSE The purpose of this policy is to establish guidelines for processing charges/credits on Credit Cards to

More information

CREDIT CARD NUMBER HANDLING PROCEDURES POLICY. 2014 October

CREDIT CARD NUMBER HANDLING PROCEDURES POLICY. 2014 October CREDIT CARD NUMBER HANDLING PROCEDURES POLICY 2014 October Royal Roads University Page 1 of 6 21 October 2014 Table of Contents Policy Statement... 3 Rationale... 3 Applicability of the Policy... 3 Definitions...

More information

Ball State University Credit/Debit Card Handling Policy and Procedures

Ball State University Credit/Debit Card Handling Policy and Procedures Ball State University Credit/Debit Card Handling Policy and Procedures I. Background Ball State University accepts payments in various forms including cash, checks and electronic fund transfers. University

More information

WISCONSIN ACCOUNTING MANUAL Department of Administration State Controller s Office

WISCONSIN ACCOUNTING MANUAL Department of Administration State Controller s Office BACKGROUND State of Wisconsin agencies accepted more than 6 million credit/debit card payments annually through the following payment channels: Point of Sale (State agency location) Point of Sale (Retail-agent

More information

Office of Finance and Treasury

Office of Finance and Treasury Office of Finance and Treasury How to Accept & Process Credit and Debit Card Transactions Procedure Related Policy Title Credit Card Processing Policy For University Merchant Locations Responsible Executive

More information

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect

More information

UCSD Credit Card Processing Policy & Procedure

UCSD Credit Card Processing Policy & Procedure UCSD Credit Card Processing Policy & Procedure The Payment Process UCSD accepts Visa, MasterCard, American Express and Discover credit cards. We perform credit transactions only, no debit sales with cash

More information

Failure to follow the following procedures may subject the state to significant losses, including:

Failure to follow the following procedures may subject the state to significant losses, including: SUBJECT: Policy and Procedures PAGE: 1 of 5 INTRODUCTION During fiscal year 2014, State of Wisconsin agencies accepted approximately 6 million credit/debit card payments through the following payment channels:

More information

POLICY & PROCEDURE DOCUMENT NUMBER: 3.3101. DIVISION: Finance & Administration. TITLE: Policy & Procedures for Credit Card Merchants

POLICY & PROCEDURE DOCUMENT NUMBER: 3.3101. DIVISION: Finance & Administration. TITLE: Policy & Procedures for Credit Card Merchants POLICY & PROCEDURE DOCUMENT NUMBER: 3.3101 DIVISION: Finance & Administration TITLE: Policy & Procedures for Credit Card Merchants DATE: October 24, 2011 Authorized by: K. Ann Mead, VP for Finance & Administration

More information

University of Dayton Credit / Debit Card Acceptance Policy September 1, 2009

University of Dayton Credit / Debit Card Acceptance Policy September 1, 2009 University of Dayton Credit / Debit Card Acceptance Policy September 1, 2009 Effective Date of this Policy: August 1, 2008 Last Revision: September 1, 2009 Contact for More Information: UDit Internal Auditor

More information

E-Market Policy Accepting Online Payment for Conducting University Business

E-Market Policy Accepting Online Payment for Conducting University Business Accepting Online Payment for Conducting University Business Responsible Office: Bursar s Office Contact: bursar@hartford.edu Effective Date: July 1, 2011 Last Revised: June 20, 2011 Last Reviewed: June

More information

Standards for Business Processes, Paper and Electronic Processing

Standards for Business Processes, Paper and Electronic Processing Payment Card Acceptance Information and Procedure Guide (for publication on the Treasury Webpages) A companion guide to University policy 6120, Payment Card Acceptance Standards for Business Processes,

More information

Liverpool Hope University. PCI DSS Policy

Liverpool Hope University. PCI DSS Policy Liverpool Hope University PCI DSS Policy Document Control Date Revision/Amendment Details & Reason Author 26 th March 2015 Updates G. Donelan 23 rd June 2015 Audit Committee 7 th July 2015 University Council

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire D Service Providers For use with PCI DSS Version 3.1 Revision 1.1 July 2015 Section 1: Assessment

More information

3. Internet Credit Card Processing System generates a daily batch release report 4. Reporting Deposits to the University Depository

3. Internet Credit Card Processing System generates a daily batch release report 4. Reporting Deposits to the University Depository Internal Credit/Debit Card Processing Policies and Procedures for University of Tennessee Merchants Merchant: DBA Effective: Date Reviewed: Date Revised: Date 1. General Statement 2. Point-of-Sale Processing

More information

05.118 Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013

05.118 Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013 05.118 Credit Card Acceptance Policy Authority: Vice Chancellor of Business Affairs History: Effective July 1, 2011 Updated February 2013 Source of Authority: Office of State Controller (OSC); Office of

More information

The following are responsible for the accuracy of the information contained in this document:

The following are responsible for the accuracy of the information contained in this document: AskUGA 1 of 5 Credit/Debit Cards Responsible administrator: Senior Vice President for Finance and Administration Related Procedure: The Credit/Debit Card Processing Procedures Responsible department: Bursar's

More information

University of Maine System ADMINISTRATIVE PRACTICE LETTER

University of Maine System ADMINISTRATIVE PRACTICE LETTER Page 1 of 21 INDEX I. PURPOSE II. APPLICABILITY III. AUTHORITY AND RESPONSIBILITIES A. Card Processing Authority within the University of Maine System B. Credit Card Coordinator Responsibilities C. Merchant

More information

Vanderbilt University

Vanderbilt University Vanderbilt University Payment Card Processing and PCI Compliance Policy and Procedures Manual PCI Compliance Office Information Technology Treasury VUMC Finance Table of Contents Policy... 2 I. Purpose...

More information

b. USNH requires that all campus organizations and departments collecting credit card receipts:

b. USNH requires that all campus organizations and departments collecting credit card receipts: USNH Payment Card Industry Data Security Standard (PCI DSS) Version 3 Administration and Department Policy Draft Revision 3/12/2013 1. Purpose. The purpose of this policy is to assist the University System

More information

CENTRAL WASHINGTON UNIVERSITY 3-50-125 PAYMENT CARD SECURITY PROCEDURES

CENTRAL WASHINGTON UNIVERSITY 3-50-125 PAYMENT CARD SECURITY PROCEDURES CENTRAL WASHINGTON UNIVERSITY 3-50-125 PAYMENT CARD SECURITY PROCEDURES As of June 30, 2005, VISA and Master Card Payment Card Industry Security Standards require all entities which handle or store credit

More information

Payment Card Acceptance Administrative Policy

Payment Card Acceptance Administrative Policy Administrative Procedure Approved By: Brandon Gilliland, Associate Vice President for Finance & Controller Effective Date: October 1, 2014 History: Approval Date: September 25, 2014 Revisions: Type: Administrative

More information

CAL POLY POMONA FOUNDATION. Policy for Accepting Payment (Credit) Card and Ecommerce Payments

CAL POLY POMONA FOUNDATION. Policy for Accepting Payment (Credit) Card and Ecommerce Payments CAL POLY POMONA FOUNDATION Policy for Accepting Payment (Credit) Card and Ecommerce Payments 1 PURPOSE The purpose of this policy is to establish business processes and procedures for accepting payment

More information

Payment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0

Payment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0 Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire C-VT Version 2.0 October 2010 Attestation of Compliance, SAQ C-VT Instructions for Submission

More information

UNIVERSITY CONTROLLER S OFFICE

UNIVERSITY CONTROLLER S OFFICE UNIVERSITY CONTROLLER S OFFICE Payment Card Industry (PCI) Security Standards Training Guide (updated for 3.1 requirements) February 2016 Disclaimer: The information in this guide is current as of the

More information

Accounting and Administrative Manual Section 100: Accounting and Finance

Accounting and Administrative Manual Section 100: Accounting and Finance No.: C-13 Page: 1 of 6 POLICY: It is the policy of the University of Alaska that all payment card transactions are to be executed in compliance with standards established by the Payment Card Industry Security

More information

4/13/2016. Cash Handling & Deposits Informational Session Presented by Wendall Ho. Contact Information. Staff. Financial Management Office

4/13/2016. Cash Handling & Deposits Informational Session Presented by Wendall Ho. Contact Information. Staff. Financial Management Office Financial Management Office Cash Handling & Deposits Informational Session Presented by Wendall Ho Contact Information Treasury Office 2444 Dole St., Bachman Annex 13 Honolulu, HI 96822 Phone: 956 8527,

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Imprint Machines or Stand-alone Dial-out Terminals Only, no Electronic Cardholder Data Storage

More information

Credit/Debit Card Processing Policy

Credit/Debit Card Processing Policy NUMBER: BUSF 4.11 SECTION: Business and Finance SUBJECT: Credit/Debit Card Processing Policy DATE: November 1, 2006 Policy for: All Campuses Procedures for: All Campuses Authorized by: Rick Kelly Issued

More information

University of Virginia Credit Card Requirements

University of Virginia Credit Card Requirements University of Virginia Credit Card Requirements The University of Virginia recognizes that e-commerce is critical for the efficient operation of the University, and in particular for collecting revenue.

More information

PCI Training for Retail Jamboree Staff Volunteers. Securing Cardholder Data

PCI Training for Retail Jamboree Staff Volunteers. Securing Cardholder Data PCI Training for Retail Jamboree Staff Volunteers Securing Cardholder Data Securing Cardholder Data Introduction This PowerPoint presentation is designed to educate Retail Jamboree Staff volunteers on

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Imprint Machines or Stand-alone Dial-out Terminals Only, no Electronic Cardholder Data Storage

More information

FAQ s for Payment Card Processing at the University

FAQ s for Payment Card Processing at the University FAQ s for Payment Card Processing at the University 1) We are thinking about taking credit cards for payments. What do we need to know? 2) Who is the PCPC (Payment Card Process Coordinator)? 3) What is

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Standard Attestation of Compliance for Self-Assessment Questionnaire D Service Providers Version 3.1 April 2015 Section 1: Assessment Information Instructions for Submission

More information

Payment Card Industry Data Security Standards Compliance

Payment Card Industry Data Security Standards Compliance Payment Card Industry Data Security Standards Compliance Please turn off, or to vibrate, all cell-phones/electronics Expected course length: 1 Hour Questions are welcomed. Who Created It? & What Is It?

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Merchants with Only Imprint Machines or Only Standalone, Dial-out Terminals Electronic Cardholder

More information

Attestation of Compliance for Onsite Assessments Service Providers

Attestation of Compliance for Onsite Assessments Service Providers Attestation of Compliance Service Providers Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 2.0 October 2010 Instructions for

More information

Emory University & Emory Healthcare

Emory University & Emory Healthcare Emory University & Emory Healthcare Payment Card Processing and Compliance Policy and Procedures Manual Office of Cash and Debt Management Mailstop 1599-001-1AE 1599 Clifton Road, 3 rd Floor Atlanta, GA

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced Version 3.0 February

More information

Payment Card Industry (PCI) Policy Manual. Network and Computer Services

Payment Card Industry (PCI) Policy Manual. Network and Computer Services Payment Card Industry (PCI) Policy Manual Network and Computer Services Forward This policy manual outlines acceptable use Black Hills State University (BHSU) or University herein, Information Technology

More information