Merchant Card Processing Request Form



Similar documents
Merchant Card Processing Procedures

IT TECHNICAL SECURITY REVIEW CHECKLISTS FOR E-COMMERCE WEBSITES

Office of Finance and Treasury

Procedures: The University Controller s Office is responsible for administering the process for

Standards for Business Processes, Paper and Electronic Processing

Understanding Payment Card Industry (PCI) Data Security

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

POLICY SECTION 509: Electronic Financial Transaction Procedures

CREDIT CARD MERCHANT POLICY. All campuses served by Louisiana State University (LSU) Office of Accounting Services

UCSB Credit Card Processing and PCI Compliance

RFP#15-20 EXHIBIT E MERCHANT SERVICES INFORMATION SHEET

SECTION 509: Payment Card and Electronic Funds Transfer (EFT) Procedures

Payment Card Industry (PCI) Data Security Standard

Benefits of Integrated Credit Card Processing Within Microsoft Dynamics GP. White Paper

Why Is Compliance with PCI DSS Important?

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

PCI COMPLIANCE FOR HIGHER EDUCATION BEST PRACTICES CHECKLIST. Presented By: The Treasury Institute for Higher Education.

Accepting Payment Cards and ecommerce Payments

Annual Trustwave PCI Self Assessment Questionnaire (SAQ) Educational Presentation. Understanding the Merchants Responsibilities for PCI Compliance

Self Assessment Questionnaire A Short course for online merchants

FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program

FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program

How To Protect Your Business From A Hacker Attack

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

2.0 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI-DSS)

Attestation of Compliance, SAQ A

PROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN

Policies and Procedures. Merchant Card Services Office of Treasury Operations

Trustkeeper PCI Compliance Guide for Merchants

Appendix 1 Payment Card Industry Data Security Standards Program

CITY OF SAN DIEGO ADMINISTRATIVE REGULATION Number PAYMENT CARD INDUSTRY (PCI) COMPLIANCE POLICY. Page 1 of 9.

PCI DSS Compliance What Texas BUC$ Need to Know! Ron King CampusGuard

POLICY & PROCEDURE DOCUMENT NUMBER: DIVISION: Finance & Administration. TITLE: Policy & Procedures for Credit Card Merchants

* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.

University of Oregon Policy Statement Development Form

Spokane Airport Board (Spokane International Airport, Airport Business Park, Felts Field) Addendum #1 - Q&A

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

University Policy Accepting Credit Cards to Conduct University Business

SECTION: SUBJECT: PCI-DSS General Guidelines and Procedures

Simplêfy Client Support and Information Services. PCI Compliance Guidebook

How To Ensure Account Information Security

Requirements & Potential Costs for SAQ D

Merchant guide to PCI DSS

Property of CampusGuard. Compliance With The PCI DSS

Payment Card Industry Data Security Standards Compliance

COLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6

Q: What is PCI? Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)? Q: What are the PCI compliance deadlines?

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW

CREDIT CARD MERCHANT PROCEDURES MANUAL. Effective Date: 5/25/2011

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

Protecting Your Customers' Card Data. Presented By: Oliver Pinson-Roxburgh

PCI Compliance. How to Meet Payment Card Industry Compliance Standards. May cliftonlarsonallen.com CliftonLarsonAllen LLP

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.1)

SAN DIEGO STATE UNIVERSITY RESEARCH FOUNDATION CREDIT CARD PROCESSING & SECURITY POLICY MERCHANT SERVICES POLICIES & PROCEDURES

PCI DSS Presentation University of Cincinnati

COLLEGE POLICY ON CREDIT/DEBIT CARD PAYMENT PROCESSING

CREDIT CARD PROCESSING POLICY AND PROCEDURES

UW Platteville Credit Card Handling Policy

Payment Card Industry Data Security Standards.

CREDIT CARD MERCHANT PROCEDURES. Revised 01/21/2014 Prepared by: NIU Merchant Services

Saint Louis University Merchant Card Processing Policy & Procedures

CAL POLY POMONA FOUNDATION. Policy for Accepting Payment (Credit) Card and Ecommerce Payments

Clark University's PCI Compliance Policy

PCI Compliance at The University of South Carolina. Failure is not an option. Rick Lambert PMP University of South Carolina

It is important to note, the payment brands and acquirers are responsible for enforcing compliance, not the PCI council.

Third Party Agent Registration and PCI DSS Compliance Validation Guide

Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013

Credit Card Processing Overview

University of Virginia Credit Card Requirements

Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance

Dartmouth College Merchant Credit Card Policy for Managers and Supervisors

UCSB Credit Card Merchant Handbook

Payment Card Industry Compliance

A8.700 TREASURY. This directive applies to all campuses of the University of Hawai i.

Cash, Petty Cash, Change Funds, and Credit Cards

PCI DSS 3.0 Overview. OSU Business Affairs Business Affairs PIT Crew - Project, Improvement, & Technology Robin Whitlock

. Merchant Accounts are special bank accounts issued by a merchant. . Merchant Level: This classification is based on transaction volume.

UTAH STATE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Transcription:

Merchant Card Processing Request Form This form must be filled out and approved before accepting credit card payments at any new location or via any website. of Application: Type of Request: e-commerce Terminal 1. Bldg/ Street Phone # City Fax # Zip Mail 2. Business Contact Phone # email 3. Account Number to charge for monthly rental and discount fees Fund Project Activity Account (Usually 78680) 4. information (if different than above): Bldg/ Street Phone # City Fax # Zip Mail 5. A location name must begin with with NU <space> and be followed by no more than 20 additional characters, including spaces, for a maximum 23 characters total. The location name will print as the description on the customer credit card statement. Choose a name that your customer will recognize. Example location name: NU Store Requested location name: NU 6. Attach documentation signed by the Director of the and the Business of the school: Project description: business purpose, services and products being sold, project plan including timeline Estimated annual transaction volume and average dollar amount per transaction e-commerce Application Addendum (for e-commerce requests only) Procedures for collecting, recording, and reconciling sales and refunds (including cash, checks, and charges). Include specific staff and/or positions responsible for process steps ensuring duty segregation, and independent review and reconciliation of transaction data. In signing, the authorizing parties confirm that: All impacted personnel have read the NU Merchant Card Processing Policy and agree to adhere to it. The department agrees to participate in the Treasury Operations administered PCI compliance programming including completing annual questionnaires and attending security training and informational meetings. Requested by: Printed Title Signature Director or Dean Approval: Printed Title Signature Please return to the Treasury OPS e-commerce, 619 Clark St., Evanston Campus MC 1130 MERCHANTS CANNOT ACCEPT CHARGES UNTIL THEY HAVE APPROVAL FROM TREASURY OPS E-COMMERCE DEPT.

e-commerce Application Addendum This form must be attached to the Merchant Card Processing Request Form. The following additional information must be provided when requesting to process credit cards via a web site. A. Proposed URL: B. Technical Contact (Usually differs from the Business Contact on the main application form) Phone # email C. Select type of e-commerce system proposed Application Service Provider (The system is hosted and maintained entirely by an offsite provider) Provider name: -hosted, purchased application software, payment processing outsourced of software vendor: of software application: of payment processor (i.e. Payflow Link): -hosted, custom application software, Payflow Link for payment processing Describe: Other, describe: D. Are all vendors, service providers, and hosts certified PCI compliant? (Attach explanation on back or separate sheet) E. Are all vendors and service providers PA-DSS compliant and/or is the system on the PABP list? (Attach explanation on back or separate sheet) F. Do all contracts contain security acknowledgements pursuant to PCI DSS requirement 12.8? (Attach explanation on back or separate sheet) G. Will department personnel view or enter cardholder data (i.e. entering purchases on behalf of customers, processing refunds based on card number, or generating reports that include card numbers)? If yes, have these employees had background checks performed by Human Resources? H. Will cardholder data be stored, processed or transmitted on equipment connected to the NU network? I. Attach additional technical documentation: Software vendor and/or hosting provider contract(s) Network diagram depicting all on-campus computing assets that will be connected to the proposed system Appropriate PCI SAQ (Self-Assessment Questionnaire) downloaded from http://www.northwestern.edu/controller/treasury-operations/e-commerce-operations/index.html SAQ Form SAQ A SAQ B SAQ C SAQ D Please return to the Treasury OPS e-commerce, 619 Clark St., Evanston Campus MC 1130 MERCHANTS CANNOT ACCEPT CHARGES UNTIL THEY HAVE APPROVAL FROM TREASURY OPS E-COMMERCE DEPT.

Merchant Card Request Administrative Record For Treasury Operations and e-commerce Operations Office Use Only LOCATION NAME DATE REGISTERED PAYPAL ID FDMS MERCHANT # LOCATION CODE AMEX MERCHANT # CARD PROCESSING TYPE e-commerce Terminal Other PCI QUESTIONAIRE TYPE SAQ A SAQ B SAQ C SAQ D PCI SCAN REQUIRED For e-commerce requests only: NUIT has reviewed the department s security policies, contracts, and e-commerce system environment and approves of the security measures in place. David Kovarik, Director Info & Systems Security/Compliance Nancy Pinchar Assistant Controller Richard Emrich Asst. Treasurer Martin Soler e-commerce Program

Merchant Onboarding Checklist Prior to the first card swipe or online transaction, the following must be completed: Requirement Provide names and email addresses of all staff of the credit card operation (use the table on the following page) Add new merchant to TrustKeeper Portal and send notification to Complete enrollment questionnaire on TrustKeeper Portal Complete initial Self-Assessment Questionnaire on TrustKeeper Portal If applicable for e-commerce merchants, setup TrustKeeper and/or NUIT Vulnerability scan schedule Mandatory review of PCI-DSS Security Awareness training document Mandatory review of PCI Security Policy Responsible Party e-commerce Supervisor or e-commerce Analyst IT Staff with e- Commerce or NUIT Personnel All Staff from list below All Staff from list below Completed

Merchant Onboarding Checklist - Continued In the table below, please list the names and email addresses of all departmental staff that will be part of the new merchant card operation. The list should include all staff that will be involved in the credit card operation regardless of status. Each staff member is required to: 1. Participate in an annual PCI-DSS Security Awareness Training 2. Review the PCI Security Policy 3. Attest after completing both items above using the instructions provided in item 1 Email Address Title/Role or Function

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information