Skip to main content

Any university area that wants to accept credit card or debit card payments for good/services rendered must be receive Administration, Finance and Merchant Services Manager approval.

If a department is considering using any method other than the recommended payment gateway to process credit and debit card transactions, the systems must be verified for appropriate technical controls in accordance with the Payment Card Industry (PCI) Security Standard prior to receiving final approval for electronic credit card processing from the Merchant Services Manager or the Director of Student Account Services.

The Merchant Services Manager will coordinate the appropriate reviews and provide a report to the Director of Student Account Services for final authorization.  Any noncompliant issues will be reported immediately to both Internal Audit and the Vice President of Administration and Finance.

Here's what to do

The Merchant Services Manager will work in conjunction with the Information Technology Infrastructure team to review at a minimum, the following technical controls:

  • Cardholder data is protected by a secure network that includes a firewall configured in accordance with the PCI Data Security Standard.

  • Encryption techniques are used to transmit data over public networks, in accordance with the PCI Data Security Standard.

  • On-site departmental review of how/where data will be stored.