|Title:||Opening a Merchant Account for Credit Card Acceptance|
|Policy Owner:||Office of the Bursar|
|Applies to:||Faculty and Staff|
|Campus Applicability:||Storrs and Regional Campuses|
|Effective Date:||August 19, 2014|
|For More Information, Contact||Office of the Bursar|
|Contact Information:||(860) 486-4830|
REASON FOR POLICY:
The purpose of this policy is to ensure University compliance with the Payment Card Industry Standards which can be found at www.pcisecuritystandards.org. Credit card transactions are monetary transactions and therefore are subject to the same control and reconciliation policies as cash transactions. No department may open a merchant account to accept credit card transactions without the approval of the Controller and Bursar.
This policy applies to any department seeking to accommodate customers wanting to pay by credit or debit card and thereby opening a merchant account.
Payment Card Industry Standards
PCI security standards are technical and operational requirements set by the Payment Card Industry Security Standards Council to protect cardholder data. The standards globally govern all merchants and organizations that store, process, or transmit this data – with new requirements for software developers and manufacturers of applications and devices used in those transactions. Compliance with the PCI set of standards is mandatory for their respective stakeholders, and is enforced by the major payment card brands who established the Council: American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc.
All University approved accounts must adhere to the Payment Card Industry Security Standards including the performance of the SAQ (Self-Assessment Questionnaire), annual attestation and successful University computer and network scans.
The Controller’s Office may at any time terminate the department’s merchant account for a policy/procedure violation. In addition, payment card industry compliance violations may result in fines from the payment brands (VISA, MasterCard, Discover, American Express, JCB, BC Card, DinaCard and Diner’s Club) to the acquiring bank, at their discretion, from $5,000 to $100,000 per month which may be charged back to the department in noncompliance. Fines are dependent on volume of credit cards breached and remediation efforts required.
Violations of this policy may result in appropriate disciplinary measures in accordance with University Laws and By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the University of Connecticut Student Conduct Code.
The Office of the Bursar has the authority to recommend approval from any department to the Controller of an application for opening and operating a merchant account. These transactions are monetary transactions and subject to the same governance as cash.
Detailed procedures and resource documentation may be found on our website at: http://bursar.uconn.edu/cash-operations/.