Opening a Merchant Account for Credit Card Acceptance

Posted on by
Title: Opening a Merchant Account for Credit Card Acceptance
Policy Owner: Office of the Bursar
Applies to: Faculty, Staff
Campus Applicability: Storrs and Regional Campuses
Approval Date: September 29, 2025
Effective Date: September 29, 2025
For More Information, Contact: Office of the Bursar Cash Operations
Contact Information: cashoperations@uconn.edu
Official Website: https://bursar.uconn.edu/departments/cash-operations/

PURPOSE

To ensure University compliance with the Payment Card Industry Data Security Standards (PCI DSS) found at www.pcisecuritystandards.org.

APPLIES TO

This policy applies to any department requesting a merchant account to accommodate customers who want to pay by credit or debit card, and the University’s centralized eCommerce system cannot meet their needs.

DEFINITIONS

Payment Card Industry Data Security Standards: PCI DSS are technical and operational requirements set by the Payment Card Industry Security Standards Council to protect cardholder data. The standards globally govern all merchants and organizations that store, process, or transmit this data – with new requirements for software developers and manufacturers of applications and devices used in those transactions. Compliance with the PCI DSS is mandatory for their respective stakeholders, and is enforced by the major payment card brands who established the Council: American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc.

POLICY STATEMENT

Credit card transactions are monetary transactions and therefore are subject to the same control and reconciliation policies as cash transactions. No department may open a merchant account to accept credit card transactions without the approval of the Controller and Bursar.

New merchant accounts must be opened through Office of the Bursar and receive Controller approval.  Merchant accounts will only be approved if the University’s centralized eCommerce system cannot meet the needs of the requesting department.  All University approved accounts must adhere to the PCI DSS including the performance of the Self-Assessment Questionnaire (SAQ), annual attestation, and successful University computer and network scans, as applicable.

ENFORCEMENT

The Office of the Controller may at any time terminate the department’s merchant account for a policy/procedure violation. In addition, payment card industry compliance violations may result in fines from the payment brands (VISA, MasterCard, Discover, American Express, JCB, BC Card, DinaCard and Diner’s Club) to the acquiring bank, at their discretion, from $5,000 to $100,000 per month which may be charged back to the department in noncompliance. Fines are dependent on volume of credit cards breached and remediation efforts required.

Violations of this policy and any related procedures may result in appropriate disciplinary measures in accordance with University Laws and By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the University of Connecticut Student Conduct Code.

PROCEDURES/FORMS

Detailed procedures and resource documents may be found on the Office of the Bursar website at: https://bursar.uconn.edu/cash-operations/ .  

POLICY HISTORY

Created: 08/19/2014

Reviewed with no revisions: 01/14/2022

Revised: 09/29/2025 (Approved by the University’s Senior Policy Council and President)