PCI DSS Merchant Procedure

To acquire or change a payment card account, the Merchant Department Responsible Person (MDRP) or his/her designee must submit an Application for Payment Card Account Acquisition or Change to the University Cashiers Office. The application must be signed by the MDRP/Administrative Manager (AM) and appropriate Associate Vice President or Dean. Applications that request eCommerce activities must also be signed by the Chief Information Officer. All eCommerce activities shall be processed by a third party vendor authorized by the University.

All requests shall be reviewed by the Request Reviewers. The Accounts Receivable/Cashier Manager shall respond to all applications. When an application to acquire a payment card account is approved, the Accounts Receivable/Cashier Manager will assist the MDRP in establishing the new merchant account activity. All card processing terminals shall be obtained through the University Cashiers Office.

The MDRP may appeal a decision to deny an application to acquire or change a payment card account to the University Controller, Financial Services.

Work Flow

  1. Fill out APPLICATION FOR PAYMENT CARD ACCOUNT ACQUISITION OR CHANGE form, have it signed by appropriate management and submit to the University Cashiers’ Office.
  2. Cashiers’ Office Sends to Request Reviewers.
  3. Accounts Receivable/Cashier Manager responds to applicant with approval/deny.If deny, applicant may appeal.
  4. Cashier helps establish new merchant account activity and provides or arranges to provide all needed materials: transmittal forms, Credit Card Drafts, Hypercom Terminals, or CashNet Terminals or Transaction web pages.

Policy Roles and Associated Campus Entities

Role Campus Entity

Department receiving the form

University Cashiers Office

Form Maintainer Accounts Receivable/Cashier Manager
Coordinator, Annual Review of Policy Acknowledgement/Compliance Accounts Receivable/Cashier Manager
Request Reviewers
  • Dean/Appropriate Administrator
  • Accounts Receivable/Cashier Manager
  • Chief Information Officer
  • Information Security Officer
  • Director of Network Security and Communications Services
  • Director of Workstation Security Services
  • Deputy/Assistant Controllers University and Auxiliaries
  • CC: Police Chief
Additional Reviewers If CashNet set up is required, CashNet Administrator.
If eCommerce request, Chief Information Officer.
Request Responder Accounts Receivable/Cashier Manager
Appeals of Denied Requests University Controller
Payment Card Account Facilitator Accounts Receivable/Cashier Manager
Payment Card Equipment Contact University Cashiers Office
CashNet Representative CMS Security Administrator
eCommerce Requests Chief Information Officer
PCI DSS Assessor Information Security Officer
Training Information Security Office
Procedure Purpose This procedure provides a mechanism to ensure security when a merchant department decides to accept or changes their procedure to accept credit cards as a form of payment for services, goods, or donations.
Procedure Number 02-108
Version 1.0.1
Effective Date Sep 01 2009
Prepared by Barry Blackburn
Date Prepared Mar 01 2009
Approved By Samuel Scalise
Date Approved Mar 09 2009
Last Updated By Barry Blackburn
Date Last Updated Nov 09 2009
Associated Policy Payment Card Industry Security Policy
Contact(s) Barry Blackburn (ISO)
Keywords PCI DSS