PCI DSS Merchant Procedure
To acquire or change a payment card account, the Merchant Department Responsible Person (MDRP) or his/her designee must submit an Application for Payment Card Account Acquisition or Change to the University Cashiers Office. The application must be signed by the MDRP/Administrative Manager (AM) and appropriate Associate Vice President or Dean. Applications that request eCommerce activities must also be signed by the Chief Information Officer. All eCommerce activities shall be processed by a third party vendor authorized by the University.
All requests shall be reviewed by the Request Reviewers. The Accounts Receivable/Cashier Manager shall respond to all applications. When an application to acquire a payment card account is approved, the Accounts Receivable/Cashier Manager will assist the MDRP in establishing the new merchant account activity. All card processing terminals shall be obtained through the University Cashiers Office.
The MDRP may appeal a decision to deny an application to acquire or change a payment card account to the University Controller, Financial Services.
- Fill out APPLICATION FOR PAYMENT CARD ACCOUNT ACQUISITION OR CHANGE form, have it signed by appropriate management and submit to the University Cashiers’ Office.
- Cashiers’ Office Sends to Request Reviewers.
- Accounts Receivable/Cashier Manager responds to applicant with approval/deny.If deny, applicant may appeal.
- Cashier helps establish new merchant account activity and provides or arranges to provide all needed materials: transmittal forms, Credit Card Drafts, Hypercom Terminals, or CashNet Terminals or Transaction web pages.
Policy Roles and Associated Campus Entities
Department receiving the form
University Cashiers Office
|Form Maintainer||Accounts Receivable/Cashier Manager|
|Coordinator, Annual Review of Policy Acknowledgement/Compliance||Accounts Receivable/Cashier Manager|
|Additional Reviewers||If CashNet set up is required, CashNet Administrator.
If eCommerce request, Chief Information Officer.
|Request Responder||Accounts Receivable/Cashier Manager|
|Appeals of Denied Requests||University Controller|
|Payment Card Account Facilitator||Accounts Receivable/Cashier Manager|
|Payment Card Equipment Contact||University Cashiers Office|
|CashNet Representative||CMS Security Administrator|
|eCommerce Requests||Chief Information Officer|
|PCI DSS Assessor||Information Security Officer|
|Training||Information Security Office|
|Procedure Purpose||This procedure provides a mechanism to ensure security when a merchant department decides to accept or changes their procedure to accept credit cards as a form of payment for services, goods, or donations.|
|Effective Date||Sep 01 2009|
|Prepared by||Barry Blackburn|
|Date Prepared||Mar 01 2009|
|Approved By||Samuel Scalise|
|Date Approved||Mar 09 2009|
|Last Updated By||Barry Blackburn|
|Date Last Updated||Nov 09 2009|
|Associated Policy||Payment Card Industry Security Policy|
|Contact(s)||Barry Blackburn (ISO)|