|
Credit/Debit
Card Processing
Departments
of the University of Georgia, if approved, may accept credit/debit
card for payment of services rendered and goods sold. Each
unit's needs will determine what cards (American Express,
Discover, MasterCard, and Visa) are accepted for payment.
Any authorized University unit wishing to accept credit/debit
cards as a form of payment should contact the Bursar's Office.
You will be required to complete a
Merchant
Application for approval. If you are considering
using a 3rd party vendor or 3rd party software application,
you must complete the
3rd
Party Vendor Application
as well. Approval should be granted prior to signing
any agreements or purchasing such software.
Once a unit is authorized to accept credit/debit cards, the
unit will follow routine procedures to send a standard
Credit/Debit
Card Transmittal Form to the Bursar's Office
so that the sales revenue can be recorded in the University
Accounting System. The accepting unit must also transmit their
sales electronically to the bank's processing center on a
daily basis. Transmittal forms summarizing the electronically
transmitted sales should be sent to the Bursar's Office by
either fax (706-542-3959) or email (bursar@uga.edu) immediately
after the electronic transmission has been confirmed by the
bank's processing center.
As a result from credit card breaches, the credit card industry has
formed a council called the Payment Card Industry Council. This PCI
Council has developed Data Security Standards (DSS) to assure customers
that their brands, and using credit cards, are reliable and secure.
These standards include controls for handling and restricting credit
card information, computer and Internet security, and reporting of a breach
of credit card information. These standards are mandated by the
industry in order for a merchant to accept credit card payments.
To comply with the Date Security Standards, the University of Georgia has
contracted with a third party company, Trustwave. All approved merchants
must register with the TrustWave when issued an account.
Using the third party assessor site, each department will complete a
PCI Self-Assessment Questionnaire (SAQ) on an annual basis and will
be required to review and close a quarterly network vulnerability scan.
Quarterly scans need to be satisfied and closed before
the next scan is completed.
Should you find yourself
not in compliance with the approved credit/debit card policy
and procedure, you will need to complete a
Request
for Exception. All merchants are expected to
be in compliance with the approved credit/debit card policy
and procedures.
|