Credit/Debit Card Processing

Departments of the University of Georgia, if approved, may accept credit/debit card for payment of services rendered and goods sold. Each unit's needs will determine what cards (American Express, Discover, MasterCard, and Visa) are accepted for payment.

Any authorized University unit wishing to accept credit/debit cards as a form of payment should contact the Bursar's Office. You will be required to complete a Merchant Application for approval. If you are considering using a 3rd party vendor or 3rd party software application, you must complete the 3rd Party Vendor Application as well. Approval should be granted prior to signing any agreements or purchasing such software.

Once a unit is authorized to accept credit/debit cards, the unit will follow routine procedures to send a standard Credit/Debit Card Transmittal Form to the Bursar's Office so that the sales revenue can be recorded in the University Accounting System. The accepting unit must also transmit their sales electronically to the bank's processing center on a daily basis. Transmittal forms summarizing the electronically transmitted sales should be sent to the Bursar's Office by either fax (706-542-3959) or email (bursar@uga.edu) immediately after the electronic transmission has been confirmed by the bank's processing center.

As a result from credit card breaches, the credit card industry has formed a council called the Payment Card Industry Council. This PCI Council has developed Data Security Standards (DSS) to assure customers that their brands, and using credit cards, are reliable and secure. These standards include controls for handling and restricting credit card information, computer and Internet security, and reporting of a breach of credit card information. These standards are mandated by the industry in order for a merchant to accept credit card payments.

To comply with the Date Security Standards, the University of Georgia has contracted with a third party company, Trustwave.  All approved merchants must register with the TrustWave when issued an account. Using the third party assessor site, each department will complete a PCI Self-Assessment Questionnaire (SAQ) on an annual basis and will be required to review and close a quarterly network vulnerability scan. Quarterly scans need to be satisfied and closed before the next scan is completed.

Should you find yourself not in compliance with the approved credit/debit card policy and procedure, you will need to complete a Request for Exception. All merchants are expected to be in compliance with the approved credit/debit card policy and procedures.