All University units with merchant accounts, including all terminal IDs tied to a merchant account, are responsible for the following:

• Compliance with all merchant rules established by the credit card companies which apply to the unit
• Compliance with Payment Card Industry Data Security Standards (PCI DSS), including completion of the annual self-assessment questionnaire
• Completion of required testing of security systems, network processes, and schedule quarterly scans, if processing credit cards through a network
• Establishment of clear policies regarding returns and refunds, in compliance with University policy and merchant rules
• Notification to Security Operations and Services (SOS) of potential breaches

If any changes are made in how credit card transactions are processed (i.e. move from POS terminals to AIS eCommerce Services), a revised Credit Card Processing Merchant Request or Credit Card Processing Terminal Request must be completed. Units who no longer have a need for a merchant or terminal ID must contact the Office of Finance, through their Financial Officer, to formally terminate the merchant ID or terminal ID.

Control and Reporting

It is the responsibility of the area that accepts credit cards to assure that all credit card sales are recorded on area and University accounting records. The selling unit must establish strict internal controls and reconciliation methods to assure that credit card sales have been properly recorded on central University records.

Chargeback Procedures

A chargeback is a transaction disputed by the cardholder. There are many reasons for chargebacks, the most common being returned merchandise, terminated services, disputes, errors, or fraud. Additional information regarding chargebacks can be found in the documents entitled Understanding Chargebacks and Elavon Chargeback FAQs.