The Office of Treasury Operations oversees the University's credit card operations and has developed guidelines for campus merchants who wish to accept credit cards as payment for goods and services. This section addresses Payment Card Industry (PCI) Compliance, the University's Cardholder Data Security Policy, establishing a campus merchant ID, as well as the nuances of credit card processing on AU's campus.
The Payment Card Industry (PCI) has adopted security standards that mandate the proper handling, processing, and storing of cardholder data as it relates to credit card acceptance. These standards were developed by VISA, MasterCard, Discover, and American Express for merchants who accept their cards as forms of payment. In turn, the standards are enforced by these entities to protect payment card users from identity thieves and other information security vulnerabilities. PCI Compliance applies to e-commerce, mail/telephone order, and card-present transactions.
Credit Card Policy
The Offices of Treasury Operations and Information Technology have partnered to achieve and maintain credit card acceptance compliance at American University. In connection with this effort, a University Policy governing cardholder data security has been created to assist our community with safeguarding this sensitive information. The policy includes everything that a university merchant needs to know about handling, processing, storing, and disposing of cardholder data. Adherence to this policy is mandatory for all employees of AU that wish to accept credit cards on behalf of their department. Please view the AU Cardholder Data Security Policy below:
Card Acceptance Options
There are a few different card acceptance options that can be provided to American University departments. Network installable point-of-sale (POS) devices are available for instances where credit cards will be accepted over the phone or in person. The university can also procure PCI approved mobile POS machines for departments that need to be able to accept payments wirelessly. Additionally, in most instances, AU’s credit card processor can create stand-alone payment webpages for credit card acceptance in an e-commerce fashion. For more information on card acceptance options, please contact Tyler Catalani, email@example.com.
As an organization that accepts payments via credit card, American University is required to adhere to the ever-evolving PCI compliance standards. This means that it is incumbent upon the individual university departments that accept credit cards to adhere to the standards set forth by the Payment Card Industry. Failure to comply could result in fines and/or suspension of credit card privileges by any or all of the credit card brands.
Departments wishing to accept credit cards as payment for goods and services must complete the Payment Activity Acceptance Clarification (PAAC) form to request a new merchant ID. Upon review and approval by the PCI Review Committee, a Merchant ID will be assigned. All credit card users will also be required to sign a confidentiality agreement.
Setup costs related to credit card processing include the cost of the point-of-sale (POS) terminal or other device as well as any OIT data line installation fees. For an estimate of specific costs related to the purchase of new or additional POS machines, please contact Tyler Catalani, firstname.lastname@example.org.
The Office of Treasury Operations will assist in the installation of hardware or software and provide initial training on use of the devices. PCI also mandates that the University provide annual security awareness training to individuals who handle sensitive cardholder data as part of their normal job function. This training is available through AsuccessfulU.