Managing, maintaining and making sure UW–Madison is in compliance when processing credit card transactions.
Including managing merchant accounts, using credit card machines and training on Payment Card Industry (PCI) compliance.
Requirements
There are specific requirements involved in credit card transactions, including establishing internal controls, that are detailed in UW-3031 Payment Card Merchant Services and PCI Compliance Policy.
Merchant accounts
A merchant account is a bank account enabling the holder to accept credit cards for payment. This is required to set up in order to accept credit card transactions.
This is an accordion element with a series of buttons that open and close related content panels.
Open a merchant account
All revenue producing activities which receive payments via payment card must be approved by the Division of Business Services, Accounting Services Unit, Cash Management area.
This includes any third party vendors which process credit cards on behalf of the University and submit payment via ACH or paper check. All revenue must be deposited into a UW–Madison bank account, which posts to WISDM. Gift/donation merchant accounts are handled differently.
After opening a merchant account, the campus department will be assigned a specific Merchant ID (MID).
Maintain a merchant account
Payment card transactions are mostly handled through CashNet. Merchant IDs can also be set up for transactions that don’t use CashNet, including situations where a credit card processing machine is used.
Set up or maintain a CashNet storefront
Reset a password
To reset a CashNet password, contact cashmgt@bussvc.wisc.edu or cashnet-help@bussvc.wisc.edu .
Please include the operator ID in the email message.
Close a merchant account
A merchant account can be closed:
- By the merchant choosing to close the merchant account and contacting Cash Management at pci-help@bussvc.wisc.edu.
- If there is no activity for twelve consecutive months.
It can also be closed if the department fails to comply with policy.
Consequences of failing to comply with policy
Failure to comply with policy can result in a department losing the privilege of accepting credit cards as a form payment.
- If the department fails to comply with Payment Card Industry Data Security Standards requirements. This includes maintaining a site manager, completing the required annual training and/or submitting the Self-Assessment Questionnaire.
If the merchant and PCI-Compliance Team cannot agree on the interpretation of the PCI Standards, a third party PCI Qualified Security Assessor will be consulted for final interpretation.
Using payment/credit card machines
Campus departments can make electronic payments for face-to-face/counter, mail order/telephone, or Point of Sale (POS) with use of an Europay, MasterCard, Visa (EMV) Chip or Swipe machine.
This is an accordion element with a series of buttons that open and close related content panels.
Order a new or update a payment/credit card machine
Contact Cash Management for equipment types and pricing information. Standalone payment/credit card machines will ship directly from Elavon to the department. The cost of the new machine will be charged to the merchant ID.
When the equipment arrives, verify the machine has the correct address, merchant name, and Merchant ID on the machine when it is turned on.
Payment card machine training and getting started
Call Elavon training at (866) 451-4007 to schedule a 20 minute training on how to use the payment/credit card device and transaction settlement.
- Terminal will not auto settle unless the machine is turned on.
- Record the serial number and manufacturing information.
- The merchant must make a new sticker to place on the terminal containing this information:
- Equipment problems: Relationship Premier Services (800) 725-1245 (Option 2)
- Supplies such as thermal paper call Customer Service Center at (800) 725-1243 (Option 3)
- Elavon Training: (866) 451-4007
- For POS systems contact PCI-Help@bussvc.wisc.edu
Training
This is an accordion element with a series of buttons that open and close related content panels.
Payment Card Industry (PCI) Operator Training
The PCI Site Manager and Financial Officer are required to attend an initial PCI Training session. Subsequently, each year both individuals are required to complete annual online security awareness training.
Any employee or volunteer that handles a credit card on behalf of the University is required to complete PCI Operator training annually.
The PCI Site Manager needs to annually track the completion of all PCI Operator trainings
Payment Card Industry (PCI) Site Manager/Financial Officer Training
Each year both the PCI Site Manager and the Financial Officer are required to complete annual online security awareness training.
Any employee or volunteer who handles a credit card on behalf of the University is required to complete PCI Operator training annually. See information in above panel.