3031.A Open and Manage an Internet Storefront Merchant Account Procedure

Procedure # 3031.A; Rev.: 2.12.20 (Effective January 1, 2020)
Related Policy: UW-3031 Payment Card Merchant Services and PCI Compliance Policy 
Functional Owner: Cash Management, Business Services
Contact: PCI Mailbox: pci-help@bussvc.wisc.edu


Contents

  1. Procedure statement
  2. Who is affected by this procedure
  3. Procedure
  4. Definitions
  5. Related references
  6. Revisions

I. Procedure statement

The University of Wisconsin–Madison can accept payment cards from customers to pay for goods and services. An Internet storefront is a method of accepting e-commerce payment transactions via a website.

Back to top


II. Who is affected by this procedure

This procedure applies to all UW–Madison departments that accept payment cards online. This procedure should be understood by all Divisional Business Representatives (DBRs), Site Managers, and Operators of the merchant accounts.

Back to top


III. Procedure

Below are the steps for opening an internet storefront merchant account:

  1. Complete and submit the Card Merchant ID Request Form.
    1. The DBR must approve the new merchant account.
      1. The DBR will receive an email upon completion of the Card Merchant ID Request Form. The DBR should then sign into the portal to approve the request.
    2. The DBR should determine which card brands the new merchant will accept.
      1. The standard set up for a new merchant account includes MasterCard, Visa, and Discover. Should the department decide to choose to accept American Express cards, an additional reconciliation and an additional connection is required.
  2. Cash Management will review the submitted Card Merchant ID Request Form and contact the Site Manager to facilitate setting up CASHNet and Merchant Connect.
    1. Each person that will log into CASHNet and Merchant Connect must have a unique operator ID.
    2. The department should provide a logo for the checkout page.
  3. The PCI Site Manager must establish card handling procedures and a contingency plan for processing transactions should the primary system be unavailable. Once complete, these policies and procedures shall be emailed to Cash Management (pci-help@bussvc.wisc.edu).
  4. The PCI Compliance Assistance Team and Elavon will review the website that is being used and ensure that it directs customers to CASHNet for payment. The hosting location must be determined and approved before the Merchant ID (MID) goes into production.
  5. Cash Management will schedule a PCI site visit with the Site Manager once a MID is assigned by Elavon. During the PCI site visit, Cash Management will review the department business policies and procedures and assist with completing the Self-Assessment Questionnaire (SAQ).
  6. Cash Management, or a specific DoIT staff, will activate the MID within CASHNet after the PCI site visit. Once the MID is in production in CASHNet, the storefront website may be used by customers.
  7. The PCI Site Manager must track all live websites in use that redirect to the payment page. Contact pci-help@bussvc.wisc.edu to close the websites that are no longer used for payment.

Merchant account fees

Any fees associated with the acceptance of payment cards in a campus department will be charged to the related merchant on a monthly basis. These fees can be seen in WISER/WISDM once they have been posted. Expenses may include a monthly account maintenance fee of $5.00, Elavon processing fees of approximately 2% of each transaction, and $7.50 for chargeback fees. American Express charges a fee of 2.1% of each transaction.

Back to top


IV. Definitions

  • Campus Merchant Department – Manage the daily operations of the merchant account(s) and maintain PCI compliance.
  • CASHNet – A third-party, e-commerce service provider contracted by the University of Wisconsin that is used to process credit card payments.
  • Divisional Business Representative (DBR) – An individual within the dean or divisional office. This individual has the highest level of PCI responsibility including approving the initial merchant account request and annually reviewing the SAQ as the executive officer.
  • Merchant Connect (MCP) – An online tool from Elavon, the credit card processor, which displays transaction activity and monthly statements.
  • Site Manager – This individual is the point of contact for the campus department merchant account(s) and should have influence to establish procedures for the day-to-day handling of payment cards to ensure compliance.

Back to top


V. Related references

Back to top


VI. Revisions

Procedure Number 3031.A
Date Approved January 1, 2020
Revision Dates Jan. 19, 2021 – Changed Procedure Number to 3031.A from 404.A

Back to top