Effective Date: January 1, 2020
Related Policy: UW-3031 Credit Card Merchant Services and PCI Compliance Policy
Functional Owner: Cash Management, Business Services
Contact: PCI Mailbox: email@example.com
I. Procedure Statement
II. Who is Affected by this Procedure
V. Related References
I. Procedure statement
The University of Wisconsin-Madison can accept payment card payments from customers to pay for goods and services. A payment card device, such as an EMV chip or swipe machine, is a method of processing these payments in-person, over-the-phone, or via fax communication.
II. Who is affected by this procedure
This procedure applies to all UW-Madison departments that accept payment cards via a payment card device. This procedure should be understood by all Divisional Business Representatives (DBRs), Site Managers, and Operators of the merchant accounts.
Below are the steps for opening a merchant account that uses an EMV chip or swipe machine:
- Complete and submit the Card Merchant ID Request Form.
- The DBR must approve the new merchant account.
- The DBR will receive an email upon completion of the Card Merchant ID Request Form. The DBR should then sign into the portal to approve the request.
- The DBR should determine which card brands the new merchant will accept.
- The standard set up for a new merchant account includes MasterCard, Visa, and Discover. Should the department decide to choose to accept American Express cards, an additional reconciliation and an additional connection is required.
- The DBR must approve the new merchant account.
- Cash Management will review the submitted Card Merchant ID Request Form and contact the Site Manager to facilitate setting up Merchant Connect.
- Cash Management will provide information on payment card machines, including pricing information. Standalone payment card machines will ship directly from Elavon to the campus department. The cost of the new payment card machine will be charged to the merchant account.
- Each person that will log into Merchant Connect must have a unique operator ID.
- The PCI Site Manager must establish card handling procedures and a contingency plan for processing transactions should the primary system be unavailable. Once complete, these policies and procedures shall be submitted to Cash Management via e-mail (firstname.lastname@example.org).
- Cash Management will schedule a PCI site visit with the Site Manager once a Merchant ID (MID) is assigned by Elavon. During the PCI site visit, Cash Management will review the department business policies and procedures and assist with completing the Self-Assessment Questionnaire (SAQ).
- When the equipment arrives, verify the machine has the correct address, merchant name, and MID on the machine when it is turned on.
- Record the serial number and manufacturing information at https://charge.wisc.edu/users.
- Call Elavon Training at (866) 451-4007 to schedule a training on how to use the payment card machine and transaction settlement. Note that the payment card machine will not auto settle unless the machine is turned on.
- The campus department must make a sticker to place on the terminal containing this information:
- Equipment problems Relationship Premier Services: (800) 725-1245
- Supplies such as thermal paper call Customer Service Center: (800) 725-1243
- Elavon Training: (866) 451-4007
Merchant account fees
Any fees associated with the acceptance of payment cards in a campus department will be charged to the related merchant on a monthly basis. These fees can be seen in WISER once they have been posted. Expenses may include a monthly account maintenance fee of $5.00, Elavon processing fees of approximately 2% of each transaction, and $7.50 for chargeback fees. American Express charges a fee of 2.1% of each transaction.
Campus Merchant Department – Manage the daily operations of the merchant account(s) and maintain PCI compliance.
Divisional Business Representative (DBR) – An individual within the dean or divisional office. This individual has the highest level of PCI responsibility including approving the initial merchant account request and annually reviewing the SAQ as the executive officer.
Merchant Connect (MCP) – An online tool from Elavon, the credit card processor, which displays transaction activity and monthly statements.
Site Manager – This individual is the point of contact for the campus department merchant account(s) and should have influence to establish procedures for the day-to-day handling of payment cards to ensure compliance.
V. Related references
- UW-3031 Payment Card Merchant Services & PCI Compliance Policy
- Payment Card Industry Data Security Standards (PCI DSS)
- PCI Compliance Team (PCI-CT) Charter
- PCI DSS Quick Reference Guide v3.2
|Date Approved||January 1, 2020|
|Revision Dates||Jan. 19, 2021 – Changed Procedure Number to 3031.B from 404.B|