[ Cash and Liability Management ]
Credit Card Processing
All credit card processing arrangements require the approval of the Treasurer's Office.
The University has contracts with ChasePaymentech
(for Visa/ MasterCard), American Express, and Discover
for credit card acceptance. The University contracts
with PayPal (formerly Verisign) for secure web payments.
These are the only University approved vendors. Any
relationship with other vendors must be approved by the
Vice President for Finance. Contact Helen Kreider (hkreider@pobox.upenn.edu)
for assistance with other vendors.
Determining the need for a Merchant Account
Almost all schools and centers accept payments for a variety of transactions including registration
and application fees, memberships, dues, sales, donations, meeting and conference fees, etc.
In order to accept credit cards as a form of payment a school or center must either obtain a merchant
account through the Treasurer’s office or use a third party that accepts credit card transactions.
Before applying for a merchant account you should determine whether you actually need one.
Factors to consider include the purpose of the account, anticipated dollar volume, average transaction
amount and whether transactions will be made year-round, during the school year or on limited occasions.
For limited or one-time conferences, meetings or events please contact
Conference Services who can
provide credit card acceptance services without the need to open an individual merchant account.
Payment Card Industry (“PCI”) Compliance
The Payment Card Industry (including VISA, Master Card, American Express and other major credit card issuers) have developed stringent standards to protect card data. These standards can be found at https://www.pcisecuritystandards.org/ along with annual self assessment questionnaires. To review the University’s policy on PCI compliance, see: http://www.finance.upenn.edu/vpfinance/fpm/2000/2006.asp . Every University member that is involved in processing credit card transactions must be familiar with the PCI standards, as well as the University’s policy on PCI compliance and must complete and sign the Confidentiality/Non-Disclosure form which can be found at: http://www.finance.upenn.edu/treasurer/info/PCI_confidentiality_form.pdf. Senior Business Officers are responsible to ensure that completed and signed Confidentiality/Non-Disclosure forms are kept on file locally in their School/Center.
Obtaining a Merchant Account
The first step in obtaining a merchant account is to
fill out a Merchant Account Request (“MAR”) form which
is available at
http://www.finance.upenn.edu/treasuer/forms on the
web. The form must be signed by the requestor and the
school/ center’s senior business administrator. Send the
signed hard copy and an email copy to the Treasurer’s
office to the attention of Jeff McCray (jmccray@pobox.upenn.edu),
3451 Walnut Street, 737 Franklin Building, Philadelphia,
PA 19104-6205.
Upon approval, the Treasurer’s Office will contact
American Express and Discover to obtain merchant numbers
for the account. These numbers are then sent to
ChasePaymentech who assigns a Visa/ MC merchant number
and affiliates these merchant numbers. It takes
approximately 4 weeks for merchant account numbers to be
assigned.
Managing a Merchant Account
All credit card payments/fees are credited/charged to
a centralized University bank account. There is a daily
ledger interface that automates the distribution of
payments to departmental accounts. The main merchant
number is used to identify University departments. Your
budget is credited/charged to the G/L numbers you
specified on the Merchant Account Request Form.
Each department is responsible for reconciling their
credit card activity monthly. You will receive a monthly
merchant account statement for Paymentech with credit
card activity for all credit cards. You will also
receive monthly statements from AMEX and Discover.
Detailed transaction statements from Paymentech,
American Express and Discover can be viewed on-line.
Contact Jeff McCray (jmccray@pobox.upenn.edu)
if you need on line access. Review your statements for
accuracy. Additionally, you must verify that all
activity from the merchant account statement is
reflected in your budget. Please note there will be a
two-day delay between processing VISA/MC activity and
posting. There will generally be a four-day delay
between processing Discover and American Express
activity and posting.To facilitate reconciling card
transactions it is suggested that you assign different
CREF’s to Visa/MC, American Express and Discover.
Fees
There are transaction and service fees associated with
processing credit cards as well as set-up and monthly
fees for on-line merchant accounts. Credit card fees can
be obtained by contacting Jeff McCray (jmccray@pobox.upenn.edu)
PayPal -Web Payment Processor
PayPal has two web payment process products: Payflow
Link and Payflow Pro. Payflow Link is the only
authorized product..
PayPal authenticates billing addresses, stores
credit card payment information, and provides reporting
tools to access the payment information. Credit card
numbers for web payments may not be stored on any Penn
server. All departments using web credit card processing
should review the Penn security guidelines Security
Standards for Web- based Applications with Sensitive
Data at
http://www.upenn.edu/computing/security/standards/wwwsec.html.
For information on how to use PayPal web payment
processor please reference the following sections:
Getting Started This section describes the "how-to" steps for getting started with web credit card payments.
Payflow Link utilizes generic web forms that have
been developed by PayPal. All of the web forms/pages
that are needed for the authorization and payment
process are PayPal-hosted. They are immediately
available and no new forms need to be designed and
developed. You just cut and paste the supplied HTML
code into your web site and it is payment-enabled.
Some items on the PayPal web forms can be
personalized. You can define:
- Title area at the top of all payment forms
contains the specified name; a logo is allowed.
- Page contents can be centered or left
justified
- Color and image configuration is available
- Order Confirmation Page can contain your
defined header and footer
- EMAIL options for notification back to the
merchant and customer are available
- List the domain names (e.g. www.upenn.edu)
from which orders can be accepted; if the
Payflow Link transaction did not originate from
this domain it will be rejected
Additional information about basic features can
be found at
https://www.paypal.com
1.
Request a Web Merchant Account
Be sure to include a
functional URL on the Merchant Account Request form, your application can not be
processed without a secure web address that can be viewed by the credit card
companies. Also provide the Treasurer’s office with the name of the
department’s IT contact that will be setting up the web page.
2. PayPal Registration
The Treasurer's Office will complete the
PayPal registration upon receipt via e-mail of
the web Merchant Account Request Form. A
Username/Password will be forwarded to the
requestor. The Username/Password is required
before the IT contact can begin web application
testing.
3. Configure/Download PayPal Software
For Payflow Link, logon to PayPal Manager
using the Username/Password obtained in Step 2.
Complete the PayPal preference form. This will
designate options such as colors, title/heading,
Email notifications, etc. There is no software
to be downloaded; refer to the PayPal Getting
Started Guide. Add the PayPal links to your
web page and you are ready to test.
4. Install/Test PayPal Software
5. Ready to Go Live?
The Treasurer's Office will notify the
requestor when the web Merchant Account has been
set up. The PayPal web payments can go live any
time thereafter.
The Treasurer's office activates the Go-Live
option at PayPal as specified by the requestor.
A few days prior to your actual GO-LIVE date,
EMAIL the GO-LIVE date and time request to
jmccray@pobox.upenn.edu. The requestor's
PayPal account information will be changed from
a test status to a go-live status. The actual
GO-LIVE process takes only a few minutes and is
immediately effective. You will receive your
production Merchant Account number when the
GO-LIVE status is activated.
User Guides and Manuals
PayPal has developer and user guides available. They
can be viewed on the web or printed using Adobe Acrobat.
If you currently have an active User ID name and
password:
Logon to Payflow Manager at
https://manager.paypal.com.Enter Partner Name, Login and Password
Click on Downloads (at top of page)
Select User Guide of choice (view using Adobe Acrobat)
If you have not yet registered for your User ID and
password, Product User Guides are available from the
Treasurer’s office.
PayPal Manager
This is a PayPal web application which allows you to
manage your transactions, print reports, download
software, modify your account information, enter your
Payflow Link options, etc. Everyone who will be working
with the web payment process (both programmers and BAs)
should read this User Guide.
Payflow Link
The Payflow Link User’s guide is targeted to assist
the programmer with the software implementation. Large
portions of it are also useful for non-programming
staff. This is a guide that everyone can understand. It
contains such things as
- glossary of payment processing terms
- frequently asked questions
- fields stored in the PayPal database
- response codes returned, etc
Reporting & Transaction Processing
All reporting and transaction processing, such
as voids and refunds, are done over the web using PayPal
Manager. To access the PayPal Manager application:
Logon to Payflow Manager at
https://manager.paypal.com
Enter Partner Name, Login and Password Click: Login
The functions within PayPal Manager are:
-
Account Info
-
Security
-
Search Utilities
-
Transaction Terminal
-
Reports
-
Downloads
-
Help
The PayPal documentation provides the best
information on how to process payments and use the
available report options. Refer to the section on User
Guides and Manuals to learn how to locate the PayPal
Manager documentation.
Usage Guidelines
This section provides guidelines for the
use of PayPal web payments at the University.
-
Address Verification
-
Secure Web Site
Address Verification
Address Verification is required in all
web applications using PayPal software for credit card
payment processing.
-
Address Verification enables the
University to guarantee that each transaction is
eligible for a reduced rate. A reduced rate for
'Card Not Present' with Address Verification is
offered by Visa & Master Card. Ultimately Address
Verification reduces University expense.
-
Address Verification was an identified
requirement for the selection of web credit card
software. Vendors were excluded from selection based
solely upon the fact that Address Verification was
not part of their payment processing. The issue of
fraud and how to safeguard the University was an
important question. Even though Address Verification
will not detect all possible fraud, it is an
important function. The University must utilize the
opportunity to avoid fraud whenever possible.
-
Address Verification is automatically
included in the Payflow Link HTML software.
Secure Web Site
All transactions must be processed over a
secure web site. Chase/Paymentech, American Express, and
Discover will access and verify the web site URL before
issuing an internet merchant account. |