[ Cash Management ]
Credit Card Processing
The Treasurer’s office is responsible for issuing credit card merchant accounts and for overseeing policies and procedures regarding payment processing. All credit card processing arrangements require the approval of the Treasurer's Office. The University has contracts with
Bank of America for Visa/ MasterCard/Discover, and American Express for credit card acceptance. The University contracts with CyberSource for secure web payments. These are the only University approved vendors. Any relationship with other vendors must be approved by the Director of PCI Compliance and Merchant Card Programs. Contact the department of Cash Management for assistance with other vendors.
Determining the need for a Merchant Account
Almost all schools and centers accept payments for a variety of transactions including registration and application fees, memberships, dues, sales, donations, meeting and conference fees, etc. In order to accept credit cards as a form of payment, schools and or centers must obtain merchant accounts through the Treasurer’s Office.
Before applying for a merchant account you should consider the following:
- Purpose of the account
- Anticipated dollar volume
- Average transaction amount
- How often will transaction occur (year-round, during the school year or limited occasions).
For limited or one-time conferences, meetings or events please contact Conference Services who can provide credit card acceptance services without the need to open an individual merchant account.
Payment Card Industry (“PCI”) Compliance
The Payment Card Industry (including VISA, Master Card, American Express and other major credit card issuers) have developed stringent standards to protect card data. These standards can be found at https://www.pcisecuritystandards.org/ along with annual self assessment questionnaires. To review the University’s policy on PCI compliance, see: http://www.finance.upenn.edu/vpfinance/fpm/2000/2000_pdf/2006.pdf. Every University member that is involved in processing credit card transactions must be familiar with the PCI standards, as well as the University’s policy on PCI compliance. Once a merchant account is assigned, login credentials will be sent for the online SAQ (Self-Assessment Questionnaire) portal, NAVIS found at https://idp.coalfire.com/account/signin. You are required to log in, complete the environment survey and complete and update the controls on an annual basis or whenever merchant card processes change. Failure in compliance can result in suspension of merchant accounts as well as any fees resulting from non-compliance.
Obtaining a Merchant Account
It takes approximately 4 weeks for merchant account numbers to be assigned. To obtain a merchant account, complete the Merchant Account Request Form (MAR) which is available at http://www.finance.upenn.edu/treasurer/forms/, on the web.
ATTN: Director of PCI Compliance
& Merchant Card Programs
3451 Walnut Street
737 Franklin Building
Philadelphia, PA 19104-6205
Upon approval, the Treasurer’s Office will obtain merchant account numbers for the requested credit card types. These numbers are then sent to
Bank of America to assign and affiliate them to the Visa/MC merchant number. Once complete, login credentials and instructions are sent to the Account Manager to setup the new account with CyberSource, our gateway processor. http://www.cybersource.com/support_center/
There are transaction and service fees associated with processing credit cards as well as set-up and monthly fees for on-line merchant accounts. Credit card fees can be obtained by contacting the department of Cash Management.