1 | P a g e
University Payment Card Services University of Virginia
Owner: Comptroller’s Office
Effective : June 1, 2015
Latest Revision: June 1, 2015
This procedure covers the steps a unit will follow in order to directly collect revenue by means of payment cards (debit or credit) using an authorized merchant account.
This procedure does not cover the steps a unit will follow for collecting revenue by means of payment cards; for a one-time only event, or through a vendor who collects revenue on the unit’s behalf.
Clearing project – an accounting process where funds flow in and out (are debited and credited for the same amount). The entries are usually made by Accounting Services and then the department to record bank deposits or payment card deposits that are deposited into a single University Bank account. The clearing project allows the department to then distribute the revenue to appropriate GL revenue strings. Once both side of the entry are made, the project is “cleared” of any outstanding balance.
PCI-DSS – Payment Card Industry -Data Security Standards and the family of compliance documents, PA-DSS (Payment Applications [software]), ROC (Report of
Compliance by a QSA), AOC (Attestation of Compliance through self-assessment), PTS (point of sale devices, P2PE(Point to Point Encryption) EMV and PIN Debit (Point of Sale device with electronic chip reading capacity). PCI is composed of 12 requirements that address security management of cardholder data, institutional policy, department procedure, network architecture (tracking, monitoring and testing), software design, and Point of Sale and PIN devices.
2 | P a g e
PCPC – Payment Card Process Coordinator the individual responsible for the day to day operational issues surrounding payment card processing at the University.
SAQ – Self-Assessment Questionnaire a reporting tool used to document annual PCI compliance.
PCI Coordinator Form
University of Virginia Credit Card Requirements
The Unit Department Head or Dean is responsible for:
making sure the resources are available to manage the process/event;
the accounting for payment card revenues and reconcilement:
any website requirements;
the personnel who will conduct business in a PCI compliant manner at all times;
making sure that the revenue generating activity has been approved.
PCI Coordinator and/or the Project Coordinator will serve as the point of contact and be responsible for compliance for the unit.
The University Payment Card Services department in the Office of the
Comptroller is responsible for ensuring that this procedure is necessary, reflects actual practice and supports University policy.
Review the FAQ’s on the Payment Card Website to determine if a merchant account is appropriate for the unit’s needs and supportable by the unit.
3 | P a g e
Review the Payment Card Account Application to become familiar with the account requirements.
If the project involves a new source of revenue or the sale of real property, review the policies on Revenue Generating Activities and Collecting,
Reporting and Remitting VA Sales Tax before proceeding. The revenue stream must be approved before a merchant account can be established.
Contact Payment Card Services and schedule an assessment meeting.
Who should attend: i.
The project coordinator, ii.
Fiscal administrator for the unit, iii.
Web designer, if an ecommerce project.
Submit the application .
Assign a PCI Coordinator who will serve as the primary contact for the department and the resident PCI expert for your environment.
If ecommerce, develop web pages which comply with the University’s processor’s (ELAVON) Web Site Requirements to be disclosed on “landing page” where the PAY NOW button resides.
Work closely with the PCPC on training, access to reporting systems and setup.
Review appropriate PCI SAQ on compliance (annual submission).
Complete PCI Departmental training and sign the Confidentiality
Agreement (annual PCI Requirement).
Develop “Desktop Procedures” (annual PCI Requirement).
4 | P a g e
Schedule training with the PCPC on making GL entries when clearing projects are used for posting payment card revenue.
Schedule training with the PCPC on reconciliation of either the clearing projects and/or the revenue project(s).
PCI Coordinator must complete on-line and classroom training. Contract the ( PCPC ) for details.
End of Activity