In order to accept payment cards in return for their goods/services, departments (merchants) must
first be an Approved Revenue Producing Activity (RPA) in accordance with Policy VI-121. You should also make sure that you are in compliance with Policy VI-120 Processing Revenue. You will need to submit a Departmental Request to Process Payment Cards application and sign and return a Merchant Agreement. Upon receipt of these, Payment Card Services will arrange for you to process VISA, MasterCard, Discover, American Express, JCB, and Debit cards. It will take approximately three weeks for ID numbers to be verified and to obtain the equipment as needed. Treasury will create a SharePoint folder for the merchant to upload required documents to complete the set-up process. A training session for you and your staff with Payment Card Services will then be scheduled. The training will take approximately 1 to 1-1/2 hours and the time will be coordinated to meet everyone's needs.
As a new Merchant you will be required to purchase Treasury approved equipment which consists of a terminal. A pin pad is only required if you plan on accepting debit cards processed as PIN Debits. If you experience problems with your equipment, please contact Chase Paymentech. They will assess the problem and if necessary replace the equipment. There is a reduced charge for replacement equipment if the malfunctioning equipment is returned to Chase Paymentech in a timely manner, otherwise you will be charged the full price of the terminal. Supplies (terminal paper) and signage (card type logo stickers) are free of charge if ordered through Payment Card Services. Current Equipment Price List.Data Security
The increased responsibility of accepting payment cards requires every merchant to be very careful in handling transaction data. Specifically, when maintaining or storing customers card numbers, it must be done in a secure fashion. Payment Card Industry Data Security Standards (PCI DSS) pertain to ALL transactions whether initiated via the telephone, over the counter, mail order, Internet, etc.
There are very specific guidelines and requirements regarding university data management and security that have been developed by the University Information Policy Office. These guidelines can be found on the web at http://datamgmt.iu.edu/.
Indiana University policy prohibits storage of credit card numbers in any database, computer, or LAN system. Transferring credit card numbers via unsecured channels (ex: email, unsecured fax, campus mail, etc.) is also prohibited.
Contact Payment Card Services