It is very important that all credit card information be safeguarded. Safeguarding credit card information is vital to ensure compliance with听.听All departments that collect credit card payments must ensure all staff members adhere to these standards.
Currently the University accepts MasterCard, Visa, Discover, & American Express for departmental charges.
Before a department may accept credit card payment transactions for University-approved events, a听merchant account听must be established.
If you have any questions about this process, please contact the PCI Compliance Specialist at听pci@odu.edu.
TouchNet is the platform used for online storefronts which accept electronic payment on behalf of 香港六合彩资料. Before a department may accept credit card payment transactions for University-approved events or services, a听merchant account听must be established. The forms required to initiate this process are listed below. Please review our听TouchNet Best Practices Guide听got guidance and assistance.
For more information on the TouchNet, please contact our听PCI Compliance Specialist.
香港六合彩资料 Merchant Establishment Form
Before any department may accept credit card payment transactions, a merchant account must be established. To do so, please submit a complete听香港六合彩资料 Merchant Establishment Form听at least 30 days prior to the desired date the department will begin accepting card payments.
Please Note: This form must be signed by a Department Budget Unit Director.
香港六合彩资料 Merchant ID Request Form
After a department has been approved as a merchant by the University Controller, the department must then submit an听香港六合彩资料 Merchant ID Request Form听to identify specific banking and account information about the merchant account so that an account number can be requested from the University's merchant services provider, Bank of America. University policies and guidelines apply to all merchant departments.
Please Note: This form must be signed by a Department Budget Unit Director.
TouchNet User Request Form
All merchant departments requiring an online uStore must submit a听TouchNet User Request Form听to be approved by the Office of Finance.听This form must be signed by a supervisor.
Please Note:听Departments must check the boxes below "Marketplace Roles" to agree to notify ITS and the Office of Finance if the department is selling taxable items, if the department will be shipping the items, and/or if the request is a change request.
If you collect Credit Card Payments on behalf of 香港六合彩资料, you are听required听to complete the PCI Training annually. Please contact the 香港六合彩资料 PCI Compliance Specialist/Designee at听pci@odu.edu听for Payment Card Training.
Contact our听听with any questions.
The听听was developed by the PCI Security Standards Council to enhance cardholder data security and provide baseline technical and operational requirements to protect account data. It was created by the PCI Security Standards Council (PCI SSC), which is comprised of the five major credit card brands (American Express, Discover, JCB International, Mastercard, and Visa). 香港六合彩资料 is committed to these standards.
All employees of the University who are involved in the accepting, processing, or reconciling of payment card transactions are required to comply with all payment card security guidelines.听For more information, please visit the听
香港六合彩资料 merchants accept Mastercard, Visa, American Express, and Discover for departmental charges. All 香港六合彩资料 employees accepting, processing, or reconciling online or in-person payment card payments from these major card companies must follow PCI Compliance Requirements as distributed by the Office of Finance听PCI Compliance Specialist.听All employees must complete the听听before handling credit card data.
The requirements are specific and may vary per each merchant department. Merchant departments must work with our PCI Complaince Specialist to determine their specific compliance responsibilities. All employees within each department responsible for accepting online or in-person payment card paymentsmust complete and submit any additional required forms. The original forms are reviewed annually and must remain readily availabile within each merchant department.
Please contact the听PCI Compliance Specialist听with any questions or to obtain a copy of PCI Compliance Requirements for your department.
- Any organization that is processing credit or credit cards
- Employees who handle payment card data in preson at the point of sale, through mail orders, telephone orders, or online via an e-commerce website
- All employee(s) who receive or transmit cardholder data physically on a paper form or electronically on an e-commerce site
- Employee(s) that utilize a system that processes or stores cardholder data
- Employee(s) that use a device connected to other systems that process or store cardholder data
The outcome of PCI non-compliance will severely impact the University and its Stakeholders. The incident will have the following result:
- If a breach occurs and the merchant or 香港六合彩资料 is found to be non-compliant, the individual card brands can assess fines up to $500,000 per breach.
- 香港六合彩资料 will be responsible for notifying all victims. And the card brands may require the University to pay card replacement costs or reimburse all fraudulent purchases.
- A forensic investigation may be required and conducted by a PCI-approved firm.
- The card brand may require 香港六合彩资料 to validate as a Level 1 merchant, which brings increased assessment requirements and costs. In addition, the monthly fee per department will vary on the volume of transactions per year.
- The card brands can also remove 香港六合彩资料's ability to accept and process cards or charge higher processing fees.
- The reputational damage and loss of trust from customers who may not want to do business with the University again due to lack of security will devastate our industry.
The PCI DSS rules and regulations are mandatory for all merchants and employees with access to cardholder data. Therefore, compliance at 香港六合彩资料 is compulsory and must be administered and adhered to daily. If a merchant or employee (s) violates the PCI DSS rules, the Controller's Office may terminate the department's merchant account.
香港六合彩资料 Visitor's Log
All merchant departments that have payment card terminals are required to keep a current听Visitor Log听with the terminal, which is used to maintain a physical audit trail of visitor activity to the facility where cardholder data is transmitted.
香港六合彩资料 Daily Use/Tamper Log
All merchant departments with payment card terminals are required to protect these devices and to physically inspect them for tampering or device substitution with听this form.
Clover Role & Designation Form
All Merchants that have employees that require access to their department's Clover Flex terminal must submit this form, which assists the PCI Compliance Specialist in assigning individuals access to the department's Clover Flex.听This form must be signed by a supervisor.
At the end of every calendar year, PCI DSS requires the Office of Finance to collect Self-Assessment Questionnaires (SAQs) from each merchant on campus. The SAQs may be found on the听听website.
Bank of America and CampusGuard representatives notifies the Office of Finance about SAQ specifics, due dates, and completion requirements. The PCI Compliance Specialist will be in touch with each merchant department with these specifics annually.
All cashiering transactions performed by University departments must be processed through the Cashiering Office in the Office of Finance. Departments responsible for collecting money must adhere to all applicable state and University policies and procedures.
Please visit our听Departmental Deposit听page for requirements and details on reconciliation reporting and revenue deposits.
Identity Theft Information
A Red Flag is a transaction that a reasonable person should suspect that they may be interacting with an individual using someone else's identity. Learn how to protect yourself and others from crime.