Payment Card Processing

I. Policy Statement

Syracuse University is committed to ensuring that it is in compliance with all applicable laws and regulations related to the use of payment cards on its campus.

This Policy sets forth standards for University Departments to accept and process payments from third-party merchants, vendors, or contractors (collectively, “Third Parties”) by credit card, debit card, or any other card or device other than cash or check (collectively, “Payment Cards”)

II. Reason for Policy/Purpose

The University is subject to certain Federal, State, and industry rules, regulations, and contractual provisions regarding the processing and handling of Payment Cards and the data associated with those Cards.  The aim of this Policy is to ensure compliance with those rules, regulations, and contractual provisions, and to ensure the control, integrity, and security of specific Payment Card data.

III. Policy

     A.  Payment Card Processing Approval Required

All Payment Card processing activities at the University require approval of the Office of the Treasurer.  University Departments shall not process Payment Cards under any circumstances without the required approvals.

University Departments shall not sign any contracts or enter into any agreements involving Payment Card processing with Third Parties, or purchase related equipment or software, without approval from the Office of the Treasurer. University Departments shall not set up their own banking relationships for
Payment Card processing.

     B.  Payment Card Processing Standards and Security Measures

In order for the University to accept Payment Cards as a form of payment for any of its services, the University and its Departments must comply with the Payment Card Industry’s Data Security Standard (“PCI DSS”). The PCI DSS can be found on the University Information Technology Services (“ITS”) website
at http://its.syr.edu/infosec/standards.html.

All known or suspected security incidents involving Payment Cards and Payment Card data, such as theft of such data, must be reported immediately to ITS and the Office of the Treasurer.

     C.  Employee Requirements

All new employees who will be processing Payment Cards in the scope of their University positions are required to have a background check performed as part of the hiring process.  Non-permanent employees (i.e., temporary employees, student employees, volunteers) who will be processing Payment Cards are required to execute a confidentiality agreement.

     D.  Transaction Fees

University Departments are responsible for the Payment Card processing transaction fees incurred as a result of their processing activities.

IV. To Whom Does This Policy Apply

Select all that apply:

☒  Students     ☒  Faculty     ☒  Staff      ☐  Visitors/General Public     ☒  Other – Temporary Personnel and Volunteers ☒  Other – Third-Party Service Providers

V. Appendices (as applicable)

      A.  Procedures

University Departments are required to complete the necessary application forms and questionnaires to request approval to accept and process payments by Payment Cards. The standard forms and questionnaires, together with instructions for their use, are available from the Office of the Treasurer and online at http://treasurer.syr.edu.

Background checks for new employees may be coordinated through Human Resources.  Non-Disclosure Agreements (NDA) for temporary employees who will be processing Payment Cards are available from the Office of the Treasurer and online at http://treasurer.syr.edu.

     B.  Definitions

Payment Card – The term “Payment Card” as used in this Policy refers to credit cards, debit cards, or any other card or device other than cash or check.

Payment Card Industry Data Security Standard (“PCI DSS”) – The term “Payment Card Industry Data Security Standard” or “PCI DSS” as used in this Policy refers to security standards developed by major Payment Card issuers to protect Payment Card data.  The PCI DSS standards must be adopted by all merchants, organizations, and entities that accept and process Payment Cards.

Third Parties – The term “Third Parties” as used in this Policy refers to outside merchants, vendors, contractors, or other parties who pay the University or University Departments for services.

     C.  Forms

The application for Payment Card processing is available from the Office of the Treasurer.

Non-disclosure agreements (NDA) for temporary employees are available from the Office of the Treasurer.

     D.  Other Related Policies and Documents

     E.  Frequently Asked Questions

What is a Payment Card?
A payment card refers to a credit card or debit card branded with the MasterCard, Visa, Discover or American Express logo.

What is PCI-DSS?
Payment Card Industry Data Security and Standard which is a set of rules developed by the card brands to create a secure environment and
protection for the cardholders.

How to I begin accepting Payment Cards?
Go to http://treasurer.syr.edu and follow the instructions.