print friendly version
UCSC CREDIT CARD MERCHANT POLICY
Effective Date: 03/17/04
Last Revision Date: April 19, 2011
Credit Card Merchant Policy
I. Purpose of the Policy
Obtaining permission to operate as a UCSC credit card merchant requires a department or program to comply with a number of important criteria, which include the following:
• The business operation must be a self-sustaining activity generating significant sales volume
• The management of the operation must show that, by accepting credit cards as a means of payment, the operation materially benefits the campus
• The operation must employ appropriate financial controls in processing and accounting for credit card transactions
• The operation must comply fully with pertinent UC and UCSC policies and with all of the terms and conditions outlined in the agreement with the credit card company and Merchant Bank. Failure to comply with any policy or contractual term may result in the revocation of the authorization of a UCSC department or program to operate as a credit card merchant.
This policy incorporates provisions from a number of UC policies. In cases where a comprehensive reference is needed, the UC policy should be consulted. Where conflicts exist between this policy and UC policies, UC policies shall take precedence.
Please refer to Section III for the definitions of important terms used in this policy.
II. Detailed Policy Statement
A. General Provisions
A department or program seeking to function as a UCSC credit card merchant must meet the following eligibility requirements:
1. Self-Sustaining Activity. Activity must be primarily self-sustaining.
This means the business activity for which the department wishes to accept credit cards must generate net revenue. Activities may include such things as admission to events and facilities, the sale of merchandise, and the acceptance of payment of certain fees. The requesting department must specify the activities for which it wishes to accept credit cards as payment.
2. Sales Volume. Activity must have a significant sales volume.
This means that the business activity for which the department wishes to accept credit cards must generate a significant amount of sales. The requesting department must be able to show that sales from credit cards will exceed $10,000 annually.
3. Benefit to Campus. The acceptance of credit cards must provide a benefit to the campus that exceeds the added cost of accepting credit cards. Factors for consideration include the following:
a. Increasing revenue. The requesting department must be able to demonstrate that the additional net revenue (revenue less all costs) generated from credit card sales exceeds the additional cost incurred by accepting credit cards. All departments requesting to become a credit card merchant must meet this requirement.
b. Assuring payment. A requesting department may justify accepting credit cards on the basis that doing so reduces the amount of bad debt in an amount that exceeds the additional cost of accepting credit cards.
c. Automating payment collection. A requesting department may justify accepting credit cards on the basis that doing so reduces the cost of payment processing in an amount greater than the additional cost of accepting credit cards.
d. Providing customer service convenience. A requesting department may justify accepting credit cards on the basis that doing so provides customers with a substantially improved level of service.
B. Merchant Operating Requirements
Compliance with the following operating standards is required of all UCSC credit card merchants.
1. Financial Controls and Accountability. A merchant must ensure that every staff member involved in the credit card transaction handling and accounting process can be held individually accountable for his or her work and that the process includes adequate financial controls.
a. Accountability: A merchant’s credit card processing practices must ensure that, for the processing and accounting of any single transaction, a specific individual can be identified as being responsible for the completion of each activity of the process.
b. Separation of duties: A merchant must ensure that there is adequate separation of duties between payment processing, refund, charge- back, reconciliation, accounting, transaction monitoring, and record-keeping duties.
c. Physical security: A merchant must safeguard the equipment used to process credit card transactions from unauthorized use or tampering.
d. System security: A merchant must control access to information technology systems that are used to process and account for credit card transactions.
e. Information security: A merchant must protect cardholder information from unauthorized access and use.
f. Accounting: A merchant must ensure that accounting for credit card transactions and the collection of cash receipts from a third-party processor is accurate and timely.
g. Recordkeeping: A merchant must retain and secure all pertinent paper-based and electronic credit card transaction data and related supporting information for the period of time required by UC document retention policies and the credit card company agreement.
C. Compliance with University and Campus Policies
A UCSC merchant must comply with all UC and campus cash handling, information technology, and records management requirements related to processing credit card transactions. Please refer to Section VI for a listing of pertinent policy references. Key policy requirements include the following:
1. A merchant handling in-person transactions must purchase or lease a point of sale terminal/printer from the University’s card processor.
2. A merchant must have a dedicated analog phone line and maintain this phone line for credit card use only.
3. On a monthly basis, each merchant will be billed for merchant and equipment-related fees.
4. A merchant must balance, settle, and close their credit card terminal on a daily basis, including weekends.
5. A merchant must maintain the original sales draft for at least 30 days; a copy of the sales draft must be kept for a minimum of 7 years.
6. A merchant must process credit card payments through the processor selected by the University.
7. A merchant is responsible for ensuring employees processing credit card transactions are properly trained and knowledgeable about pertinent cash handling, accounting, information security, and recordkeeping policies.
8. A criminal background check must be performed on each employee responsible for processing credit card transactions prior to the employee being given the responsibility.
D. Compliance with Contractual Terms
A UCSC merchant must comply with all the terms and conditions included in the UC credit card company contract and service agreement
1. Cardholder signature. A credit card merchant must exercise due diligence in determining that the signature on a sales draft is the same as the authorized signature on the card.
2. Cash advances may not be processed under any circumstances.
3. Convenience fee. A merchant may not assess a convenience fee.
4. Customer option. A cardholder must be given the option of using a credit card for the payment of any good or service provided at the merchant location.
5. Deposit. A merchant may only deposit transactions belonging to that merchant’s department or program.
6. Discount fee. The merchant is responsible for paying merchant discount fee.
7. Equipment acquisition. A merchant must either purchase or rent the equipment needed to process card transactions from the university’s card processor.
8. Equipment maintenance. A merchant is responsible for the maintenance of card processing equipment.
9. Exchange and return policy. A merchant must have a fair policy for exchange and returns and give proper credit or issue credit vouchers.
10. Liability for contract breach. A merchant is responsible for payment of any costs or charges associated with violating the terms of the UC Credit Card Merchant Agreement.
11. Minimum purchase. A merchant may not establish minimum or maximum transaction purchase amounts.
12. Privacy of account information. A merchant may not sell, purchase, provide, or exchange cardholder account information in any form obtained by reason of a card transaction to any third party.
13. Privacy of cardholder information. A merchant may not record cardholder personal information on a credit card draft/ticket, such as telephone number, social security number, or driver’s license number.
14. Refunds. Approved refunds must be made by crediting the cardholder’s account.
15. Sales draft. When the cardholder is present, a sales draft must be signed by the cardholder.
16. Surcharge. A merchant may not assess a surcharge on a credit card transaction.
E. General Transaction Processing Standards
General standards for processing credit card transactions
a. A merchant must use either of the following two electronic data capture methods – Terminal Card Reader or PC Batch.
b. A merchant must prepare a campus bank deposit receipt form for each deposit and make deposits to the Cashier’s Office in accordance with UC cash handling policies.
2. Exchange and Return
a. A merchant must have a formal policy for exchanges and returns.
a. A merchant must have a formal procedure for taking corrective action on all chargebacks.
b. Rebuttals are to be completed within the number of days allowed on the chargeback notification.
4. Security of Personal Information
a. A merchant must use processing equipment that produces receipts with a truncated customer credit card account number.
b. A merchant must ensure that customer credit card data is protected from unauthorized access.
c. Any breaches in security over customer credit card data must be reported to the Campus Credit Card Coordinator.
5. Record Retention
a. Original sales drafts and all supporting documentation must be retained for at least seven years.
F. Payment Channel-Specific Processing Requirements
In addition to the general requirements outlined above, the following requirement(s) apply depending on the type of payment channel(s) employed by the merchant:
1. In-Person (Card Present)
The following additional requirement listed below applies to the acceptance of a credit card transaction conducted in-person:
a. A cardholder’s signature is required for every transaction processed.
2. Mail Or Telephone (Card not present)
The following additional requirement listed below applies to the acceptance of credit card transactions conducted over the telephone or through the mail:
a. Merchant departments cannot accept mail or telephone order drafts unless the credit card service has agreed to process them and is explicitly stated in the Merchant Agreement.
3. Kiosk Or Interactive Voice Response (IVR)
The following additional requirement applies to the acceptance of credit card transactions conducted through a kiosk or through an interactive telephone voice response system:
a. The kiosk or interactive voice response system must be reviewed and approved by the Assistant Vice Chancellor – Financial Affairs.
4. Third Party Credit Card Transaction Processor (Card not present)
The following additional requirements apply to the acceptance of credit card transactions by a third-party credit card transaction processor:
a. Use of a third-party credit card transaction processor must be reviewed and approved by the Assistant Vice Chancellor – Financial Affairs.
b. Use of a third-party credit card transaction processor must also be reviewed and approved by the UCOP Banking Services Group.
G. Review and Audit
A UCSC merchant credit card processing operation is subject to review at any time by the Office of Internal Audit or an office of Financial Affairs. The Assistant Vice Chancellor – Financial Affairs may suspend or revoke the ability of a UCSC merchant to accept credit card as a form of payment should the merchant fail to comply with any of the requirements described in this policy.
H. Procedure for Requesting Approval to Accept Credit Cards as a Means of Payment
A prospective UCSC credit card merchant must obtain written authorization from the Assistant Vice Chancellor – Financial Affairs. To obtain it, a formal request must be submitted to the Campus Credit Card Coordinator, Accounting Office. The request must include the following information and must be signed by both the department head accountable for the credit card merchant operation and the department business officer responsible for operating it:
1. Department name
2. Department building, room number, and mail stop
3. Name, voice telephone number, facsimile telephone number, and email address of the following people:
a. Department Head
b. Business Officer responsible for the departmental cashiering process
c. Department contact person
4. Names of credit cards that will be accepted (e.g. Visa, MasterCard, Discover, and/or American Express)
5. The reason(s) why the department wants to become a credit card merchant, which must, at a minimum, include the following information:
a. Description of activities generating revenue
b. Actual sales volume for the last three fiscal years and projected sales volume for the current and next two years assuming credit cards can be accepted as a means of payment
c. Estimated percentage of projected sales paid with credit cards
d. Explanation of the benefits to the campus from the department accepting credit cards as a means of payment
e. Description of the planned credit card transaction handling process, including procedures for handling refunds and chargebacks, and an explanation of the staff positions involved in the process
f. Inclusion of the following statement indicating a full understanding and acceptance of all of the terms, conditions, and policies related to being a UCSC credit card merchant:
“We understand and agree to operate the <name of department or program> credit card merchant operation in full compliance with terms and conditions described in the “UCSC Credit Card Merchant Policy.”
6. Upon review of the request by the Campus Credit Card Coordinator and the Assistant Vice Chancellor – Financial Affairs, the department head will be notified of the determination
7. Upon approval, a designated merchant department representative will work with the Campus Credit Card Coordinator and the credit card company to obtain the equipment, establish a terminal identification number, and coordinate training of departmental credit card transaction handlers
American Express and Discover Cards – charge cards issued by those companies directly to the cardholder.
Bank card – a Visa or Mastercard charge card issued by a bank that is a member of the Visa or Mastercard Association.
Card processor – a bank that processes credit card transactions on behalf of a merchant. UCSC merchants use the card processor selected by the University.Credit card – Bank, American Express, or Discover card.
Discount fees – the fees paid by the UCSC merchant accepting a credit/debit card for payment. For Visa and Mastercard, the largest component of the discount fee is interchange, which is charged by the Visa or Mastercard Associations. Interchange rates are not negotiable, as they are determined by the Associations and are based on qualification requirements of each transaction. The bank that issues a credit card to an individual receives the interchange fees.
Fee, convenience – a fee charged for the convenience of paying via an automated payment channel. A UCSC credit card merchant may not assess a convenience fee.
Fee, flat – a flat dollar amount charged, regardless of payment amount. A UCSC credit card merchant may not assess a flat fee or surcharge.
Fee, variable rate – a fee that varies based on the amount paid. May be percentage based or tiered. A UCSC credit card merchant may not assess a variable rate fee.
Merchant – a UCSC department or program accepting credit cards as a form of payment. Each UCSC merchant must have a distinct identification number (referred to as a MID) which must be established by the acquiring bank (also referred to as the merchant bank) before credit card processing can commence. The Campus Credit Card Coordinator (Accounting Office) must be involved in the establishment of all campus credit card merchants. Terminal identification numbers (TID) must be established for each merchant as the mechanism to initiate credit card transactions. TID’s must be established even if software is being used to initiate the transactions.
Merchant bank - see card processor
Payment channel – way that a payment is received. Mail (including drop boxes), in-person/over-the-counter, and telephone (interaction with a live person) are traditional payment channels. Interactive voice response (IVR), internet/web, and kiosk (web access provided on-site) are “convenient” automated payment channels.
Payment type – cash, check, Automated Clearing House (ACH) debit (sometimes referred to as electronic check), ATM debit card, or credit card.
Surcharge – a fee charged to the cardholder for paying with a credit card, whether charged separately or reflected in a higher price, that is not charged to someone paying via another payment type such as cash or check. A UCSC credit card merchant may not assess a surcharge.
IV. Getting Help
The Campus Credit Card Coordinator (Accounting Office) provides assistance to campus credit card merchants. Please consult the UCSC telephone directory or UCSC Financial Affairs website for contact information.
V. Responsibilities and Authority
The Department Head is responsible for the ensuring departmental credit card merchant operations comply with all of the requirements of this policy and for implementing and maintaining adequate controls over departmental credit card operations. This responsibility cannot be delegated. However, the responsibility for implementing procedures governing the operation of a department’s credit card operation can be delegated to qualified individuals.
The Campus Credit Card Coordinator is responsible for assisting departments in implementing credit card operations and serving as a liaison with campus credit card merchants and with the UC Office of the President Banking Services Group.
The Assistant Vice Chancellor – Financial Affairs is responsible for authorizing a campus department to operate a merchant credit card operation.
VI. Related Policies/References for More Information
UC Accounting Manual
• Accounting Manual Section C-173-85 Cash: Credit and Debit Card Program (http://www.ucop.edu/ucophome/policies/acctman/c-173-85.pdf)
Business and Finance Bulletin
• BUS-49 Policy for Handling Cash and Cash Equivalents (http://www.ucop.edu/ucophome/policies/bfb/bus49toc.html)
• IS-3 Electronic Information Security (http://www.ucop.edu/ucophome/policies/bfb/is3.pdf)
• RMP-7 Privacy and Access to Information Responsibilities (http://www.ucop.edu/ucophome/policies/bfb/rmp7.html)
• RMP-8 Legal Requirements on Privacy of and Access to Information (http://www.ucop.edu/ucophome/policies/bfb/rmp8toc.html)
• UC Office of the President Guidelines for Accepting Credit Cards as Form of Payment for Education, Registration and Other Fees (http://www.ucop.edu/finmgt/banking/ccpayguide.pdf)
UC Santa Cruz Policy
Financial Affairs email@example.com