Credit Card FAQ’s
- Credit cards we accept
- What are the PCI DSS Security Standards?
- What is card holder data?
- Do you store paper documents that have the CAV2 / CVC2 / CVV2 / CID code on them?
- Does your terminal display the full PAN or card number on the machine and print the full PAN or card number on the receipt?
- What is a QSA (Qualified Security Assessor)?
- Who is the QSA Company for UMSystem?
- What is an Approved Scanning Vendor?
- Who is the Approved Scanning Vendor for UMSystem?
- What is a convenience fee?
- Can I charge a Convenience Fee to my customers?
- New Retail Merchant Information
- Existing Merchant Updates
- Requesting a new credit card machine
- Using your machine
- Can I request a loaner machine?
- Is there a reporting system that I can have access to in order to view my merchant credit card transactions?
- E-Commerce Frequently Asked Questions
- What are internal controls and where can I find more information?
- What is the records retention policy for credit card receipts?
- What do I do if I suspect that my payment card operation has experienced a breach?
- What are the rules for processing credit card refunds?
- What are the credit card costs?
- Is there an EMV Chip and PIN corporate travel credit card available for University travel overseas?
- American express (in the process of fully implementing, and the merchants will be notified when completed)
- The PCI DSS (Payment Card Industry Data Security Standards), a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.
- The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
Account Data consists of Cardholder Data plus Sensitive Authentication Data, as follows:
|Cardholder Data Includes:||Sensitive Authentication Data Includes:|
|Primary Account Number (PAN)||Full magnetic stripe data or equivalent on a chip|
|Cardholder Name||CAV2 / CVC2 / CVV2 / CID|
|Expiration Date||PINs / PIN blocks|
The following table illustrates commonly used elements of cardholder and sensitive authentication data, whether storage of each element is permitted or prohibited, and whether each data element must be protected. This table is not exhaustive, but is presented to illustrate the different types of requirements that apply to each data element.
|Data Element||Storage Permitted||Render Stored Account Data Unreadable per Requirement 3.4|
|Account Data||Cardholder Data||Primary Account Number (PAN)||Yes||Yes|
|Sensitive Authentication Data||Full Magnetic Stripe Data||No||Cannot Store|
|CAV2 / CVC2 / CVV2 / CID||No||Cannot Store|
|PIN / PIN Block||No||Cannot Store|
- Per PCI DSS requirements, you are not allowed to store this information electronically or in paper form. If you have current paper storage with the CVV code stored you need to remove the CVV. You cannot mark it out, it can be marked out and then a copy made and the original cross-cut shredded.
- Please contact John Layman, 573-882-3318 because your terminal needs to be replaced.
- The Payment Card Industry (PCI) Qualified Security Assessor (QSA) designation is conferred by the PCI Security Standards Council to those individuals that meet specific information security education requirements, have taken the appropriate training from the PCI Security Standards Council, are employees of an Approved PCI Security and Auditing Firm, and will be performing PCI compliance assessments as they relate to the protection of credit card data.
- The term QSA may also be implied to identify an individual qualified to perform PCI compliance auditing and consulting.
- Trustwave is the approved QSA company used by the Curators of the University of Missouri.
- Approved Scanning Vendors (ASVs) are organizations that validate adherence to certain DSS requirements by performing vulnerability scans of internet facing environments of merchants and service providers.
- TrustKeeper is the Approved Scanning Vendor used by the Curators of the University of Missouri.
- The definition of a convenience fee varies slightly from one card brand to the next, but it's basically a charge in addition to the original transaction amount for the convenience of being able to use an alternate payment method. This is different than a surcharge. Surcharging customers for paying with a credit card is considered discrimination based on payment type. A convenience fee is a charge for offering customers another payment option that is separate and in addition to the standard payment methods.
- Please contact John Layman to determine if you would be eligible and what specific rules you would have to follow. As an alternative it might be better to determine all costs of doing business and add that total into your goods or services that you are selling. This is the best way to recoup those costs and it is a better customer friendly model.
- In order to accept credit card payments, either from a physical store or a store on the Internet, you need to have a merchant account id assigned by an acquiring financial institution. This is a requirement for physical stores as well as stores on the Internet. An acquiring financial institution contracts with merchants to enable them to accept credit card transactions. In order to take credit card payments over the web using your browser and secure server technology (SSL) you will need a merchant credit card account ("Merchant Account") that is specifically meant for Internet-based transactions. You may already have a merchant ID for handling your phone/fax orders, but a seperate merchant is required to do e-commerce business. Commerce Bank is the University's financial institution, so they assign the merchant account for internet applications. You must check with ISAM and the Treasurer's Office before you purchase a new e-commerce system. The acquiring financial institution records the daily credit card sales for your merchant account and transfers that information to the University for posting to your PeopleSoft Financials General Ledger account. When implementation of your application is underway, the e-commerce team will ask you for the information that is needed to request a merchant account ID.
- Please complete our on line form. Once the request is received by The Office of the Treasurer, it will be initiated for completion. If you need an E-Commerce Merchant then please fill out the E-Commerce Request Form.
- The first process is obtaining the Discover and American Express merchant ID’s for your new retail merchant account.
- Once those have been established, the request is forwarded to our financial institution, Commerce Bank, so that they can establish the Visa/MasterCard merchant ID’s and have the card reader machine setup and delivered to the department.
- Once the Visa/MasterCard merchant ID has been established, the PeopleSoft financials feed will be established so that the revenue and expenses are fed correctly into the general ledger for your merchant.
- Once the card reader arrives at your processing location it should already be programmed (dial 9, auto batch close, etc.). You should just be able to plug it in (power and phone line if dialup) and it should work to your specific specifications.
- If for some reason you are having an issue with your card reader please contact the IT helpdesk at 573/882-5000 and email@example.com to trouble shoot the phone line and Commerce Bank Merchant Support at 800/828-1629 and firstname.lastname@example.org.
- Please complete our online merchant update request form. Once the request is received by The Office of the Treasurer, it will be initiated for completion. Once the update has been completed the Treasurer’s Office will notify the department that originated the update request.
- To request a new credit card machine, please fill out the new credit card machine form and email the form to John Layman.
- There is a possibility that you can "swap-out" your old machine that has stopped working for a new machine. If your old machine will need to be swapped-out then a new machine will be shipped to you and upon receipt of it you will need to return the older Vx570 IP model in the box provided. The box will also include a UPS Call Tag for pickup with instructions. The following items must be returned in order to complete the swap out process: Terminal, Power Cord, and Cables. A swap-out costs less than a regular machine order.
- If you are not able to "swap-out" your machine then please mail the old machine to: Attn. John Layman, 118 University Hall, Columbia, MO 65211
- Please contact the Merchant Support Desk at 800-828-1629 to request a swap out of the Vx570. The manufacturer VeriFone does not provide a warranty but Commerce Bank does provide a 90 day warranty. If past warranty, the swap out will cost them $100. When they call the Support Desk they will need to provide the serial number from the Vx570. If they call Mon – Thurs before 4:30 pm the terminal will be delivered the next day.
- Most terminals are dial up communication but some are IP communication or wireless. The communication method for a new machine depends on which type you request. Below are the manuals and quick reference guides for each terminal available through Commerce Bank. All terminals except the Nurit 8020 supports the invoice function for spliting revenue to different GL accounts. For additional information see; What is the ECC and how does it work and How to use the invoice function to post revenue to the GL using different MO Codes per transaction.
- If you have questions concerning your setup please contact John Layman.
- Please Note, you can change your communication method (Dial to IP or IP to Dial) by calling Commerce Bank Merchant Services 800-828-1629 so that they can create a new TID# (terminal ID number) and for them to send a new download for your terminal.
- Many terminals have the invoice function turned on. The invoice field consists of 10 characters. If you do have this, the account code is the first 2 digits of the invoice number and then the time of day entered twice as the other 8 digits. So for example, account code 03 and if the time of day was 12:37 pm, the invoice you would want to enter would be 0312371237.
- The ECC stands for Electronic Credit Card. This is a people soft application that takes the end of day file from the card processor (First Data Merchant Services) and posts it to the GL. If you have the invoice field turned on then the ECC takes that information that was entered and uses the first 2 digits and places the revenue into the mo code and PS account associated with that 2 digit code. To request an update to the ECC please contact John Layman at 573-882-3318
- If your invoice function has been turned on and your ECC account codes have been established then you need to enter a unique invoice number for the transaction. The invoice field consists of 10 characters. If you do have this the account code as the first 2 digits of the invoice number and then the time of day entered twice as the other 8 digits. So for example, account code 03 and the time of day was 12:37 pm, you invoice you would want to enter would be 0312371237.
- If the invoice function is not turned on then the invoice will be automatically populated by a sequential number through the day for your batch. This number could help you with your reconciliation process.
- If you do not have a merchant number but you have infrequent events or other uses for a machine, then you can contact John Layman and arrange to have a terminal reserved and setup for your event. You would need to pick up the machine and return the machine to 118 University Hall.
- You would need to setup an account using the following link https://www.myclientline.net/welcome.html
- If you have any questions with this process, please contact John Layman and he can walk you through that process.
- Please click this link for the E-Commerce FAQ page.
- Please see the following links for more information concerning internal controls.
- Here is a link to the policy for records retention.
- Please report any and all security incidents and security weaknesses per the incident response policy.
- In almost all cases, the refund should be processed back to the same card that was originally processed. In some cases the card may have expired. If so you will have to contact the customer to obtain the correct card information in order to process the refund. It is not a good idea to refund in cash or check. Without an offsetting credit, the card issuing bank has no evidence of a refund and may still pursue to have a chargeback reverse the sale. In this case you run the risk of having two refunds processed.
- No not at this time. JPMorgan Chase Bank does not offer this card as a University travel card at this time. When they do become available we will let you know at that time.