General Information for New Merchants

One of our best resources for potential credit card merchants is our FAQ page. 
  • Credit Card FAQ
  • If you have additional questions or concerns please contact John Layman at 573-882-3318 or Commerce Bank merchant services at 800-828-1629.
What are the setup costs and what are the credit card fees?
 As a merchant, how do I become PCI complaint and remain PCI compliant?
  • All appropriate personnel must go through annual PCI training.
    • Any official, administrator, or affiliate with responsibilities for managing University cardholder transactions and employees or personnel entrusted with handling or processing cardholder payments must complete annual training.  IT Directors and designated staff must also complete the annual training and also comply with University Computing Security Standards. 
      • The training, SANS Securing the Human, is online computer based training that covers PCI as well as other security topics that directly relate to PCI security.
      • Link to the SANS Training Website.
      • If you are a Hospital emplyee you must take the "PCI2014" course through Pathlore and pass the "PCIEXAM"
      • The Treasurer's Office will conduct annual onsite training for each Campus, for Hospital and University Physicians.
        • See the Human Resources Training Conference Website for more details for the MU, Hospital, & University Physicians in person training.
        • UMSL, UMKC, and MO S&T in person training will be scheduled each year in the spring.
      • There is additional optional training through myLearn
        • You can access this training by logging into myHR with your user ID and password.  To navigate to the training section please click Main Menu -> Self Service -> Personal Information -> HR Training - myLearn.  Once myLearn has opened, please search for 2 different online training sessions: "PCI Compliance: What you need to know" and "Privacy and Information Security"
  • All merchants must have policies and procedures specific to their merchant environment. 
    • Policies and Procedures templates can be found on the Payment Card Policies section of the Treasurer's Office Website. 
    • If you are not sure what template you need to use please contact John Layman (laymanj@umsystem.edu) to help you scope your merchant environment. 
  • All merchants must know and understand the University Credit Card Policy.
  • When establishing a relationship with a new service provider the University must do our due diligence prior to engagement.  Due diligence can include; risk analysis prior to establishing a formal relationship, obtain service provider’s reporting practices, breach-notification and incident response procedures, details of how PCI DSS responsibilities are assigned between each party, and how the service provider validates their PCI DSS compliance.  Merchants are permitted to use service providers who are on the PCI approved list and are a service provider (See link in this document “Definitions and PCI links”).  Alternatively, the merchant may use a service provider who has completed an annual Attestation of Compliance (AoC) prepared by a PCI Qualified Security Assessor (QSA).  All service providers must sign the University Service Provider Contract. The service provider contract must be submitted to the Office of the Treasurer and maintained by the department for the annual audit. Service providers must maintain PCI compliance and the department must monitor the annual renewal date of compliance.
What are the polices concerning acceptance of credit cards? 

Reviewed 2014-06-11.