Financial Operations

University groups and departments who wish to accept credit card payments need to contact the PCI Compliance Team (PCIteam@uwsp.edu) for review, approval, and to start the relevant processes. All credit card merchants with UWSP also participate in annual Payment Card Industry Compliance activities to ensure that all university merchants understand current PCI DSS compliance recommendations for credit card activity.

Steps to become a merchant:

​To accept bank/credit cards for the payment for products, events, workshops, courses, etc., a department must obtain a merchant ID through one of two acquiring banks (currently, Fifth Third or Elavon). The merchant must follow all compliance, security standards and policies established by the bank, Payment Card Industry (PCI) Team and the University of Wisconsin.

The merchant is responsible for all credit card fees, terminal, authorization gateway, and compliance charges associated with acceptance of bank/credit cards. The bank/credit rates (interchange) are based on the type of card (AMEX, MC/Visa or Discover) utilized for the transaction.

• MasterCard and Visa interchange rates are based on the type of credit card used, i.e., government, business purchasing card, international, rewards.
• Discover and American Express have an established flat rate for the University.

A merchant must accept MasterCard, Visa, and Discover; however, a merchant may choose to accept American Express as well.

When pricing goods and services, it is good practice to include:

• 5% (estimate) for cost of acceptance of debit/credit cards
• This will cover fees associated with processing credit cards, including but not limited to:
  
• Device Fees – Flat monthly fee for devices
• Interchange Fees – 2.5 -3.1% of sale dependent on type of card
• PCI Compliance Fee – 2% of Net Sales
• All applicable University charges such as the current Program Revenue Assessment
• Any applicable sales tax

Fees and costs are tied to the type of acceptance method (e.g., e-commerce, terminal) and credit card (e.g., Visa/MC, Discover, AMEX, government, business, reward, etc.) used by the customer transaction.

The technology and fees associated will be discussed in a preliminary meeting once you contact the PCI Compliance Team.

​Merchant Coordinators are responsible for ensuring that all business processes, IT environments and associated systems for accepting, processing, retaining, and disposing of cardholder data comply with PCI DSS.

Merchant Coordinators are responsible for developing and documenting the department's card handling procedures in accordance with the Procedures (review Payment Card Processing and Compliance Policy Section 5. Procedures – B. Payment Card Data Security for required components).

Merchant Coordinators are responsible for the reconciliation of the daily merchant account activity, ensuring the activity is reconciled to not only the settled processed report, but also the general ledger WISER activity no less than monthly.  Any questionable or suspicious activity must be reported to the Bursar or the University Information Security Office immediately.

Merchant Coordinators are responsible for completing the annual SAQ in partnership with the PCI Compliance Team and IT.  Merchant Coordinators, and their designated back-up, must attend a UWSP annual PCI merchant training.  Merchant Coordinators are also responsible for ensuring all departmental employees who handle cardholder data receive the mandatory training offered online via Canvas by IT and Financial Operations.

Merchant account holders who fail to comply with established policies and procedures are subject to:

• Any fines imposed by the payment card industry;
  
• Any additional monetary costs associated with remediation, assessment, forensic analysis, or legal fees; and
• Suspension of the merchant account.