WWU eMarket Guidelines

GENERAL OVERVIEW

Western Washington University recognizes that departments may need to accept payment for services rendered. The purpose of these guidelines is to establish procedures for accepting payment cards and provide general ground rules for the appropriate way to handle such funds. This guidelines are intended to minimize the risk of accepting payments and to provide the greatest value, security, and service to each University department within the rules, regulations and guidelines established by the Payment Card Industry (PCI).

These guidelines apply to all university departments that are involved in the acceptance of payment cards on behalf of Western Washington. This includes employees, contractors, consultants, temporary employees and other workers in the university units. These guidelines also apply to external applications linked to a Western Washington University website which accept payment cards and external vendors who collect, process, or store payment card data on behalf of Western Washington University.


I. DEFINITIONS (as used on this site)

Cardholder
Customer to whom a card is issued or individual authorized to use the card.

Cardholder Data
Any personally identifiable data associated with the cardholder. This could be an account number, expiration date, Card Validation Code (CVC), Card Verification Value (CVV), or Card Identification Number (CID).

CASHNet
Software application used by Western Washington University for recording transactions related to cash, checks, ACH or payment cards.

CASHNet E-Market
CASHNet E-Market includes Storefront and Checkout solutions that can be used independently or together, allowing various campus-wide departments to seamlessly accept and authorize payments. Types of payments are defined by the individual department and can include one-time payments for events on campus and conference registration fees.

Charge backs
The deduction of a disputed sale previously credited to a university unit’s account when the unit fails to prove that the customer authorized the credit card transaction.

Payment Cards
Credit cards or debit cards issued by a financial institution. Contact the E-Market Administrator for acceptable payment cards.

Payment Card Industry
Payment Card Industry (PCI) is a council formed by the credit card industry (VISA, MasterCard, Discover, and American Express) to establish Data Security Standards (DSS) for the industry.

Point-of-sale Terminal
A point-of-sale (POS) terminal is an electronic terminal and printer where the university unit swipes a credit card to obtain authorization for the transaction. A receipt is printed which the customer signs.

University Unit
A department, service center, student organization, or other university entity that accepts payments to conduct business.


II. E-MARKET GUIDELINES

The purpose of these guidelines is to establish procedures for accepting online payments, including credit cards at Western Washington University that will minimize risk and provide the greatest value, security, and service to each university department within the rules, regulations and guidelines established by the Payment Card Industry (PCI)


III. WHO IS AFFECTED

All university departments that are involved in the acceptance of online credit card payments on behalf of Western Washington University are affected. This includes employees, temporary employees and other workers in the university departments. These guidelines also apply to external applications linked to Western Washington websites which accept payment cards.


IV. WHO SHOULD COMPLY?

Any university department that conducts business on behalf of Western Washington University through payment card transactions and any university department responsible for developing and/or maintaining the infrastructure surrounding accepting credit card payments (i.e. website, software programs, etc.)

V. CONTACTS

Treasury Services Manager 360-650-3720


VI. OVERVIEW OF POLICY

Credit cards may be accepted by university departments for various purposes, including the sale of goods or services, and donation of gifts. Treasury Services may immediately remove any university department’s ability to accept credit cards if that unit’s actions violate any part of this Policy or puts Western Washington University at risk. Please contact Treasury Services if you have any questions regarding permitted transaction types.


A. Acceptable Credit Cards
Western Washington University accepts VISA, MasterCard, Discover and American Express. Western Washington University has negotiated contracts for processing credit card transactions. Individual university departments must not attempt to negotiate individual contracts with these or other payment card companies.

B. Prohibited Credit Card Activities
Western Washington University prohibits certain credit card activities for departments that include, but are not limited to:

  • Accepting credit cards for tuition and fees.
  • Accepting credit cards for cash advances.
  • Discounting a good or service based on the method of payment.
  • Using a paper imprinting system.
  • Storing in anyway credit card information in paper files, on network drives, or hard drives on university computers.

C. Credit Card Fees
Each credit card transaction will have a merchant fee charged by the credit card company. Each university department processing credit card transactions will be charged for all credit card fees associated with transactions originating from their department.

D. Refunds for Credit Card Transactions
When a good or service is purchased using a credit card, and a refund is necessary, the refund must be credited back to the account that was originally charged. Western Washington University prohibits refunds in excess of the original sale amount. Western Washington University also prohibits cash refunds. If a refund needs to be processed please complete and submit the General Refund Voucher form.

E. Charge backs for Credit Card Transactions
Occasionally a customer will dispute a credit card transaction, ultimately leading to a chargeback. If not resolved, the transaction will be charged back against the university department’s general ledger account.

H. Maintaining Security

  • Every university department accepting credit card payments on behalf of Western Washington University is subject to the Payment Card Industry Data Security Standards (PCI DSS).
  • Western Washington University does not allow credit card and checking account data transmission via fax, e-mail, unsealed envelopes through campus mail, or wireless networks, as these are not secure.
  • Western Washington University requires that all external service providers be PCI compliant.
  • Access to cardholder data and checking account information is restricted to those with a business need to know.
  • For electronic media, cardholder data should not be stored in its entirety on servers, local hard drives, or external (removable) media including floppy discs, CDs, and thumb drives (also called flash drives).
  • For paper media (e.g. paper receipts and forms), records can only show the last 4 digits of the card number.


VIII. Procedures

Western Washington University requires the proper procedures be followed in order to grant the creation and use of an eMarket site. All required Western Washington University signatures are needed for approval prior to the start of an eMarket site. Please be sure to allow at least three (3) weeks for implementation of an eMarket site.

A. Obtaining Approval for an eMarket
Western Washington University requires all university units interested in using an eMarket site to obtain the proper approvals. An eMarket Request eSign Form, needs to be completely filled out prior to initiating a request. Please note that this form is for information purposes only to be used in determining the necessity of creating your eMarket request. The eMarket Administrator has final approval to create or publish an eMarket. The form requires the following information be identified:

  • Department information, including contact information.
  • Questions answered regarding the need for an eMarket and the type of transactions you will be processing.
  • Approval Routing
    • Person requesting the eMarket Checkout
    • Financial Manger/Budget Authority
    • Manger Treasury Services
    • eMarket Administrator

B. Final Approval
The following approval is needed prior to the final implementation of an eMarket Checkout:

  • eMarket Administrator


C. eMarket Checklist Form
The eMarket Checklist form is used by the eMarket Administrators to track progress throughout the creation of a new eMarket. The eMarket Administrators are required to update this form as each task is completed. A copy of the form should be filed with all documentation regarding the creation and implementation of an eMarket site.

Page Updated 07.25.2014