Treasury Services manages Western's relationship with our merchant bank and is responsible for issuance of all WWU merchant accounts. All departments authorized to accept credit cards as a payment method for their customers must be compliant with Payment Card Industry Data Security Standards (PCI DSS). All departments must be authorized by Treasury Services. To start the process, please submit the E-Commerce Authorization form and the Bankcard Authorization form.
Credit Card Processing
At Western, there are several types of credit card processing methods used:
|Credit Card Processing Method||Environment||Equipment Required||Departmental Cost|
|CASHNet eMarket||eCommerce||eCommerce where the customers directly input the credit card data.||Interchange fees|
|Credit Card Terminal||Face-to-face or Mail order / telephone order (MOTO)||Stand-alone credit card processing terminal, dedicated analog phone line||Interchange fees, analog phone line|
|Third Party eMarket||eCommerce||Must be pre-approved by the Director of Administrative Computing||Varies|
|The following methods of Credit Card Processing is being phased out. Because of potential PCI issues, they are no longer approved by the University. Please visit our eCommerce site or contact Becky Kellow x-3720, to discuss alternatives.|
|Credit Card Deposit Form||Department submits to Cashier's Office||Personal computer to obtain Credit Card Deposit Form||Varies|
|Third Party eMarket||eCommerce||Varies||Varies|
**NOTE: At this time (7/2014), mobile point-of-sale tools (Square, Shopify, etc.) ARE CURRENTLY NOT APPROVED DEVICES FOR ACCEPTING PAYMENTS.
Why is PCI-Compliance such a big deal? Why is it so important?
The payment card industry consists of all the organizations which store, process and transmit cardholder data, most notably for debit and credit cards. The PCI Security Standards Council is an open global forum that develops security standards used throughout the industry. Compliance requirements are established by individual card brands including, American Express, Discover Financial Services, MasterCard and Visa. The PCI Standards Council is responsible for the development, management, education, and awareness of the PCI Security Standards. PCI compliance is a very serious and important issue for the University.
Penalties for PCI non-compliance
The Payment Card Industry has established fines of up to $500,000 per incident for security breaches when merchants are not PCI compliant.
In addition, it is required that all individuals whose information is believed to have been compromised must be notified in writing to be on alert for fraudulent charges. As such, the potential cost of a security breach can far exceed $500,000 when the cost of customer notification and recovery is calculated.
Potential cost of a security breach
- Fines of $500,000 per incident for being PCI non-compliant
- Increased audit requirements
- Potential for campus wide shut down of credit card activity by our merchant bank
- Cost of printing and postage for customer notification mailing
- Cost of staff time (payroll) during security recovery
- Cost of lost business during register or store closures and processing time
- Decreased sales due to marred public image and loss of customer confidence
Please contact Becky Kellow x-3720, Treasury Services Manager for further information.