Merchant Services

Treasury Services manages Western's relationship with our merchant bank and is responsible for issuance of all WWU merchant accounts. All departments authorized to accept credit cards as a payment method for their customers must be compliant with Payment Card Industry Data Security Standards (PCI DSS). All departments must be authorized by Treasury Services. To start the process, please submit the E-Commerce Authorization form and the Bankcard Authorization form.

Credit Card Processing

At Western, there are several types of credit card processing methods used:

 

Credit Card Processing Method Environment Equipment Required Departmental Cost
CASHNet eMarket eCommerce eCommerce where the customers directly input the credit card data. Interchange fees
Credit Card Terminal Face-to-face or Mail order / telephone order (MOTO) Stand-alone credit card processing terminal, dedicated analog phone line Interchange fees, analog phone line
Third Party eMarket eCommerce Must be pre-approved by the Director of Administrative Computing Varies
The following methods of Credit Card Processing is being phased out. Because of potential PCI issues, they are no longer approved by the University. Please visit our eCommerce site or contact Becky Kellow x-3720, to discuss alternatives.
Credit Card Deposit Form Department submits to Cashier's Office Personal computer to obtain Credit Card Deposit Form Varies
Third Party eMarket eCommerce Varies Varies

 

**NOTE: At this time (7/2014), mobile point-of-sale tools (Square, Shopify, etc.) ARE CURRENTLY NOT APPROVED DEVICES FOR ACCEPTING PAYMENTS.

 

Why is PCI-Compliance such a big deal? Why is it so important?

The payment card industry consists of all the organizations which store, process and transmit cardholder data, most notably for debit and credit cards. The PCI Security Standards Council is an open global forum that develops security standards used throughout the industry. Compliance requirements are established by individual card brands including, American Express, Discover Financial Services, MasterCard and Visa. The PCI Standards Council is responsible for the development, management, education, and awareness of the PCI Security Standards. PCI compliance is a very serious and important issue for the University.

Penalties for PCI non-compliance
The Payment Card Industry has established fines of up to $500,000 per incident for security breaches when merchants are not PCI compliant.

In addition, it is required that all individuals whose information is believed to have been compromised must be notified in writing to be on alert for fraudulent charges. As such, the potential cost of a security breach can far exceed $500,000 when the cost of customer notification and recovery is calculated.

Potential cost of a security breach

  • Fines of $500,000 per incident for being PCI non-compliant
  • Increased audit requirements
  • Potential for campus wide shut down of credit card activity by our merchant bank
  • Cost of printing and postage for customer notification mailing
  • Cost of staff time (payroll) during security recovery
  • Cost of lost business during register or store closures and processing time
  • Decreased sales due to marred public image and loss of customer confidence

 

Please contact Becky Kellow x-3720, Treasury Services Manager for further information.

Page Updated 08.22.2014