To: University Business Managers
From: CERTIFI Committee
Date: September 9, 2011
The Compliant Electronic Receipts Through Innovation and Financial Integrity (CERTIFI) committee is charged with ensuring the University’s compliance with the Payment Card Industry (PCI) Data Security Standard.
Recently, the CERTIFI committee had to decline a request for accepting payments by credit card to a business unit within the University. The CERTIFI committee had worked with the business unit and attempted to assist the business unit in meeting PCI Data Security Standard requirements as well as the University policies for safeguarding confidential information. However, the contract presented by the business unit to the CERTIFI committee fell short on both points and left the CERTIFI committee no choice but to reject the request to accept payments by credit card.
The CERTIFI committee would like to use this opportunity to again remind all business units involved in accepting payment by credit cards that contracts for software or hardware purchases, upgrades, renewals or contracts outsourcing credit card payments to a vendor, as well as any other contract related to credit card acceptance need to be reviewed by the CERTIFI committee BEFORE signing to ensure that University policies are being met. In addition to verifying that contracts adhere to University policies, the CERTIFI committee will also review contracts for compliance with the PCI Data Security Standard, covering topics such as PCI compliance status of the vendor and workflow consistent with the University’s role in supporting credit card merchants.
Updated Credit Card Merchant policies and procedures may be found in the Finance Policy and Procedure Manual. University Information Technology (IT) policies may be found on the Information Technology Services website under University IT Policies.
Your cooperation in this matter is appreciated.
*This memo is also being sent to the Carolina Technology Consultants (CTC) listserv.*