To: Campus Unit Finance Leads, University Business Managers
From: Brooke O’Neal, University Merchant Manager
Please forward this email to your department.
Merchants,
This memo serves as a reminder of UNC Policy and WiFi stipulations which are meant to ensure the safe, secure, fiscally prudent, and compliant conduct of University business at UNC-Chapel Hill.
Please be aware that CERTIFI will not approve Stripe or PayPal because these services require the employee to provide their personal information to set up an account, and Stripe does not allow University Counsel to insert the appropriate PCI terms and conditions into its contract. In addition, Stripe serves as the payment gateway and processor and the State of North Carolina has a contract with Fiserv for this purpose. The use of any other processor requires an exemption from the State. The University’s preferred and approved gateway is TouchNet. The use of any other gateway requires an exception from CERTIFI.
Also, please note that the University strictly prohibits the use of the University network to transact payment card/credit card transactions by third parties.
It would be helpful to review with relevant staff the following related policies for details:
- Information Technology Acceptable Use Policy – “Users are responsible for the security of their devices, including ensuring they are running up-to-date anti-virus software on their wireless devices. Users must be aware that, as they connect their devices to the Internet . . . they expose their devices to worms, viruses, Trojan horses, denial-of-service attacks, intrusions, packet-sniffing and other abuses by third-parties.”
- 308 – Policy on Merchant Card Services, under Merchant Approval:
“All payment card processing activity at or on behalf of the University requires approval of the CERTIFI committee. University departments may NOT process payment cards under any circumstances without the required CERTIFI approval memo. University departments may not set up their own banking relationships for payment card processing.” - Specifically addressed in 308, Q&A: Q: Can my department use PayPal to collect payments?
A: No. The use of PayPal is not authorized by the State Treasurer as a depository of University funds, and state law makes it a criminal offense to deposit University funds in a depository other than those approved by the State Treasurer. - 7 – Procedure on the University’s Payment Gateway: TouchNet is the University’s payment gateway and is required to be used for all online credit card transactions.
Thank you for taking the time to review this information and helping maintain strong security measures for the University’s financial transactions.