At UNC Charlotte, the eCommerce/Merchant Services Office acts to enable, support, and secure electronic payments. This office manages the establishment of and support to all eCommerce units, or Merchants, on campus. It provides guidance and oversight to those campus eCommerce units on industry, national, state, and University compliance regulations and standards. It develops and implements changes as necessary to University policy and procedures related to eCommerce. It also acts as the contact point or interface for third party eCommerce applications and state and regulatory agencies as they relate to that function. The Payment Card Industry Data Security Standard (PCI DSS) acts as the basis for regulatory compliance for payment card transactions and is governed by the PCI Security Standards Council (PCI SSC).
All UNC Charlotte merchants are required to comply with the PCI DSS and relevant University policy.
- You may reference these documents for guidance on card processing: Payment (Credit/Debit) Card Processing Standard and the Payment (Credit/Debit) Card Processing Procedures.
- The University Security Awareness Training is accessed within the Learning and Development portal. Guidance for accessing the training is located on the OneIT Information Security Education webpage or within the UNC Charlotte FAQs.
- Please check out the Guideline for Data Handling for further guidance on the classification and handling of University data. It is an excellent resource.
- Forms and other helpful information are also available to Campus Merchants on the S drive under Campus Merchants.
- Third Party Vendor Reminder: Please remember that you must obtain approval from Business Affairs to use any third party vendors other than TouchNet for accepting electronic payments to the University. See Policy 311 and its associated Standard, the Payment Card Processing Standard, and Payment Card Processing Procedures. Contact the PCI/eCommerce Manager with related questions.
- Card Processing Contracts: Please forward all contracts that involve a card processing component of any type to the PCI/eCommerce Manager for review before they are executed. Any contract that pertains to card processing that does not contain required language will be required to go through an Addendum process before card processing setups are implemented.
- Daily Deposits are to be made to the University Cashiers using the Payment Book Receipt (PBR), a subcomponent of the Financial Transaction Request (FTR) form. You may access more information and training videos on the University FAQ site. Directions for submitting card deposits to the University Cashiers may also be located on the S drive under Campus Merchants>Helpful Documentation> SAO User Manual.