Guideline for Maintaining Merchant Accounts

Purpose

The purpose of this document is to provide guidance on maintaining merchant accounts for accepting payment cards (credit and debit cards).

Scope

This guideline applies to all UNC Charlotte employees, affiliates and authorized users who will interact with payment card data, functions or systems as part of their job duties.

Contacts

Direct general questions about this guideline to the Office of the Bursar – Merchant Services at ecommerce@charlotte.edu.

Guidelines

All departments or units issued a merchant account will be required to:

• Disclose return, refund, and/or cancellation policies to the cardholder before the cardholder enters their card information for processing. Signs disclosing the policy must be clearly visible at the Point of Sale (POS) for Card Present (CP) transactions or on the website/online portal for Card Not Present (CNP) internet transactions.
• Follow the Standard for Handling Cardholder Data which includes reporting security incidents immediately.
• Reconcile transactions and settle sales electronically to the merchant services provider on a daily basis.
• Investigate and respond to disputes, retrievals, and chargebacks on a timely basis.
• Maintain adequate records of the sales transaction (i.e., daily sales totals, logs, etc.) in accordance with State record retention policies.
• Complete the EC-Merchant Agreement on an annual basis.
• Document their business processes for card processing on an annual basis or when significant changes occur to the card processing environment.
• Ensure staff meet merchant training requirements for card processing.
• Complete required Self-Assessment Questionnaires (SAQs), a reporting tool used by merchants and service providers to self-report their adherence to the Payment Card Industry Data Security Standards (PCI DSS), and associated validation documentation requirements. 
• Complete required Attestation of Compliance (AOC) with PCI DSS, which declares the accuracy and truthfulness of information provided in the SAQ. 

The Office of the Bursar – Merchant Services will review accounts periodically and reserves the right to close merchant accounts with extended periods of inactivity.

Related Resources

• Standard for Accepting Electronic Payments
• Standard for Handling Cardholder Data
• University Policy 605.3, Retention, Disposition, and Security of University Records

Revision History

• Initially approved by the AVC for Finance on November 25, 2024