Guideline for Third Parties Accepting Electronic Payments on Behalf of the University or on University Property

Purpose

The purpose of this document is to provide guidance for third party merchants, including student organizations, who accept payment (credit/debit) cards on behalf of the UNC Charlotte or on University property. Adherence to this standard will help ensure that the University is doing business with third party merchants who are compliant with Payment Card Industry Data Security Standard (PCI DSS) requirements.

Scope

This guideline applies to all third parties authorized to do business on behalf of or on University property who will be interacting with payment card data, functions, or systems as part of their job duties.

Contacts

Direct general questions about this guideline to the Office of the Bursar – Merchant Services at ecommerce@charlotte.edu.

Guidelines

Obtain Prior Approval(s)

Third parties, including student organizations, may not process payment cards on behalf of the University or on University property without proof of PCI DSS compliance and prior approval from their division or college/administrative Business Officer and authorization from the Vice Chancellor for Business Affairs’ (VCBA) designee (i.e., Office of the Bursar – Merchant Services). All third parties should coordinate their activity with relevant campus merchants prior to conducting business, regardless of the method of payment.

• All student organizations must be approved by the SGA Senate and abide by the Student Organization Handbook. 
• All dining or vending related activities (e.g., food trucks, delivery robots, etc.) must be approved  through the food service company under contract to the University in accordance with the Food Service Policy. Visit Auxiliary Services – Catering and submit a Food Service Waiver Form.
• All transportation related activities (e.g., scooters, bike rental) must be approved  through Parking and Transportation Services.
• All space reservations must be approved through the Conference, Reservations, and Event Services (CRES) Office, in accordance with the University’s Policy on Use of University Space.  
• All alumni related activities should be coordinated through the Office of Alumni Engagement.
• All gifts, donations, or sponsorships must be approved through University Advancement before acceptance of those monies.
• All athletic related activities (including camps and clinics) must be approved by the Division of Athletics. All University-sponsored programs involving non-student minors (including athletics camps sponsored by University coaches) must report their program to the Office of Risk Management and Insurance (RMI) at least two weeks prior to the program beginning. 

Card Present (CP) Transactions on Campus

Transactions must not be processed over the University’s wired or wireless network. They may only be processed on cellular devices that do not interface with the University network or over networks provided and managed by the third party.

Online Payment Processing

If a student organization website is hosted on a University server, it is prohibited from linking out for payment processing. 

Externally hosted (i.e., not hosted at/or by the University) student organization web pages that include payment processing, must have a visible disclaimer readily viewable on the site stating that the site is not the University or a part of it. Please see below for an example disclaimer:

This is not a University of North Carolina at Charlotte (“University”) website. This registration and payment portal is administered by a third party payment processor (“Payment Processor”). The Payment Processor is responsible for the security and system availability of the payment portal. The University does not endorse, recommend, guarantee, control, or accept responsibility for any product or service made available by Payment Processor. The presence of a link to the Payment Processor’s website does not imply any affiliation, endorsement, approval, or verification by the University.

You understand that the Payment Processor’s website may contain terms and privacy policies that are different from the University’s terms and policies. You should review these provisions to ensure that you understand them, and to determine whether the website is suitable for you. The University does not review, and is not responsible for, these provisions.

The University will not be liable for any losses arising from or in connection with any errors or omissions with respect to payments processed by the Payment Processor, or any fees or charges imposed by the Payment Processor. 

Related Resources

• Standard for Accepting Electronic Payments
• Student Organization Handbook
• University Policy 601.6, Use of University Space
• University Policy 709, Food Service Policy

Revision History

• Initially approved by the AVC for Finance on November 25, 2024