Full List of Resources
Data Security Standards Acknowledgement and Agreement
This acknowledgement form is required for all University employees that interact with credit/debit card data, functions, or systems.
Last Updated: January 11, 2021
Debarred Vendors – System for Award Management
Debarred Vendors List (NC Department of Administration)
These files contain a list of vendors debarred from doing business with the State of North Carolina, including their location, date of debarment, and reason for debarment.
Last Updated: June 1, 2021
Departmental ePrint Reports
Deposit Form for Cash & Checks
Use this deposit form to make cash & check deposits for all departments on campus. A receipt will be automatically emailed to the preparer based on the preparer’s UNC Charlotte ID number provided in the signature area.
Last Updated: January 11, 2021
Disbursement Cutoff Dates for Fiscal Year End
Purpose: The chart in the memo details the FY 2022-2023 disbursement cut-off dates for Financial Transaction Requests (FTR), Employee Student Direct Pay Requests (ESDPR), Purchase Order payments, and travel to be included in the current fiscal year. Expenses incurred after the dates noted, will be charged to the next fiscal year.
If you have additional questions regarding year-end cut-off dates, please email the respective office below:
|Disbursements (Accounts Payable & Travel)||firstname.lastname@example.org or email@example.com|
|Financial Systems Support (e.g., Banner/49er Mart)||firstname.lastname@example.org|
Last Updated: April 13, 2023
eCommerce Access Request (EC-AR) eForm
The eCommerce Access Request (EC-AR) to Reporting Systems form migrated February 28, 2018, to an eForm in the University’s Imaging System. Submit all eCommerce access or termination requests through this online eForm. An FAQ page has been created for your reference.
Last Updated: January 11, 2021
Analog: For eCommerce purposes, a non- digital line i.e., a phone line as opposed to a network or Ethernet cable.
Attestation: To certify by signature the accuracy and truthfulness of information provided. Attestation is one component of the Payment Card Industry Data Security Standards (PCI DSS) validation process.
Authorization: In the context of a payment card transaction, authorization is the first step in processing a payment card. It occurs when a merchant enters cardholder data for a transaction to their bank (acquirer) for processing and requests approval to proceed with the sale. The merchant’s acquiring bank then routes the request to the card-issuing bank where the transaction is authorized or denied and the response is then routed back to the merchant or their processing system.
Cardholder Data (CHD): At minimum, CHD consists of the full Primary Account Number (PAN). CHD may also appear in the form of the full PAN plus any of the following: cardholder name, expiration date, and/or service code. See Sensitive Authentication Data for additional data elements that may be transmitted or processed (but not stored) as part of a payment transaction.
Card Present (CP): A payment card transaction made where the credit card is physically present (e.g., a face to face transaction, or a customer swiping their card directly into a POS terminal).
Card Not Present (CNP): A payment card transaction made where the merchant does not see or touch the card and the cardholder does not, or cannot physically present their card for direct input to the merchant’s card/chip reader (e.g., transactions entered over the internet, telephone, mail, or fax).
Credit/Debit Card Processing: Act of storing, processing, or transmitting credit/debit cardholder data.
eCommerce: Any internet-enabled financial transaction.
Employee: Any employee (as defined by the Employee Handbook): faculty, student employee, or contractor employed by a third party and providing services to UNC Charlotte.
Master Services Agreement (MSA): The contract between a merchant and a bank that defines their respective rights, duties, and warranties regarding how each will handle bank card transactions/activity. The MSA for the University is contracted through the state of North Carolina.
Merchant: Any entity that accepts payment cards as payment for goods and/or services.
Merchant Account: A bank account established to allow a business to accept payment card transactions.
Multifactor Authentication: A means of authenticating a user when two or more factors are verified. These factors include something the user has (such as a smart card, dongle, or device), something the user knows (such as a password, passphrase, or PIN) or something the user is or does (such as fingerprints, other forms of biometrics, etc.)
PAN: Acronym for “primary account number” and also referred to as “account number.” It is a unique payment card number (typically for credit or debit cards) that identifies the issuer and the particular cardholder account.
Payment Card Industry Data Security Standards (PCI DSS): A proprietary information security standard for organizations or entities that store, process, or transmit payment card data. The Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council (PCI SSC). The Standard may be referenced at: https://www.pcisecuritystandards.org/.
Payment Card Industry Security Standards Council (PCI SSC): the governing body whose goal is to oversee the ongoing evolution of the Payment Card Industry Data Security Standard. The Council currently consists of the five major payment brands: Visa, MasterCard, American Express, Discover, and JCB, and other registered participants (e.g., banks, processors, and merchants).
Payment Cards: Any payment card/device that is used by a card/device holder and accepted by a merchant for payment of a purchase or other financial obligation. It typically bears the logo of one of the major card brands (e.g., Visa, Inc., MasterCard, American Express, Discover, and JCB International).
Payment Gateway: The application interface between the merchant or customer and the payment processor which authorizes credit card payments for internet based transactions. The gateway is responsible for receiving the payment data from the front-end system, encrypting the card information for security purposes, sending it to the bank for processing, receiving the bank’s authorization, and then communicating the authorization back to the front end system.
Personally Identifiable Information (PII): Please see Confidential University Data.
PIN: Acronym for “personal identification number.” This is a secret numeric password known only to the user and a system which is used to authenticate the user to the system. The user is only granted access if the PIN the user provided matches the PIN in the system. Typical PINs are used for automated teller machines for cash advance transactions. Another type of PIN is one used in EMV chip cards where the PIN replaces the cardholder’s signature.
POS – Acronym for “point of sale.” Hardware and/or software used to process payment card transactions at merchant locations.
Sensitive Authentication Data (SAD) – Security related information (including but not limited to card validation codes/values, full track data (from the magnetic stripe or equivalent on a chip) PINs, and PIN blocks) used to authenticate cardholders and/or authorize payment card transactions.
Security code: Also known as Card Validation Code or Value. This value appears as a three-digit value printed in the signature panel area on the back of the card for Visa, MasterCard, and Discover; or, a four-digit number printed above the PAN on the face of an American Express card. The code is uniquely associated with each individual price of plastic and ties the PAN to the plastic.
Self-Assessment Questionnaire (SAQ): A reporting tool used by merchants and service providers to self-report their adherence to the Payment Card Industry Data Security Standards (PCI DSS).
Service Code: Three digit or four digit value in the magnetic stripe that follows the expiration date of the payment card on the track data. It is used for various things such as defining service attributes, differentiating between international and national interchange, or identifying usage restrictions.
Service Provider: A business entity that is not a payment brand, directly involved in the processing, storage, or transmission of cardholder data on behalf of another entity. This also includes companies that provide services that control or have the ability to impact the security of the cardholder data (e.g., companies that provide managed firewalls or hosting services).
Third Party: An entity outside of the principal organization. For eCommerce, it is a company/software/equipment that provides payment processing functions outside of UNC Charlotte infrastructure.
Truncation: A method of rendering the full PAN unreadable by permanently removing a segment of the PAN data. Truncation relates to protection of PAN when stored on receipts or in files, databases, etc. Only the last 4 digits of the PAN should appear on a payment card transaction receipt.
Virtual Terminal: A web-browser-based access to an acquirer, processor, or third party service provider website to authorize payment card transactions, where the merchant manually enters payment card data on behalf of the customer, or provides the customer with computer/device access to the internet to enter their own card transaction data for processing. Unlike POS terminals, virtual payment terminals do not read data directly from a payment card. In addition, the web interface must be properly configured to secure the CHD; it must route the transaction through the designated approved PCI network and not onto the main network for the University.
Last Updated: January 7, 2022
eCommerce/Merchant Services Training
Initial eCommerce/Merchant Services Training is required under PCI DSS and the University’s Payment (Credit/Debit) Card Processing Procedures section IV. B. for all employees who will be interacting with payment card data, functions, or systems (e.g., credit and debit cards) as part of their job duties.
These training sessions are now available on demand. Email eCommerce@charlotte.edu to request this training for you or your employees. If you or another individual is responsible for recording daily Payment Book Receipts, email email@example.com to request access to the Deposit Training. Annual eCommerce/Merchant Services Training is required under PCI DSS and the University’s Payment (Credit/Debit) Card Processing Procedures for all campus merchants. The most recent annual training is available online. If applicable, you should have received an email from Canvas inviting you to view the course.
The University Security Awareness Training is also an important component of eCommerce training and is required for all University personnel that interface with card payments or card processing systems. The University Security Awareness Training is housed within the Learning and Development Portal. Guidance for accessing the training is located on the OneIT Information Security Education webpage and on the University FAQ site.
Contact Email: eCommerce@charlotte.edu
Last Updated: August 08, 2023
Edit Purchasing Card eForm
Purpose: Use this electronic form (eForm) to report purchasing card (p-card) account changes, e.g., legal name change, change organization and fund codes assigned to the card, change spend control profiles, or change the Reconciler or Approver. Use your UNC Charlotte login credentials to access this eForm. View these FAQs for more information on the p-card eForm.
Contact Email: firstname.lastname@example.org
Last Updated: October 5, 2021
Electronic Personnel Action Form
Electronic Personnel Action Form
Overview: This documentation focuses on entering EPAFs for Part Time Faculty, Special Payments, and Student workers.
- EPAF General Instructions (UPDATED: 10/5/2018)
- Hire Part Time Faculty – E50PTF (Includes instructions for E50CE – Continuing Ed)
- Hire Part Time EPA Staff – E50PTS
- Special Pay for Full Time Employee – E45SP
Last Updated: October 5, 2018
Electronic Receipt Book Request
Employee & Student Direct Pay Request (ESDPR)
Purpose: Use this form to process non-payroll payments to employees and students, which will mainly encompass reimbursements for expenses incurred by employees/students for university business purposes and which are not related to travel.
Payments that should not be processed on this form:
- For student scholarships and travel awards, process via the SEA (Student Educational Award) system.
- For travel reimbursements, process via a Travel Reimbursement & Expense Report (TRER) or Mileage & Transportation Reimbursement Form (MTR).
- For payments to vendors who are not employees and/or students and where a purchase order is not issued, process via 49er Mart using the eCR form.
- For payments to individuals for services, see How to Pay Individuals guidance and flowchart for additional information.
Sponsored guest payments should be submitted on an ESDPR.
Contact Email: email@example.com
Last Updated: September 14, 2023
Endowment Overview and Update Training
Purpose: To share the results of the annual spending calculation and to provide a high-level overview of the University’s endowment process. This is targeted to those who manage endowment funds for their department (typically business officers and business coordinators).
Last Updated: April 28, 2023
Entertainment Expenditure Form
Purpose: Complete this form when you incur costs of a personal nature with a valid business purpose when the activity is not directly related to a university program, formal workshop, conference, seminar, training session, or retreat. This form should accompany applicable 49er Mart payments [it does not need to be included with Employee & Student Direct Pay Requests (ESDPRs)].
Contact Email: firstname.lastname@example.org
Last Updated: August 1, 2022
ePrint User Guide
Purpose: This guide provides instructions for Banner ePrint features used in viewing and printing Banner financial reports on the web. Banner access is required to view reports on Banner ePrint. Adobe Acrobat® Reader and a NinerNET ID and password are needed to use Banner ePrint.
Last Updated: February 20, 2023