Full List of Resources

Purpose

The purpose of this document is to provide guidance in the usage of Card Present (CP) in person payment (credit/debit) card processing.

Scope

This guideline applies to all UNC Charlotte employees, affiliates and authorized users who will interact with payment card data, functions or systems as part of their job duties.

Contacts

Direct general questions about this guideline to the Office of the Bursar – Merchant Services at ecommerce@charlotte.edu.

Guidelines

Merchants must purchase, lease, rent or utilize a Payment Card Industry (PCI)-listed Point-to-Point Encryption (P2PE) solution from the Payment Card Security Standards Council (PCI SSC), obtained through or approved by Office of the Bursar – Merchant Services in conjunction with North Carolina Office of the State Controller (NC OSC) to accept CP payments. 

Complete the EC : POS Terminal Order Form to request the rental of an approved POS device to accept CP transactions.

Approved Equipment Exceptions

Departments requiring customized equipment for POS transactions must contact the Office of the Bursar – Merchant Services before such equipment is purchased, leased, rented or utilized. Merchant Services will work in conjunction with OneIT to review and approve special requests. Additional information and/or external consultation may be required. The requestor will bear all external costs related to the exception approval process. 

• Any device not part of a PCI-listed P2PE solution from the PCI SSC must be configured to process transaction data only through a cellular connection or on the segregated PCI network. University card processing through any device not part of a PCI-listed P2PE solution from the PCI SSC must not take place on the main University network. Merchants are responsible for ensuring that the proper configuration of network devices is in place. OneIT and Merchant Services will assist as needed.

Using Your Approved Equipment

Current procedures for acceptance of CP transactions must be followed. Those may be referenced in the UNC Charlotte: Merchant Training, or at the websites of participating card companies (e.g., Visa, MasterCard, and American Express).

Protecting Your POS Equipment

• POS terminals must be protected from tampering and tracked. 
• Physical access to and oversight of terminals shall be limited to personnel who have completed the merchant training requirements for card processing. 
• If terminals are customer-facing, they should be monitored while in use and secured when not in use. 
• Terminals must be inspected for tampering daily and reports associated with inspections must be returned to ecommerce@charlotte.edu monthly. 
• Any suspicious behavior or indications of device tampering or substitution must be reported to ecommerce@charlotte.edu.  
• If terminals fail and are replaced by the merchant through the merchant services provider, ecommerce@charlotte.edu must be notified. 
• The identity of any third party persons claiming to be repair or maintenance personnel must be verified prior to granting them access to modify or troubleshoot devices. 
• Merchant Services must be notified at ecommerce@charlotte.edu if third party persons are granted access to terminals.

Related Resources

• Standard for Card Present Payment Processing

Revision History

• Initially approved by the AVC for Finance on November 25, 2024

Purpose

The purpose of this document is to provide guidance in establishing and maintaining contracts with integrated third party service providers that integrate with or have access to modify any portion of the UNC Charlotte payment card environment.

Scope

This guideline applies to all university employees, affiliates and authorized users who plan to work with a third party that will be interacting with payment card data, functions, or systems (e.g., credit and debit cards) as part of their payment processing services through a University or affiliated entity merchant account.

Contacts

Direct general questions about this guideline to the Office of the Bursar – Merchant Services at ecommerce@charlotte.edu.

Guidelines

Before Contracting for Goods or Services

1. Contact Merchant Services: Prior to entering into any contract or purchasing specialized software, equipment or systems necessary for payment card processing, departments must contact the Office of the Bursar – Merchant Services. They will review customized processing applications for compliance with standards, guidelines, security measures, contract requirements and feasibility. 
2. Include Merchant Services in Request for Proposal (RFP): It is best practice to include the Office of the Bursar – Merchant Services in any formal RFP process involving payment acceptance.
3. Third-party Service Providers interacting with payment card data, functions or systems as a part of their payment processing services must provide proof of Payment Card Industry Data Security Standards (PCI DSS) compliance  and/or validation of payment software. Preferably, any third party that captures Cardholder Data (CHD) be a validated Level 1 Service Provider.
4. Departmental Collaboration: The Office of the Bursar – Merchant Services in conjunction with Materials Management, OneIT, the Office of Legal Affairs, the Internal Audit Department and the applicable computer support unit, will work with the department to ensure that processing standards, safeguarding measures and legal requirements are met.
5. OneIT Oversight: OneIT oversees data security governance, IT systems use, technology evaluation and recommendations and provides direction and support for the security and networking of campus infrastructure utilized for card processing systems. Submit any software and IT-related acquisition requests to OneIT for review before acquisition. OneIT will oversee the final approval, signature and execution of contracts and acquisitions involving technology.
6. Additional information and Costs: Additional information or external consultation may be required. The requestor will bear all costs related to the external review if required for the approval process.
7. Implementation of Approved Software/Equipment: Implement approved third-party software/equipment according to third-party guidelines. Modify default vendor passwords and settings to unique ones before installing the system on the University network or using it for card processing.

Contract Elements

Contracts and associated documentation must address these elements:

1. Compliance with the OneIT Standards and Guidelines; specifically:
   1. Standard  for Security Requirements of Information Systems, and the related Information Security Checklist
   2. Standard for Information Security related to Vendors and External Parties
2. PCI SSC Requirements: Compliance with all appropriate Payment Card Industry Security Standards Council (PCI SSC) requirements and their responsibility for specific PCI DSS requirements. If the vendor impacts the CHD  environment, they must address:
   1. Proof of PCI DSS compliance  and/or validation of payment software
   2. Specific elements of the PCI DSS for which they will be responsible and those for which the University will be responsible
   3. Documentation that clearly details where CHD is captured, information regarding integration with the designated gateway provider and linkage type, and specifies any outside entities’ applications or servers utilized
   4. Service level agreements
   5. Remote access and use of Multi Factor Authentication
   6. Protection of Personally Identifiable Information (PII)
   7. Data retention and destruction policies
   8. Liability
   9. Business continuity

A final copy of the executed contract must be emailed to the Office of the Bursar – Merchant Services at ecommerce@charlotte.edu.

Related Resources

• Standard for Accepting Electronic Payments
• Standard for Information Security related to Vendors and External Parties
• Standard  for Security Requirements of Information Systems

Revision History

• Initially approved by the AVC for Finance on November 25, 2024

Purpose

The purpose of this document is to provide guidance for daily cash management of merchant accounts. 

Scope

This guideline applies to all UNC Charlotte employees, affiliates and authorized users who will interact with payment card data, functions or systems as part of their job duties.

Contacts

Direct general questions about this guideline to the Office of the Bursar – Merchant Services at ecommerce@charlotte.edu.

Guidelines

All merchants are subject to University Policy 602.4, University Receipts and Deposits and North Carolina law and policies. All departments or units issued a merchant account must:

• Daily Batching: Batch and transmit all POS terminal and internet transactions to the merchant card processor on a daily basis. Transactions should not be held more than 24 hours.
• Settlement Reports: Pull their own daily settlement reports. If the use of a generic merchant account is approved by Merchant Services, Merchant Services will provide the appropriate sales reports to the entity for reconciliation and deposit purposes.
• Reconciliation: Verify and reconcile all transactions on the settlement report to either the terminal settlement tape or the gateway report (e.g., TouchNet, Bluefin) and any third party reporting system(s) before submitting a deposit. Supervisors should review refunds, chargebacks, reversals and card fees at least monthly.
• Reporting Sales: Accurately report sales totals (net of refunds) by submitting a Payment Book Receipt (PBR) to the University Cashiers by 12:00 noon on the day that the settlement of funds is reflected in the banking settlement reports. This applies to card transactions debited or credited directly to the merchant account due to sales, chargebacks, retrievals, refunds, reversals or other activity.
  • Weekend or Holiday Transactions: Transactions that occur on Friday, Saturday, Sunday or holidays must be deposited to the University Cashiers on the next business day (usually Monday). 
  • Daily Deposits: Create a separate deposit for each day transactions occurred. 
  • Cashier Review: The Cashiers will review the deposit and inform the merchant of any discrepancies.
• Backup Documentation: Provide appropriate backup documentation to substantiate the deposit (i.e., a copy of the sales report from the card processor or a copy of the gateway batch totals settlement report, not detail). 
• Audit Retention: Retain the settlement tape from the POS terminal for audit purposes.
• Discrepancy Resolution: Resolve any discrepancies identified by the University Cashiers within 24 hours.
• Periodic Review: Periodically review Banner fund and account balances to ensure that they accurately reflect reported sales, refunds and fees.

Note that if they do not have an approved device to accept card present transactions at an event (in a face-to-face environment), a merchant must accept cash or checks and follow all cash handling procedures in University Policy 602.4, University Receipts and Deposits.

Related Resources

• Standard for Accepting Electronic Payments
• University Policy 602.4, University Receipts and Deposits

Revision History

• Initially approved by the AVC for Finance on November 25, 2024

Purpose

The purpose of this document is to provide guidance on establishing merchant accounts for accepting payment cards (credit and debit cards).

Scope

This guideline applies to all UNC Charlotte employees, affiliates and authorized users who will interact with payment card data, functions or systems as part of their job duties.

Contacts

Direct general questions about this guideline to the Office of the Bursar – Merchant Services at ecommerce@charlotte.edu.

Guidelines

To accept card payments, campus units (academic, administrative, organizations, affiliates and employees) must establish a merchant account through the North Carolina Office of the State Controller (NC OSC) via the Vice Chancellor for Business Affairs’ (VCBA) designee (Office of the Bursar – Merchant Services).

1. Consultation: Departments considering accepting card payments should first consult their division or college/administrative Business Officer.
2. Initial Interest Form: Complete the Initial Interest Form to determine if opening a new merchant account is appropriate.
3. Application: If opening a new merchant account is deemed feasible, complete the EC-Application to Process Payment Cards (EC-APP) located at path, S:\Campus Merchants\eCommerce Forms\EC-APP – Application to Process Payment Cards form, and submit it to ecommerce@charlotte.edu. The EC-APP must include:
   • The business need for accepting payment card transactions
   • Anticipated transaction volume
   • The proposed method for accepting card payments (e.g., online, in-person)
   • Signatures from the person responsible for managing the account, the Department Head and the division or college/administrative Business Officer
4. Review: The Office of the Bursar – Merchant Services will review submitted requests and consult with OneIT as needed. The review will assess feasibility, functionality, compliance and impact on business operations.
5. Approval: Upon approval, the Office of the Bursar – Merchant Services will work with the campus unit to determine the appropriate merchant account type, based on the intended card acceptance method:
   • Online (Card Not Present – CNP)
   • In-person (Card Present – CP)

If a separate merchant account is necessary, the Office of the Bursar – Merchant Services will establish it and submit orders for any necessary Point of Sale (POS) terminal equipment to be utilized through NC OSC.

Third party contracts associated with the request must comply with the Guideline for Contracting with Integrated Third Party Service Providers or the Guideline for Outsourced Payment Processing as applicable.

Related Resources

• Standard for Accepting Electronic Payments
• Guideline for Contracting with Integrated Third Party Service Providers
• Guideline for Outsourced Payment Processing

Revision History

• Initially approved by the AVC for Finance on November 25, 2024

Purpose

The purpose of this document is to provide guidance in the usage of mail order payment (credit/debit) card processing.

Scope

This guideline applies to all UNC Charlotte employees, affiliates and authorized users who will interact with payment card data, functions or systems as part of their job duties.

Contacts

Direct general questions about this guideline to the Office of the Bursar – Merchant Services at ecommerce@charlotte.edu.

Guidelines

Cardholder Data (CHD) through the Network (i.e., Email, Electronic Form) is Prohibited

If University staff receive an email containing CHD: 

• The CHD shall not be used to process the transaction 
• The email must be permanently deleted from the recipient’s mailbox 
• A new email must be created to reply to the sender with instructions on the proper procedures for submitting their card transaction for processing 
• Reply must not be used because the card information is not to be resent over the network

Obtain Approval to Receive Mail Order/Hard Copy Form

If acceptance of CHD via mail/hard copy is needed for business operations, approval must be requested and obtained through the Office of the Bursar – Merchant Services. A request including business justification must be submitted to ecommerce@charlotte.edu. The academic/business unit will be responsible for documenting internal processes to handle the CHD per Payment Card Industry Data Security Standards (PCI DSS) and the Standard for Handling Cardholder Data. 

• The CHD must be secured with access to it limited to only those individuals who have completed the merchant training requirements for card processing 
• The CHD must not be retained after authorization 
• The security code is not to be requested on any mailed in or hard copy forms

Handling Hard Copy/Physical Document Payments

Merchants approved to receive physical documents which contain the Primary Account Number (PAN) must ensure those documents are:

• Processed on approved devices as they are received
• Stored in a physically secure location until the transactions are processed, should there be any delay in processing
• Accessible only by staff who have completed the merchant training requirements for card processing
• Securely destroyed so that all CHD is rendered unreadable once the transaction is processed or documentation is no longer needed. At the time of disposal, all hard-copy materials containing the PAN and/or Sensitive Authentication Data (SAD) must be crosscut shredded, incinerated, or pulped so that the CHD is rendered incapable of being reproduced or retrieved. All disposal methods must meet or exceed the PCI DSS requirement for destruction.

Related Resources

• Standard for Card Not Present Payment Processing
• Standard for Handling Cardholder Data

Revision History

• Initially approved by the AVC for Finance on November 25, 2024

Purpose

The purpose of this document is to provide guidance on maintaining merchant accounts for accepting payment cards (credit and debit cards).

Scope

This guideline applies to all UNC Charlotte employees, affiliates and authorized users who will interact with payment card data, functions or systems as part of their job duties.

Contacts

Direct general questions about this guideline to the Office of the Bursar – Merchant Services at ecommerce@charlotte.edu.

Guidelines

All departments or units issued a merchant account will be required to:

• Disclose return, refund, and/or cancellation policies to the cardholder before the cardholder enters their card information for processing. Signs disclosing the policy must be clearly visible at the Point of Sale (POS) for Card Present (CP) transactions or on the website/online portal for Card Not Present (CNP) internet transactions.
• Follow the Standard for Handling Cardholder Data which includes reporting security incidents immediately.
• Reconcile transactions and settle sales electronically to the merchant services provider on a daily basis.
• Investigate and respond to disputes, retrievals, and chargebacks on a timely basis.
• Maintain adequate records of the sales transaction (i.e., daily sales totals, logs, etc.) in accordance with State record retention policies.
• Complete the EC-Merchant Agreement on an annual basis.
• Document their business processes for card processing on an annual basis or when significant changes occur to the card processing environment.
• Ensure staff meet merchant training requirements for card processing.
• Complete required Self-Assessment Questionnaires (SAQs), a reporting tool used by merchants and service providers to self-report their adherence to the Payment Card Industry Data Security Standards (PCI DSS), and associated validation documentation requirements. 
• Complete required Attestation of Compliance (AOC) with PCI DSS, which declares the accuracy and truthfulness of information provided in the SAQ. 

The Office of the Bursar – Merchant Services will review accounts periodically and reserves the right to close merchant accounts with extended periods of inactivity.

Related Resources

• Standard for Accepting Electronic Payments
• Standard for Handling Cardholder Data
• University Policy 605.3, Retention, Disposition, and Security of University Records

Revision History

• Initially approved by the AVC for Finance on November 25, 2024

Purpose

The purpose of this document is to provide guidance in establishing and maintaining contracts with third party service providers that provide payment (credit/debit) card processing on behalf of UNC Charlotte or its affiliates.

Scope

This guideline applies to all University employees, affiliates and authorized users who want to utilize a third party to accept payment cards from University customers without utilizing a University merchant account.

Contacts

Direct general questions about this guideline to the Office of the Bursar – Merchant Services at ecommerce@charlotte.edu.

Guidelines

To streamline the receipt of cash according to the University’s Cash Management Plan, the preferred method of payment card acceptance is through a University-owned merchant account. However, there may be instances when it is more efficient or effective to outsource payment card processing through a third party’s merchant account and receive proceeds through another method of payment.

Before Outsourcing Payment Card Processing

1. Contact Merchant Services: Prior to entering into any contract or purchasing specialized software, equipment or systems necessary for payment card processing, departments must contact the Office of the Bursar – Merchant Services. They will review customized processing applications for compliance with standards, guidelines, security measures, contract requirements and feasibility.
2. Include Merchant Services in Request for Proposal (RFP): It is best practice to include the Office of the Bursar – Merchant Services in any formal RFP process involving payment acceptance.
3. Third-party Service Providers: Any unit that wishes to utilize third party software that includes the outsourcing of its credit card transaction processing must request approval in writing to ecommerce@charlotte.edu and provide proof of the vendor’s Payment Card Industry Data Security Standards (PCI DSS) compliance and/or validation of payment software. It is preferred that any third party that captures Cardholder Data (CHD) utilize a validated Level 1 Service Provider. The vendor must assume full responsibility for all PCI DSS requirements and notify the University and/or its affiliates of any CHD security breaches.
4. Departmental Collaboration: The Office of the Bursar – Merchant Services in conjunction with Materials Management, OneIT, the Office of Legal Affairs, the Internal Audit Department and the applicable computer support unit, will work with the department to ensure that processing standards, safeguarding measures and legal requirements are met.
5. OneIT Oversight: OneIT oversees the governance of data security, use of IT systems, evaluation and recommendations of technologies, and provides direction and support for the security and networking of campus infrastructure utilized for card processing systems. Any software and IT-related acquisition request must be submitted to OneIT for review before the acquisition. OneIT will oversee the final approval, signature and execution of contracts and acquisitions involving technology.
6. Additional information and Costs: Additional information or external consultation may be required. The requestor will bear all costs related to the external review if required for the approval process.
7. Implementation of Approved Software/Equipment: Implement approved third-party software/equipment according to third-party guidelines. Modify default vendor passwords and settings to unique ones before installing the system on the University network or using it for card processing.

Contract Elements

Contracts and associated documentation must address these elements:

1. Compliance with the OneIT Standards and Guidelines; specifically:
   1. Standard  for Security Requirements of Information Systems, and the related Information Security Checklist
   2. Standard for Information Security related to Vendors and External Parties
2. PCI SSC Requirements: Compliance with all appropriate Payment Card Industry Security Standards Council (PCI SSC) requirements and their responsibility for all PCI DSS requirements. If CHD is captured on the vendor’s network, they must address:
   1. Proof of PCI DSS compliance and/or validation of payment software
   2. Specifying that they will be fully responsible for all elements of the PCI DSS
   3. Documentation that clearly details the flow of CHD and specifies any outside entities’ applications or servers utilized
   4. Service level agreements
   5. Remote access and use of Multi Factor Authentication
   6. Protection of Personally Identifiable Information (PII)
   7. Data retention and destruction policies
   8. Liability
   9. Business continuity

A final copy of the executed contract must be emailed to the Office of the Bursar – Merchant Services at ecommerce@charlotte.edu.

Related Resources

• Standard for Accepting Electronic Payments
• Standard for Information Security related to Vendors and External Parties
• Standard  for Security Requirements of Information Systems
• University’s Cash Management Plan

Revision History

• Initially approved by the AVC for Finance on November 25, 2024

Purpose

The purpose of this document is to provide guidance on how to request  approval for an exception to the Standard for Accepting Electronic Payments.

Scope

This guideline applies to all UNC Charlotte employees, affiliates and authorized users who will interact with payment card data, functions or systems as part of their job duties.

Contacts

Direct general questions about this guideline to the Office of the Bursar – Merchant Services at ecommerce@charlotte.edu.

Guidelines

The University does not currently store, process, or transmit Cardholder Data (CHD) on the University’s network. Therefore, any changes to the University’s CHD Environment or exceptions to the Standard for Accepting Electronic Payments must be submitted in writing to the Office of the Bursar – Merchant Services at ecommerce@charlotte.edu for consideration, and approval by both the Vice Chancellor for Business Affairs (VCBA) and Chief Information Officer (CIO). 

Requests should include:

1. Business reason for the exception
2. Steps that will be taken to ensure compliance with Payment Card Industry Data Security Standards (PCI DSS) requirements
3. The date that the exception will no longer be needed

The Office of the Bursar – Merchant Services, in conjunction with OneIT, will work with the VCBA and the CIO to review the request. The final approval or denial will be made by the VCBA or their designee.

The University prohibits the use of virtual terminals on its merchant accounts. The University no longer utilizes analog fax machines, and digital fax machines are not an acceptable method to receive mail order forms. These types of exceptions significantly change the scope of the University’s PCI DSS compliance requirements and will not be approved. 

Exceptions Requiring UNC System Office Endorsement and OSC Approval

1. Merchant Accounts outside the Merchant Card Master Service Agreement (MSA)
   
   The University does not currently allow departments to open merchant accounts outside of the State’s MSA.
   
   According to NC Policy 500.2 – Statewide Accounting Policy – Master Services Agreement for Electronic Payments, State agencies (including universities) are required to use the State’s MSA unless an exemption, endorsed by the UNC System Office, is approved by the State Controller. However, according to NC G.S. 116-40.22(e) (Management Flexibility), the University is authorized to contract with service providers specializing in services offered to institutions of higher learning that offer systems or services under arrangements that provide for the receipt of funds electronically, provided the services are in compliance with the requirements of the payment industry security standards. 
   
   Departments requesting to establish a merchant account through any other financial institutions besides the University’s merchant services provider (e.g., Fiserv) must provide a written business case to the Office of the Bursar – Merchant Services at ecommerce@charlotte.edu detailing:
   • Why the exception is necessary, and 
   • Who will be responsible for managing and supporting the new merchant account system(s)
2. Exemption from the North Carolina (NC) G.S. 147-77 (Daily Deposit Act)
   
   The University does not currently have any departmental daily deposit exemptions.
   
   According to the NC Daily Deposit Act, all funds in the hands of any agency of the State collecting or receiving money belonging to the State of North Carolina, must deposit and record those funds with the State Treasurer, at noon, daily. However, according to NC G.S. 116-40.22(e) (Management Flexibility), the State Treasurer may exempt the applicability of the daily deposit requirement for any standard business process resulting in a delay in the University receiving the funds from a service provider, when the exemption is based upon an acceptable business case that demonstrates an overall efficiency to the University and State. Such a business case must first be endorsed by The University of North Carolina System Office before submission to the State Treasurer for consideration. 
   
   Departments requesting an exemption from the daily deposit requirement must provide a written business case to the Office of the Bursar at bursar@charlotte.edu detailing:
   • Why the exception is necessary, and 
   • How frequently money will be deposited with the State Treasurer

Related Resources

• Merchant Card Master Service Agreement
• NC G.S. 116-40.22(e) (Management Flexibility)
• NC G.S. 147-77 (Daily Deposit Act)
• NC Policy 500.2 – Statewide Accounting Policy – Master Services Agreement for Electronic Payments
• Standard for Accepting Electronic Payments

Revision History

• Initially approved by the AVC for Finance on November 25, 2024

Purpose

The purpose of this document is to provide guidance in the usage of telephone order payment (credit/debit) card processing.

Scope

This guideline applies to all UNC Charlotte employees, affiliates and authorized users who will interact with payment card data, functions or systems as part of their job duties.

Contacts

Direct general questions about this guideline to the Office of the Bursar – Merchant Services at ecommerce@charlotte.edu.

Guidelines

Obtain Approval to Accept Telephone Order Payments

If the acceptance of cardholder data (CHD) via telephone order is needed for business operations, approval must be requested and obtained through the Office of the Bursar – Merchant Services. A request including business justification must be submitted to ecommerce@charlotte.edu.  Any voice over IP solutions must be hosted by a third party service provider who can provide proof of Payment Card Industry Data Security Standards (PCI DSS) compliance. CHD must not interface with the University network.

Physical University Phone, or other PCI Compliant Solution, is Required

Card Not Present (CNP) payments must not be accepted over the Zoom desktop client or mobile app installed on a University device connected to the University’s network. The Zoom application is not a certified PCI compliant solution. Once approved, merchants should retain or acquire a physical Zoom phone from OneIT by contacting zoom-phone-group@charlotte.edu before accepting payments over the phone.

Personal Mobile Devices are Prohibited from Accepting Telephone Orders

CNP payments must not be accepted over personal mobile devices or the Zoom mobile app installed on a personal mobile device. Your personal mobile device is not a certified PCI compliant solution. Merchants who receive calls after-hours or off-site on a personal mobile device should direct customers to their physical Zoom phone line or send the customer a link to their secure online payment platform. 

Handling Telephone Order Payments

Merchants approved to receive telephone order payments must ensure those payments are:

• Processed on approved devices as they are received (i.e., CHD should not be written down and never entered into a University device for processing later)
• Entered only by staff that have completed the merchant training requirements for card processing

Related Resources

• Standard for Card Not Present Payment Processing
• Standard for Handling Cardholder Data

Revision History

• Initially approved by the AVC for Finance on November 25, 2024

Purpose

The purpose of this document is to provide guidance for third party merchants, including student organizations, who accept payment (credit/debit) cards on behalf of the UNC Charlotte or on University property. Adherence to this standard will help ensure that the University is doing business with third party merchants who are compliant with Payment Card Industry Data Security Standard (PCI DSS) requirements.

Scope

This guideline applies to all third parties authorized to do business on behalf of or on University property who will be interacting with payment card data, functions, or systems as part of their job duties.

Contacts

Direct general questions about this guideline to the Office of the Bursar – Merchant Services at ecommerce@charlotte.edu.

Guidelines

Obtain Prior Approval(s)

Third parties, including student organizations, may not process payment cards on behalf of the University or on University property without proof of PCI DSS compliance and prior approval from their division or college/administrative Business Officer and authorization from the Vice Chancellor for Business Affairs’ (VCBA) designee (i.e., Office of the Bursar – Merchant Services). All third parties should coordinate their activity with relevant campus merchants prior to conducting business, regardless of the method of payment.

• All student organizations must be approved by the SGA Senate and abide by the Student Organization Handbook. 
• All dining or vending related activities (e.g., food trucks, delivery robots, etc.) must be approved  through the food service company under contract to the University in accordance with the Food Service Policy. Visit Auxiliary Services – Catering and submit a Food Service Waiver Form.
• All transportation related activities (e.g., scooters, bike rental) must be approved  through Parking and Transportation Services.
• All space reservations must be approved through the Conference, Reservations, and Event Services (CRES) Office, in accordance with the University’s Policy on Use of University Space.  
• All alumni related activities should be coordinated through the Office of Alumni Engagement.
• All gifts, donations, or sponsorships must be approved through University Advancement before acceptance of those monies.
• All athletic related activities (including camps and clinics) must be approved by the Division of Athletics. All University-sponsored programs involving non-student minors (including athletics camps sponsored by University coaches) must report their program to the Office of Risk Management and Insurance (RMI) at least two weeks prior to the program beginning. 

Card Present (CP) Transactions on Campus

Transactions must not be processed over the University’s wired or wireless network. They may only be processed on cellular devices that do not interface with the University network or over networks provided and managed by the third party.

Online Payment Processing

If a student organization website is hosted on a University server, it is prohibited from linking out for payment processing. 

Externally hosted (i.e., not hosted at/or by the University) student organization web pages that include payment processing, must have a visible disclaimer readily viewable on the site stating that the site is not the University or a part of it. Please see below for an example disclaimer:

This is not a University of North Carolina at Charlotte (“University”) website. This registration and payment portal is administered by a third party payment processor (“Payment Processor”). The Payment Processor is responsible for the security and system availability of the payment portal. The University does not endorse, recommend, guarantee, control, or accept responsibility for any product or service made available by Payment Processor. The presence of a link to the Payment Processor’s website does not imply any affiliation, endorsement, approval, or verification by the University.

You understand that the Payment Processor’s website may contain terms and privacy policies that are different from the University’s terms and policies. You should review these provisions to ensure that you understand them, and to determine whether the website is suitable for you. The University does not review, and is not responsible for, these provisions.

The University will not be liable for any losses arising from or in connection with any errors or omissions with respect to payments processed by the Payment Processor, or any fees or charges imposed by the Payment Processor. 

Related Resources

• Standard for Accepting Electronic Payments
• Student Organization Handbook
• University Policy 601.6, Use of University Space
• University Policy 709, Food Service Policy

Revision History

• Initially approved by the AVC for Finance on November 25, 2024

Payment method

The preferred method for prepaying for hotel and lodging expenses associated with University-related travel is to use a University-issued Purchasing Card (P-card). A Travel Reimbursement and Expense Report can also be submitted.

Refer to University Policy 601.8, Appropriate Use of University Funds, to confirm if this is a permissible use of funds for your area.

Rationale and other considerations

Hotel expenses (room, tax, and business-related internet service) are allowable on a P-card. If the employee is combining business and personal activities in the same trip, only the expense related to the business portion of the trip is allowable. Refer to the Travel Manual for additional information (link provided below).

Charlotte-area hotel/lodging may only be purchased for non-UNC Charlotte employees.

How to do it

1. Complete a Travel Authorization form and obtain supervisor approval (additional special fund approval may be required, such as Grants & Contracts Administration or Treasury Services).
2. Upon approval of the Travel Authorization form, the traveler or their designee may then pay for the lodging using a P-card. When using the P-card for travel expenses, follow the guidelines and processes identified in the Travel Manual (link provided below).

questions?

Email the Travel Office at travel@charlotte.edu.

Last updated 12/22/2016; 7/10/2017

Last Updated: January 23, 2024

Purpose: For instructions on how to establish or change direct deposit information online, see this FAQ.

Last Updated: January 23, 2024

To request a payment to an individual, it is important to address two questions:

1. What is the purpose of the payment?
2. Is the individual currently employed by the University?

Click on the summarized flowchart below for additional guidance in selecting the appropriate payment method (guidance on paying students is also available):

Click the image below to enlarge:

Rationale and other considerations:

It’s important to keep in mind that the name given to the payment by the payer is not controlling. Misclassification of payments can lead to incorrect tax withholding and reporting.

Sponsored guest payments should be submitted on an Employee and Student Direct Pay Request (ESDPR).

Last Updated: September 14, 2023

UNC Charlotte pays students for a variety of purposes. Most payments to students (besides government aid that is processed through Financial Aid) should either be classified as educational awards (namely scholarships/ fellowships) or compensation. On occasion, students will receive business expense payments (namely reimbursements or non-educational awards/prizes). Click on the summarized flowchart below for additional guidance in selecting the appropriate payment method:

Click the image below to enlarge:

Rationale and other considerations:

It’s important to keep in mind that the name given to the payment by the payer is not controlling. For example, a payment described as a “scholarship” that requires services to be performed is, in actuality, compensation and is subject to applicable payroll taxes. Misclassification of payments can lead to incorrect tax withholding and reporting.

Last updated: 10/28/16, 6/17/19, 8/13/19, 8/25/20, 10/13/21

Last Updated: October 13, 2021

The Financial Transaction Request (FTR) Wire Transfer eForm can be used to generate Wire Transfer transactions when an ACH payment or check is not acceptable. It may also be used to send payment in foreign currencies. Please make sure the fund and account number(s) you are using is/are an accurate representation of the transaction. Financial Services reserves the right to correct any inaccurate account numbers.

Finance Transaction Request Info:
The Transaction Type you select is: Wire Transfer

*NOTE: The physical appearance of the FTR form will automatically change based on the Transaction Type selected. Therefore, it is important to complete this section first.

Wire Type – Choose either International for wires being sent outside of the US or Domestic for wires sent within the US.

Confirm the Dept. Approver 800#. This field is auto-populated with the 800# of the Preparer’s direct supervisor; it may be changed if a more appropriate ‘Approver’ exists. If you don’t know the 800# you can begin entering the name in the field and a list will appear to choose from.

Add Add’l Approver (Optional). If desired, click and fill-in an additional 800# to receive the transaction for approval. If you don’t know the 800# you can begin entering the name in the field and a list will appear to choose from.

Transaction Type Info:
Index/Fund & Account – Each line must be coded with a six-digit INDEX/FUND code and a six digit ACCOUNT code. To determine the Banner Fund Code use Banner form FTVFUND. To determine the Banner Account Codes use Banner form FTVACCT and consult the Expense Account Code List maintained by Reporting & Fixed Assets.
*NOTE: AN INVALID INDEX/FUND WILL INVALIDATE THE ENTIRE SUBMISSION.

Description – Each line must contain a description. The description can be up to 35 characters long.

Payment and Beneficiary Details:

Type of Currency – For International wires, choose the type of currency for the wire being sent, i.e. Euro, USD, etc.

Beneficiary Name – This is the name of the person or business receiving the wire. This must match the name on the bank account you are using.

Beneficiary Address – Please provide the address of the business or person receiving the wire.

Routing Number (for Domestic Wires) – This is the bank identifier and should be 9 numbers long.

Account Number/IBAN – For International wires, the IBAN normally begins with two letters followed by a string of numbers. Some International accounts do not use IBAN but may use just an account number.

SWIFT Number (for International Wires) – This is the bank identifier and may be just letters or a combination of letters and numbers.

Bank Name – Name of the bank receiving the wire.

Bank Address – Address of the bank receiving the wire.

Payment Explanation for Beneficiary – This should be an explanation the wire recipient will be able to use to identify the purpose of the payment. You can use an invoice number or a description such as “Registration for Math Conference for John Doe.” Some banks require a stated purpose for the wire and that may be included in this explanation.

How to find the transaction in Banner:

The transaction will appear as a book disbursement, created by General Accounting, in Banner. This is a JCD rule code and the document number will begin with the letter “D.” The wire information and backup will be attached to the book disbursement in Perceptive Content.

If this payment is related to a Travel Authorization (TA), list the book disbursement document number on your TA.

Last Updated: August 18, 2022

When a department needs to return an item procured through 49er Mart on a purchase order, several key steps should occur to ensure the return is properly processed. Please refer to the flowchart below for guidance on the returned goods process.

Click on the image below to enlarge:

For additional information, refer to the 49er Mart Canvas training, or contact your department’s Purchasing Agent.

Last Updated: September 14, 2018

Definition

Human subject payments are defined as payments of cash (including cash equivalents/gift cards) or tangible personal property as incentives to individuals (subjects) for their participation and time commitment in a clinical trial, survey, or research study. Please refer to the Office of Research Protections and Integrity (ORPI) Human Subjects webpage for detailed requirements for research studies that involve human subjects at UNC Charlotte.

Payment Methods

49er Mart or purchasing cards (p-cards): Can be used to purchase any items of tangible personal property, such as pens, books, candy. P-cards can be used to purchase gift cards. (refer to the Gift Cards/Gift Certificates, How to Pay guide; link in the table below). Note that gift cards are considered cash equivalents. Electronic check requests (eCRs) can also be used to issue payment directly to a recipient who is not a student or employee. The recipient must be set up as a vendor before initiating the eCR.

Petty cash: May be used for payments up to $100 per individual, per study.

• To open a petty cash fund for a specific research study, complete a Petty Cash Fund Request Form, which must be approved by the Office of Research Protections and Integrity (ORPI) before being routed to the General Accounting office for approval. ORPI will confirm that cash was listed as the compensation method on the study’s approved IRB proposal.
  • Petty cash for research studies must be initially funded through a non-grant fund (as grant funds cannot be used for advances, including to advance petty cash). Once the research study is complete and petty cash is no longer needed, the department must complete a Petty Cash Fund Request Form to close the fund. Once the petty cash fund is closed, any petty cash used for the research study can be reimbursed via grant funds by submitting a reimbursement request via an FTR form. For questions about this process, please contact Grants & Contracts Administration.
• Petty Cash Custodians must review the Petty Cash/Change Fund Procedures prior to receiving a petty cash fund. Note that reconciliation of funds is required to be sent to the General Accounting office on a monthly basis.
• Petty cash funds can have a maximum balance of $5,000. Any requests for more than $5,000 must be approved by the Vice Chancellor for Research or delegate and the University Controller.
• Requests for amounts greater than $250 should be sent at least five (5) business days in advance to allow time for the cash on hand to be requested.

Employee/Student Direct Pay Request (ESDPR): May be used when a check/direct deposit to an employee or student recipient is desired. Download an ESDPR form and complete according to the form instructions. Note that payments must be issued directly to the recipient; cash cannot be issued to administrative personnel for further distribution.

Rationale and Other Considerations

Regardless of the payment method chosen, tax reporting requirements must be met:

• Each college/department is responsible for tracking the total amount of human subject payments that each payee has received during a calendar year unless it is unreasonable or impractical to do so.
• Refer to the flowchart below for tax reporting required depending on the target study population, incentive amount, and recipient classification. Recipient classification information is also summarized below.

Click on the image below to enlarge:

Recipient classification and Tax Reporting Requirements:

• Employees: All cash incentives, including gift cards, of any amount given to employees (including student employees) are reportable on the employee’s Form W-2 and subject to federal and state income taxes.
  • If UNC Charlotte employees are targeted in the research study, then any cash incentives (including gift cards) given to employees are taxable/tax reportable to the recipients as employees, regardless of amount.
  • If the target study population is NOT specifically UNC Charlotte employees, nor is it advertised directly to UNC Charlotte employees by themselves, then incentives paid can be considered as unrelated to the recipient’s employment at UNC Charlotte. If the principal investigators (PI)/research administrators will not be checking recipient status (employee v. non-employee), to mitigate risk, these incentives should be limited to $100 or less. Payments are subject to the non-employee reporting requirements.
• Non-employees: If combined payments to a non-employee total $600 or greater in a calendar year, the total amount given is reportable on Form 1099-MISC reporting.
• Foreign nationals: Prior to making a payment of any amount to a foreign national/non-U.S. resident, contact the Tax Office, as tax reporting (on Form 1042-S) and withholding are required.

Questions?

Refer to the Tax Office and the Office of Research Protections and Integrity contacts.

Last updated: 5/02/2018, 7/30/19, 8/5/19, 7/01/21, 10/22/24

Last Updated: October 25, 2024

Last Updated: September 23, 2021

Imaging Document Submission (IDS) TCP Invoices eForm

Purpose: Use this form to upload documents to a department’s drawer within the Imaging System. See the IDS manual for more information.