Standard for Card Not Present Payment Processing

Purpose

The purpose of this document is to establish requirements for UNC Charlotte employees and other authorized users regarding the acceptance of payment (credit/debit) cards for Card Not Present (CNP) payments (e.g., online, mail order, telephone). Adherence to this standard will help ensure that the University remains compliant with all University, State and Payment Card Industry (PCI) requirements.

Scope

This standard applies to all university employees, affiliates or authorized users who will be interacting with payment card data, functions or systems (e.g., credit and debit cards) as part of their job duties.

Contacts

Direct any general questions about this standard to the Office of the Bursar – Merchant Services at ecommerce@charlotte.edu.

Standard

Supported Payment Gateways

All internet based CNP transactions must be captured on approved web interfaces. Any newly established processing setup for internet based transactions must utilize a designated University payment gateway and platform. TouchNet Information Systems, Inc. and Bluefin Payment Systems, LLC are the approved gateways and online transaction platforms supported by the Office of the Bursar – Merchant Services.

Data Security

University academic and business units are prohibited from establishing websites to receive and/or process Cardholder Data (CHD) outside of the allowed eCommerce web infrastructure. Customer CHD must be entered or captured on approved third party hosted websites or payment gateway interfaces and not on University devices or network resources.

All data requested and collected through online shopping carts and web portals must comply with the Guideline for Data Handling.

Related Resources

• Guideline for Data Handling
• Guideline for Mail Order Payment Forms
• Guideline for Telephone Order Payments

Revision History

• Initially approved by the AVC for Finance on November 25, 2024