While it can be advantageous to accept credit card payment over the Web, it is also an area of great liability. To address this issue the University has implemented two available campus-wide credit card processing and e-commerce solution options. In early 2019 the PCI committee partnered with Arrow Payments to help bring all campus credit card processing under one umbrella. Arrow Payments offers PCI compliant solutions for both in person and online credit card transactions using Card Connect processing. The University will also continue to maintain the Touchnet Payment Gateway and Touchnet Marketplace as an option for online commerce. The Touchnet Marketplace solution offers the ability to set up a shopping cart store front or simply a payment processing gateway. Many departments have taken advantage of the features and flexibility of Touchnet Marketplace.
Visa, MasterCard and Discover have issued Payment Card Industry Data Security Standards (PCI DSS) that every merchant on the University campus must be in compliance with in order to continue to accept credit cards and avoid substantial fines and fees. The PCI data security standards are updated periodically. Arrow Payments/CardPointe and Touchnet Marketplace provide the University with a mechanism to meet these rigorous standards.
PCI DSS requires that anyone handling any card holder data should be cognizant of, familiar with and agree to adhere to the PCI DSS which can be found at https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml. Please note that if you are taking credit card payments but not using e-commerce, PCI DSS still applies to you. Please review the PCI DSS requirements referenced above and be aware that anyone in your department who comes in contact with credit card information will need to verify their acceptance and adherence to PCI DSS on an annual basis. If you fall into this category, and have not yet received the attestation forms, please contact Liana Fox in cashiering at email@example.com.
The E-Commerce Policy, requires that all on campus e-commerce merchants use either Card Connect or Touchnet Marketplace. By requiring all e-commerce activity on campus to use these compliant solutions, we are limiting our risk of credit card fraud and reducing our costs associated with maintaining compliance.
Cashiering policies and procedures should be reviewed at http://www.wmich.edu/accounting-services/docs/ar_marketplace_request_form.pdf.