NIU Merchant Services is a unit of Treasury Operations within the Division of Finance and Facilities. NIU Merchant Services coordinates payment card acceptance for the University. Payment card acceptance includes MasterCard, VISA, Discover and American Express credit cards, and debit cards. NIU Merchant Services is responsible for overseeing and approving all payment card processing. More specifically, NIU Merchant Services acts as the liaison between University merchant departments who process payment card transactions for the sale of goods and/or services and the University’s payment card processors. Methods for processing payment card transactions include point-of-sale card swipe terminals, internet e-commerce solutions, and various third-party software applications.
In addition, NIU Merchant Services manages the University’s Payment Card Industry Data Security Standard (PCI DSS) compliance program, consults with prospective and existing merchant departments, sets up new campus merchants, provides guidance, training and troubleshooting assistance related to payment card processing, offers awareness training which includes best practice recommendations in protecting sensitive data, and monitors adherence with the University’s Payment Card Merchant Security Policy. Campus credit card merchants must comply with Payment Card Industry Data Security Standards, must complete annual self-assessment questionnaires, and must attest to their PCI DSS compliance. Merchants shall be responsible for costs associated with PCI DSS compliance as well as any fines or other fees associated with their non-compliance. All Northern Illinois University employees working with credit cards must read and agree to the conditions of this policy.
Approval from NIU Merchant Services is required before a credit card merchant account can be established. Departments must inform NIU Merchant Services of their need to become a merchant, and complete a Merchant Request form and return it to Treasury Operations for review and approval prior to engaging in any activity. Those departments wishing to use e-commerce solutions must undergo a Credit Card Merchant Security Assessment conducted by ITS prior to the purchase of third party software or engaging in any contractual services. Departments not complying with approved safeguarding, storage, processing, transmitting and administrative procedures will lose the privilege to serve as a credit card merchant.
Any technology based equipment used in the processing of card and/or electronic payment transactions will be designated as an asset of NIU Merchant services. Additionally, while a department may maintain local administrative rights to specific servers and processing equipment, an administrative account will be configured for central IT support.
Any NIU employee, contractor, consultant or agent who, in the course of doing business on behalf of the University, is involved in the acceptance of credit card data, handles cardholder data information, and/or is involved in the acceptance of electronic payments is subject to this policy.
I. Maintain and Test a Secure Network
II. Protect Cardholder Data
III. Maintain a Vulnerability Management Program
IV. Implement Strong Access Control Measures
V. Maintain an Information Security Policy
I have read the above and understand Northern Illinois University's Payment Card Merchant Security Policy.
Printed Name: ________________________________________________________
Merchant or Department Name: _________________________________________
Supervisor’s Signature: _______________________________________________
Please return this completed page to Treasury Operations. You may keep a copy for your file.
For more information on PCI DSS, NIU Merchant Services, and Information Security, please review the following links: