|Policy Approval Authority
|Division of Administration and Finance
|Associate Vice President Finance and Treasury
|Last Review Date
Finance / Risk Management
Northern Illinois University (NIU) Merchant Services is managed in Finance and Treasury within the Division of Administration and Finance. Finance and Treasury coordinates payment card acceptance for the university. Payment card acceptance includes MasterCard, VISA, Discover, and American Express credit cards as well as bank-issued debit cards. Finance and Treasury is responsible for overseeing and approving all payment card processing. In addition, the department acts as the liaison between university merchant departments who process payment card transactions for the sale of goods and/or services and the university’s payment card processors. Methods for processing payment card transactions include point-of-sale terminals, internet e-commerce solutions, and various third-party software applications.
Any NIU employee, contractor, consultant or agent who, in the course of doing business on behalf of NIU, is involved in the acceptance of credit card data, handles cardholder data, and/or is involved in the acceptance of electronic payments is subject to this policy.
Finance and Treasury and the Office of Information Security manage the university’s Payment Card Industry Data Security Standard (PCI DSS) compliance program, consult with prospective and existing merchant departments, set up new campus merchants, provide guidance, training and troubleshooting assistance related to payment card processing, offer security awareness training which includes best practice recommendations in protecting sensitive data, and monitor adherence with the Payment Card Merchant Security Policy. Campus credit card merchants must comply with PCI DSS, complete annual self-assessment questionnaires, and attest to their PCI DSS compliance each year. Merchants shall be responsible for costs associated with PCI DSS compliance as well as any fines or other fees associated with their non-compliance. All NIU employees working with credit cards must read and abide by to the conditions of this policy.
Approval from Finance and Treasury or its designee is required before a credit card merchant account can be established. Departments must inform Finance and Treasury of their need to become a merchant, complete a Merchant Request form, and return it to Finance and Treasury for review and approval prior to engaging in any credit card merchant activity. Those departments wishing to use e-commerce solutions must undergo a Credit Card Merchant Security Assessment conducted by the Division of Information Technology’s Office of Information Security prior to the purchase of third-party software or engaging in any contractual services.
Any technology-based equipment used in the processing of card and/or electronic payment transactions will be designated as an asset of the merchant department under the custodianship of the responsible officer for property control. Additionally, while a department may maintain local administrative rights to specific servers and processing equipment, an administrative account will be configured for central IT support.
Departments not complying with approved safeguarding, storage, processing, transmitting and administrative procedures put the University assets and reputation at risk. Departments failing to comply with this policy may lose the privilege to serve as a credit card merchant.