Wake Forest accepts credit and debit card payments (MasterCard, Visa, Discover and American Express) for non-student account related transactions. Typically, these payments are for conferences, workshops, services, educational materials, etc.
Wake Forest University is required by the credit card associations to be compliant with the Payment Card Industry Data Security Standards (PCIDSS), and is committed to providing a secure environment for our customers to protect against both loss and fraud. University merchants comply with these standards by securely processing, storing, transmitting and disposing of cardholder data.
Due to the complexities and security requirements associated with the acceptance of payment cards, please contact Financial Services well in advance of needing to accept card payments.
For questions relating to payment card acceptance, merchant accounts, or accounting, contact Karen Hunter in Financial Services .
For questions relating to the University Payment Card Compliance Committee or equipment and software, contact Information Security.
For questions relating Verifone terminal issues, contact the TSYS Technical Support Help Desk at the number listed on your terminal or 800.552.8227, option 1. Be sure to have your Merchant ID and Terminal ID ready (both are found on the side of your Verifone terminals).
If there is concern that a card or card sales is suspicious, contact American Express at 800.528.2121 or all the other card brands at 800.291.4840. Be sure to have your Merchant ID ready and reference the term ‘Code 10’.
The files associated with the processes to Accept Payment Cards are accessible to WFU users via Google Drive. If you are not signed in to Google, you will be asked to sign in with your Wake Forest username and password prior to accessing related files.
BB&T Merchant Connection is the reporting service from BB&T, which is the University’s standard payment card processor. Authorization logs are real-time. Standard financial reports for the prior day are available each day at 9am. Only one merchant account can be accessed at a time.
Commerce Manager is the standard payment gateway for e-commerce transactions throughout campus. Several resources are available to learn about using the system:
The User’s Guide (PDF) should also be used to guide the integration between departmental, event or conference websites and the Commerce Manager payment pages. Supplemental interfacing information is also available from Information Security.
IMPORTANT! Departments are responsible for obtaining all resources in order to build their own departmental, event or conference websites and integrating them with Commerce Manager.
Financial Services has cellular / wireless payment (credit and debit) card machines which can be used by any Wake Forest University department, organization or affiliate holding an authorized University event. To get started, read the rental instructions.
Prior to submitting a request, it is important that you familiarize yourself with the Payment Card Acceptance Merchant Procedures, especially if this is going to be the first time you are using one of our standby accounts.
IMPORTANT! In the event that the terminal is stolen or there is a suspicion of a loss of data due to a security breach (e.g. suspected virus infection or unusual activity on the terminal), immediately report the concern to Information Security. Financial & Accounting Services and Information Security will assess the situation and invoke the necessary incident response plan.
Departments are responsible for making all deposits relating to payment cards. Regardless of the way payment cards are accepted (Commerce Manager, physical terminals, etc.), a settlement report should be printed showing the breakdown by card type (e.g. Master Card, Visa, Discover, or American Express). Attach this settlement report to the deposit form, which should also have the amounts broken down by card type. For more information, please review to the Departmental Deposit Quick Guide (PDF) and Departmental Deposit Administrative Policy (PDF).
|Can a University department accept credit and debit cards as a form of payment?||Yes. University departments that provide goods and services to its customers and accept credit cards as an appropriate form of payment. Many University departments have been set up with credit card merchant accounts via several different approved mediums (e.g. terminals, e-commerce applications, etc.). Complete the ‘Merchant Request To Process Payment Cards Application’ form to get started.||Merchant Request to Process Payment Cards Application Form|
|What are the approved methods for accepting card payments?||Approved departments may take card payments via mail order, telephone, payment terminal, POS system or e commerce application. A fax machine may also be used for payment card orders but the department must operate a stand alone fax machine connected via an analog line only. Multifunctional devices (i.e. Xerox copiers) are not be used for receiving any payment card information. The stand alone fax machine must be located in a secure area away from public traffic.|
|How long does the process take to get my merchant number and my equipment?||It usually takes between 2-3 weeks to get your merchant number and equipment.|
|What type of payment cards can I accept?||There are several types of cards that you may be set up to accept. Credit Card: Cards that are associated with a line of credit. These cards include Visa, MasterCard, Discover and American Express. Debit Card: Cards that are associated with a depository account rather than a line of credit. These Cards can be PIN-based, Signature-based or a combination of the two. Signature-based debit cards are processed just like a credit card, however, PIN-based cards require the cardholder to enter a PIN number through a PIN pad either integrated or attached to your point-of-sale solution.|
|Who is the University’s approved payment processor?||The University has contracted with Elavon to be the University’s approved payment processor. By centralizing all merchant accounts (and their related transactions) with Elavon, the University is able to achieve lower fees for all campus merchants. Elavon’s online system, called Merchant Connect, allows merchants to have detailed transaction reporting about all of their card payments, among other features.|
|What is the University’s approved e-commerce payment gateway?||The University has contracted with Nelnet Business Solutions to provide their Commerce Manager application for online card payments. Commerce Manager is a PCIDSS compliant application and can be integrated with WFU-developed web sites for events, conferences, etc. Commerce Manager usage fees are passed onto the merchant’s sponsoring department by Financial & Accounting Services.|
|Can I receive assistance building a front-end web site that integrates into Nelnet’s Commerce Manager?||Web site development and integration is the responsibility of the merchant’s department. There are integration guides and instructions that can be followed to ensure your site follows best practices. Information Security will want to review the integration prior to go-live.|
|Can I request a loaner card terminal?||If you do not have a merchant account but have infrequent events or other occasional needs for a terminal machine, then you can arrange to have a terminal reserved for your event. There is a rental fee associated with using the terminal. Refer to the rental instructions for more information.||Wireless Payment Card Machine Rental Instructions|
|My department is an existing merchant and considering a new software application that will accept credit cards as payment for an event or service. How should I proceed?||All new software applications being considered by campus departments must go through a technology evaluation and security review. Complete the ‘Merchant Request To Change Or Terminate Payment Cards Application’ form.||Merchant Request to Change or Terminate Payment Cards Application Form|
|Can a department accept donations through an existing or new credit card merchant account?||All fundraising should be coordinated through the University Advancement. University Advancement can discuss the options available with the department wishing to accept donations, regardless of payment method.|
|Can PayPal be used to accept payment?||No, it is not an approved method to accept payments.|
|Is Square an approved hardware device?||No, Square and other similar hardware for mobile devices is not an approved method to accept payments.|
|How should receipts, reports or other materials containing cardholder data be stored?||Store all materials containing cardholder account information in a restricted / secure area. In addition, these materials should be kept in a locked file cabinet, safe, or other secure storage location.|
|May I create a document containing cardholder data on my computer?||No. Creating a document, even though it may not be saved on the computer, will create temporary copies of the cardholder data on the computer.|
|May I take cardholder data via email for a campus service or event?||No. Cardholder data should never be sent, received or stored via email systems due to security concerns.|
|My customers send me credit card information over email. What should I do?||Educate your customers about the dangers of using email to conduct financial transactions. As a merchants, you should not process payment card transactions when the information has been provided over email. Additionally, never respond to your customers by including their original email without first deleting or truncating credit card numbers and deleting CVC codes.|
|Can I set minimum purchase amounts?||Yes, a purchase minimum can be set and it cannot exceed $10.|
|How long do I need to keep my credit card receipts?||A merchant is required to retain legible copies of sales receipts for up to 24 months in order to satisfy any disputes/chargebacks. These receipts should be kept in a locked file cabinet or safe. After the 24 month period has expired, the sales receipts should be shredded in order to protect cardholder information.|
|What is a Copy Request and Chargeback?||A merchant may receive a Copy Request notice asking to provide a copy of the original sales slip for a particular transaction if the cardholder is disputing the charge. Copy requests must be acted on within two days, and if ignored, can lead to chargebacks. A chargeback is the deduction of a disputed sale previously credited to a merchant department’s account when the merchant department fails to prove that the customer authorized the credit card transaction.|
|Should a Merchant provide a cash refund for a transaction that was originally with a credit card?||No. The card associations do not normally permit cash refunds for any credit card transactions. The only exception to this rule is if the transaction was with a prepaid card (e.g. Visa or Mastercard gift card) and the cardholder has discarded this card; in this case, you may give a cash refund.|
|What are the rules for processing credit refunds?||A Merchant should not process a credit transaction without having completed a previous debit transaction with the same cardholder and the same credit card.|
|Is there a reporting system that I can have access to in order to view payment card transactions made on my merchant account?||You would need to setup a Merchant Connect account at https://www.merchantconnect.com. Please contact Karen Hunter in Financial & Accounting Services (firstname.lastname@example.org or x6089) with any questions about that process.||MerchantConnect Basic Demo|
|I have new or exiting staff. How do I authorize or remove merchant user authorization?||Contact Karen Hunter in Financial and Accounting Services at email@example.com or x6089 to update merchant authorized users. If an update to one of the three procedurally required roles (Fiscal Officer, Operations Manager or Dispute Resolution Contact) is changing, please complete the ‘Merchant Request To Change Or Terminate Payment Cards Application’ form.||Merchant Request to Change or Terminate Payment Cards Application Form|
|When should I not honor a card?||You must not honor any card if: The card has expired; The signature on the transaction receipt does not correspond with the signature on the card or if the signature panel on the card is blank, or uses language to the effect of “see id”; The account number embossed on the card does not match the account number on the card’s magnetic stripe. If you still suspect fraud or are suspicious of the transaction or the cardholder, you may perform a Code 10 Authorization. If you still suspect fraud or are suspicious of the transaction or the cardholder, you may perform a Code 10 Authorization.|
|What is Code 10?||Code 10 is a term used by the Card Associations to refer to suspicious or questionable transactions, cards, or cardholders. If you are suspicious of a card transaction, contact your Voice Authorization Center and request a Code 10 authorization. Using the term “Code 10” allows you to call the Voice Authorization Center to question the transaction without alerting the cardholder. Follow the instructions given to you on how to proceed to minimize any discomfort between you and the cardholder.|
|What should we do if we suspect a breach of payment card or personal information (sensitive information)?||If at any time a merchant department suspects a breach or compromise of any payment information or related data (e.g. suspected virus infection or unusual activity on a device used for processing payments), that merchant must report the event immediately to Financial and Accounting Services and Information Security via firstname.lastname@example.org. Financial and Accounting Services and Information Security will assess the situation and invoke the necessary incident response plan.|
|What is PCIDSS?||PCIDSS stands for Payment Card Industry Data Security Standard. While not government mandated, the University is contractually obligated to follow the standards. The PCIDSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis. The PCIDSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.|
|What is cardholder data?||Includes the following card attributes:
• Primary Account Number (PAN) – The payment card number (credit or debit) that identifies the issuer and the particular cardholder account. It is also called the Account Number.
• Cardholder Name
• Expiration Date
• Service Code
The PAN is the defining factor for cardholder data. If cardholder name, service code, and/or expiration date are stored, processed or transmitted with the PAN, or are otherwise present in the cardholder data environment, they must be protected in accordance with applicable PCIDSS requirements.
|What is a Merchant Account ID?||In order to accept card payments, you need to have a merchant account. In order to take credit card payments over the web, you will need a merchant account that is specifically meant for e-commerce based transactions. You may already have a merchant account for handling your phone / fax orders, but you will need a new one to do e-commerce business. Completing the ‘Merchant Request To Process Payment Cards Application’ form will allow Financial & Accounting Services to set up a merchant account for you.||Merchant Request to Process Payment Cards Application Form|
|What is authorization?||You must request authorization from the issuer to accept a card for payment. You must obtain an authorization code before completing any transaction. An authorization request is made via one of the following two methods: Electronic Authorization: Swipe a card through or manually enter a card number into a POS device. Then, the POS device sends the transaction information electronically to the issuer for authorization. Voice Authorization: Call the Voice Authorization Center, which then communicates the transaction information electronically to the issuer. An operator or an Interactive Voice Response (IVR) unit will provide you with the authorization code given by the issuer.|
|What is Interchange?||When you settle your transactions each day, Elavon’s network routes them to the respective Card Associations (Visa, MasterCard, Discover) and debit networks through Interchange. Every transaction is assigned an Interchange category based on card type (credit, debit, rewards, purchasing) industry type (retail, e-commerce, etc) and qualification elements (swiped card, key entered, etc). Interchange is the system where transactions are submitted for payment from the Acquirer or Merchant Processor to the Card Issuer or Debit Network. The Card Associations and Debit Networks establish the rules and manage the Interchange of all transactions. Interchange also represents the fees paid by the merchant acquirer to the Card Issuer. Fees depend upon the Interchange Qualification that is assigned to each transaction by the associations for processing transactions. These fees are paid at the time the transaction is exchanged and vary based on processing method utilized. For example, it is significantly more expensive to process a hand-keyed transaction than a card-swiped transaction.|
|What is an e-check payment?||An e-check payment is made using funds in a checking or savings account. The payment can be made from a web application where the customer enters in his/her bank’s routing number and checking or savings account number.|