University groups and organizations who wish to accept credit card payments need to contact the Credit Card Acceptance Team (ccat@uwm.edu) for review, approval, and to start the relevant processes. All credit card merchants with UWM also participate in annual Payment Card Industry Compliance activities to ensure that all university merchants understand current PCI DSS compliance recommendations for credit card activity.

To start the process, email the Credit Card Acceptance Team at ccat@uwm.edu.

All merchants must determine the method they wish to accept credit card payments:

1. Point of Sale (POS) Devices – There are 2 main POS devices which we can deploy for our merchants: a direct dial POS (which would need to connect directly to a phone line) or a cellular based model. The direct dial POS meets the needs for almost all of our merchants.
2. ePayment – ePayment is the current ecommerce solution the university deploys for merchants who need an online presence.
3. Third Party Solutions – Third party solutions also may be implemented depending on your individual and specific business needs. If you determine that you need to evaluate Third Party Solutions, you must inform the Credit Card Acceptance Team and the PCI Program Manager IMMEDIATELY to ensure that all applications adhere to the compliance recommendations for the university.

Costs associated with accepting credit cards are listed below. There are associated one time and recurring fees for setup, maintenance, and support of the associated product. Additional administrative fees are variable and depend on the types of credit cards you accept, as well as the volume of transactions you submit. The technology and fees associated will be discussed in a preliminary meeting once you contact the Credit Card Acceptance Team.

Merchant Fees Merchant Number Fee – $5 per month

Administrative Fees Card Issuer Processing Charges PIN Debit Charges Card Association Fees Authorization Fees

ePayment – Standard Deployment Start-up Fee – $125 Monthly Maintenance Fee – $20 per month Transaction Fee – $0.21 per transaction

ePayment – Custom Deployment Start-up Fee – $950 Monthly Maintenance Fee – $20 per month Transaction Fee – $0.21 per transaction

POS Device – Direct Dial (Standard) Ingenico ICT220 – $400

POS Device – Cellular Ingenico ICT220i – $800

**Please reach out to the Credit Card Acceptance Team to verify current costs as they are subject to change**

Credit Card Acceptance Procedure:

1. Contact the Credit Card Acceptance team with a statement of interest to accept credit card transactions. All merchants must be approved by the Controller’s Office. Email: ccat@uwm.edu
2. Complete and return the Merchant Card Application
3. Complete the Service Level Agreement
4. Identify and coordinate with a project manager with your university group to manage the implementation
5. Determine the technology you will require
6. Review the current Policy and Procedures for University Information Security and the Credit Card Operating Regulations

UWM has spent considerable time and effort in ensuring that our existing credit card processes, environments, and systems adhere to the recommendations set forth by the Payment Card Industry Security Standards Council (PCI SSC; PCI Compliance; https://www.pcisecuritystandards.org/)

As a merchant accepting credit card payments, you are directly responsible for:

1. Attending an annual internal PCI discussion updating you on the current status of our compliance activities, changes to the PCI compliance standard, and any issues affecting our cardholder environment
2. Review annually the University Policies and Procedures related to the PCI compliance environment
3. Maintain accurate lists of individuals within your organization directly involved in the credit card processing environment
4. Submit current staff and changes to staff immediately to the PCI Program Manager for the distribution of PCI training materials
5. Review and submit an annual Self-Assessment Questionnaire (SAQ) relevant to your credit card environment
6. Review and submit annual Service Level Agreement to the controller’s office

If you have questions about any of these items, feel free to reach out to either the Credit Card Acceptance Team or Bob Wagner, PCI Program Manager

• Access Control Policy
• Application Development Policy
• Asset Classification Procedure
• Audit Log & Monitoring Policy
• Cardholder Data Information Security Policy
• Data Retention, Retrieval and Secure Disposal Policy
• Incident Management Policy
• Information Incident Response Procedure
• Key Management and Encryption Policy
• Log Review Procedure
• Media Policy & Procedure
• Network Device Configuration Standards
• Patch Management and Malicious Code Prevention Policy
• Patch Management Procedure
• Segregation of Duties
• System Configuration Standards
• Technology Usage Policy
• Vulnerability Management Policy

New Merchants

Merchant Application (MID) – US Bank merchant application

Service Level Agreement – Service Level Agreement between the department/unit and Controller’s Office

Merchant Card Administration Procedure (ASM) – internal UWM Operating Principles and Responsibilities for accepting credit card activity

Existing Merchants

Service Level Agreement – Service Level Agreement between the department/unit and Controller’s Office

PCI Policies and Procedures – Contact Bob Wagner

e-Payment

e-Payment Security Administration Procedures – Procedures to obtain access rights to e-Payment

US Bank e-Payment Service Questionnaire Instructions – Procedures to setup online credit card payments through e-Payment

US Bank e-Payment Service Template – Sample questionnaire for standard e-Payment setup

Reference

UWM Credit Card Acceptance Committee Team Charter – Under Review

Glossary of PCI Terms – Definitions of terms according to the PCI Security Standards Council

Contact Information:
Bob Wagner
PCI Compliance
wagnerrj@uwm.edu
(414) 229-4096