Sales, Accepting Payment Cards

Effective: Policy moved to Policy Library from UPM 11.1(5)
Contact: Treasurer's Office


This policy provides for proper financial control and information security for university departments and affiliates. The purpose is to protect cardholder information from being exposed to unauthorized entities.

Policy Statement

These criteria must be followed by any University department or affiliate merchant wishing to engage in commerce using payment cards.

To establish a merchant site, each merchant must:

  • Set up a merchant agreement through the Treasurer's Office.
  • Create and maintain a sales website. Resources are available at Web Development Services.
  • Pay all web development costs, all fees from the bank, the 3rd party transaction processing fees, and internal costs.
  • Submit application to the Treasurer for review and approval.
  • Comply with the Payment Card Industry (PCI) Data Security Standards.
  • Each year, send a copy of the annual Self Assessment to the Treasurer and IT Security and Policies.
  • Annually send copy of successful server scans to IT Security and Policies.
  • Assume responsibility and liability for the security of all transactions and data, including any monetary loss suffered by the university due to theft or improper use of payment card numbers and associated information
  • Comply with university and Board of Regents policies on Competition with the Private Sector
  • Use the ISU third party transaction processing vendor. If special circumstances require a different third party transaction processing vendor, prior approval by the Treasurer is required.