Merchant Services

E-Commerce Group

Share |

The E-Commerce Group was reconvened in 2007 to address new Payment Card Industry Data Security Standards, PCI DSS, and to ensure that University of Massachusetts maintains compliance to these standards.


The E-Commerce Group is made up of individuals from the Treasurer's Office, Auditing, UITS and representatives from each campus.


The Initial Goals of the Group:

  • Compile a complete inventory of all card processing merchants
  • Identify their method of processing credit cards (i.e. online, POS, third party)
  • Identify any storage of prohibited data
  • Identify any storage of Primary Account Numbers, PAN
  • Identify storage security of any paper storage of PAN
  • Complete a Self Assessment Questionnaire for each merchant
  • Identify and complete security scans where required by PCI
  • Confirming there is no storage of prohibited credit card data by signing a Prohibited Data Retention Attestation Form
  • Confirm that all third party and outside vendors processing credit cards are PCI Compliant
  • Develop a Principles document outlining Best Practices for processing credit cards at the University of Massachusetts

Ongoing Tasks of the Group:

  • Ensure quarterly security scans are performed and submitted to our acquiring bank
  • Coordinate Self Assessment Questionnaires
  • Develop requirements and procedures for new merchant set up at the University
  • Develop standards for ensuring our merchants are processing credit cards in a secure and compliant manner
  • Approve all new credit card processing and payment applications
  • Develop and maintain a website with Credit Card procedures, guidelines and requirements
  • Remain current with any changes to PCI DSS, PA-DSS, VISA CISP or MasterCard SDP Programs. 
  • Review and provide updates to the University of Massachusetts Standards for Acceptance of Debit and Credit Cards

Any questions concerning credit card processing should be directed to the appropriate campus E-Commerce Representative.

Fiscal Procedure No. 08-01 "E-Commerce Principles" (PDF)

Payment Card Industry Data Security Training Program (PowerPoint)

Data Computing Policies

New Merchant Requests

CyberSource

Commerce Manager

 

 

The PDF files on this page require the free Adobe Acrobat Reader.

The PowerPoint files on this page require the free PowerPoint viewer.