Accepting Credit Card Payments via Swiping Machines
For UF departments or units who intend to process credit card transactions face-to-face or in a mail/telephone order (MO/TO) environment, an application and implementation process managed by Payment Card Operations applies. Any activity involving the acceptance of payments for products or services by means of credit and/or debit cards requires the initial approval of the University Controller’s Office.
Reason for Directive
Credit card merchants at the University of Florida are required to follow strict procedures to protect customers’ payment card data and attest compliance with the Payment Card Industry Data Security Standard (PCI DSS). Also, an appropriate integration with the University’s financial and other systems needs to be ensured.
Who Must Comply?
All University departments whose personnel store, process or transmit cardholder information. This also applies to units that outsource the processing of payment card information to third party vendors.
Please note, the process to establish a new merchant location takes approximately 2-3 weeks.
For UF departments or units who intend to process credit card transactions face-to-face or in a mail order/telephone order (MO/TO) environment the following prerequisites apply:
- An activated network port must be used to connect a credit card swiping terminal with Point-to-Point Encryption technology (P2PE) to the network. An alternative may be a computer connected SREDKey (Secure Reading and Exchange of Data).
- The merchant’s administrative staff must complete the following training classes:
- PST021 – Making Deposits in myUFL
- PST956 – Online Journal Entry 9.1
- TRM200 – Explaining UF Cash/Check Controls
- TRM125 – Payment Card Security Awareness Training
Setting up Credit Card Terminal Account
After all prerequisites have been completed:
- Complete and submit the following documentation to Treasury Management, Payment Card Operations, S-113 Criser Hall PO Box 112008, or by email to Treasuryemail@example.com:
- Request for Merchant ID
- Completion of training course TRM125
- Payment Card Operations (PCO) will review the request, seek pre-approval from the Auxiliary Accounting and Educational Business Activities dept., and forward it to the University Controller’s Office for final approval. Payment Card Operations (PCO) will forward pertinent information to American Express as well as the University’s credit card processor (Elavon, Inc.) in order to establish a Merchant ID
- Elavon will set up the merchant
- PCO will order the credit card terminal with the University P2PE provider (Bluefin, Inc.) and have it shipped to Treasury Management
- PCO will log the device and prepare it for pickup by the merchant department
Purchasing a Terminal
The University of Florida is seeking to implement exclusively EMV enabled terminals that accommodate the usage of chip-enabled payment cards (EMV) and that are enabled with Point-to-Point Encryption technology (P2PE)
- Contact Payment Card Operations (PCO) for a list of available credit card terminal models and current pricing
- Departments are responsible for any repair cost after the manufacturer’s warranty period
Please note, the merchant department will be billed directly for the equipment cost.
Merchant Fees for Credit Card Terminals
The fees charged by credit card companies and issuers are based on a variety of factors, including the type of card the customer uses and whether the transaction is swiped/inserted or keyed into the terminal. Credit card fees include, but may not be limited to:
- An interchange fee charged by the issuing bank
- An assessment fee charged by VISA, MasterCard, and Discover (American Express transaction fees are contractually fixed – please contact PCO for the current fee)
- A transaction fee charged by the credit card processor to process the transactions, funding of the UF bank account, and provide statements
- A transaction fee as well as a monthly gateway fee raised by the P2PE provider
Current charges are subject to change when new Interchange Rates are published in April and October of each year.
To obtain the lowest rate the merchant should do the following:
- Settle the terminal transaction daily (called “batching out”)
- Swipe or insert credit cards versus keying in credit card information
Treasury Management will charge the merchant department for monthly fees based on the statements received from American Express and the credit card processor. The ChartField string provided on the department’s merchant request applies.
In addition, departments are responsible for Florida Sales and Use Tax, if applicable. Questions on Sales and Use Tax, and the related reporting requirements, should be addressed to Educational Business Activity/Auxiliary Accounting (392-1231 or firstname.lastname@example.org).
Interchange fees are transaction fees that the merchant’s bank account must pay whenever a customer uses a credit/debit card to make a purchase from their store. The fees are paid to the card-issuing bank to cover handling costs, fraud and bad debt costs and the risk involved in approving the payment. [Back to Top]
Payment Card Industry Data Security Standards (PCI DSS)
The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS applies to all entities involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers. PCI DSS also applies to all other entities that store, process or transmit cardholder data. [Back to Top]
01/31/2021: reviewed content
TRM125 – Payment Card Security Awareness Training
Treasury Management/Payment Card Operations: (352) 392-9057