Credit Card Merchant Services

UCSF Merchant Services is tasked with the oversight, support, and improvement of payment card and electronic payment acceptance across UCSF.

As credit cards, eChecks, and Automated Clearing House (ACH) payments are accepted across numerous services and programs, UCSF Merchant Services works to enable and ensure continued compliance with relevant financial policies and procedures, especially as related to PCI Data Security Standards. These objectives are accomplished through collaboration between the Controller’s Office, Information Technology Information Security, and UCSF's banking partners.

Operationally, UCSF Merchant Services endeavors to be a resource to schools, departments, and clinics through the following services.

Functional Process Articles

Becoming a UCSF Credit Card Merchant

Departments that wish to establish a new method of accepting credit cards or make changes to existing payment methods must contact UCSF Merchant Services to obtain authorization and support prior to change or implementation. All departments who accept electronic payments in any form are required to adhere to PCI DSS standards, including initial training of staff, periodic updates to policies and procedures, and periodic testing of knowledge, policies, and procedures, as required by the PCI Council, in order to retain merchant status.

Onboarding New Merchant Staff

Department managers must maintain a ledger of all staff currently eligible for handling electronic payments at any stage within the department and are required to report new credit card handlers to Merchant Services to ensure PCI Security Training is assigned and completed prior to payment acceptance. Proof of background check completion for new or established employees must be maintained on file within the department as well as the appropriate HR Service Center.

Reconciling and Recording Credit Card Transactions in the General Ledger

Review the procedures to record credit card journals in UCSF's PeopleSoft financial system following UCSF's credit card journal entry process.

Closing a Merchant Account

Email [email protected] to request decommissioning of Merchant IDs and return of terminal equipment in order to protect from fraudulent use and ensure that continued merchant expenses are not incurred.

Working with Payment Processing Equipment

Merchants who wish to obtain user guides for terminals at their location can find them in this section or contact [email protected] when troubleshooting issues with an existing terminal.

Understanding Payment Card Industry Data Security Standard (PCI DSS)

All merchants who accept electronic payments are required to understand, adhere to, and provide evidence of compliance to international payment security standards. UCSF is committed to ensuring the utmost protection of payment and personal information for our customers and patients.

How are PCI DSS Requirements Tested? UCSF and Total Compliance Tracking (TCT)

UCSF implemented Total Compliance Tracking (TCT) to efficiently manage PCI DSS testing and compliance tracking across the University. This online web-based tool assists in documenting our efforts to maintain data security standards across all merchants.

Credit Card Merchant Services

Service Contacts

Service Level Expectation

New merchant account (terminal or internet): set up within 30 business days of receiving required information

Active terminal out of service: same business day for initial response; two business days from time of receiving required information to resolution