Handling Credit Cards

Credit Card Merchant Services

UCSF departments or units that accept credit or debit cards for payment become credit card merchants. As a credit card merchant, the department assumes the requirements and risks associated with accepting credit card payments. Concerns about credit card fraud, for both consumers and the credit card industry, have resulted in a set of requirements that all credit card merchants must follow.

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure ALL merchants that process, store, or transmit credit card information maintain a secure environment. The University is obligated to comply with laws, regulations, guidelines, and policies such as BFB BUS-49 and BFB IS-3, to safeguard sensitive financial information, including credit and debit card data of its customers.

UCSF merchants must ensure third-party service providers and their payment software, gateways, equipment, and outsourced payment services are PCI DSS compliant and the appropriate data security language must be included in all contracts with third-party service providers involving payment card acceptance. Third-party payment solutions must be approved by UCSF Merchant Services.

In accordance with UCOP and the UCSF Controllers Office policy, all Credit Card Handlers must complete online UCSF PCI Security Awareness Training. Department supervisors or managers are required to educate employees upon hire and hold refresher course annually. Backgrounds check and fingerprinting are mandatory.

Credit Card Fees

The cost of accepting credit cards varies with every card. As a rule of thumb and as an average,

Bank of America Merchant Services (BAM) charges $.035 per item.
Visa, MasterCard, and Discover charge approximately 1.55% of the amount of the charge and $0.10 per item as a fee.
American Express charges 2.20% unless it the charge is for tuition or another expense that American Express deems “mandatory/necessary.” The rate for these changes is 2.05%.

Fees:

Convenience Fees: A fee the merchant assesses for providing an alternate payment channel.
Discount Fees (Interchange Rates): Fees charged to the merchant by the credit/debit card companies for processing credit/debit card transactions. This fee is normally based on a percentage of the purchase.
Processing Fees: Fees charged to the merchant by the credit/debit card processor for processing credit/debit card transactions.
Transaction Fees: A fee charged to the merchant by the credit/debit card processor for each credit/debit card transactions.

Card brands charge discount fees approximately 2.5% to 2.75% of the transaction volume. The discount fees are applied to the designated ledger account monthly via a journal generated by Controller Office Cash and Controls Team. Journals are completed by card type (Visa/Mastercard, Discover, American Express).

Merchant Equipment

Bank of America Merchant Services offers swipe card terminals FD130 and FD130DUO that are both PCI compliant and EMV capable. Both FD130 (Terminal with integrated PIN PAD) and FD130 DUO (Terminal with PIN PAD FD35 attached by cable) are available for rent at $36 plus tax/month or purchase at $600 plus tax.

EMV Point-of-Sale Terminal Support

Terminal	Description	Features
FD130	New fully integrated all-in-one device that supports all major MAG stripe or MSR, PIN Debit, EBT, mobile and contactless transactions, EMV Contact and Contactless EMV	Integrated Wi-Fi Memory – 128 MB Flash, 64MB RAM Full color screen
FD130DUO	New tethered solution that accepts all major MAG stripe or MSR, PIN Debit, EBT, mobile and contactless transactions, EMV Contact and Contactless EMV	Integrated Wi-Fi Memory – 128 MB Flash, 64MB RAM Full color screen
FD100Ti FD100TiWiFi	Effective April 1, 2014, support teams are no longer manufacturing this device but technical support will continue.

Terminal

Description

Features

FD130

New fully integrated all-in-one device that supports all major MAG stripe or MSR, PIN Debit, EBT, mobile and contactless transactions, EMV Contact and Contactless EMV

Integrated Wi-Fi
Memory – 128 MB Flash, 64MB RAM
Full color screen

FD130DUO

New tethered solution that accepts all major MAG stripe or MSR, PIN Debit, EBT, mobile and contactless transactions, EMV Contact and Contactless EMV

Integrated Wi-Fi
Memory – 128 MB Flash, 64MB RAM
Full color screen

FD100Ti

FD100TiWiFi

Effective April 1, 2014, support teams are no longer manufacturing this device but technical support will continue.

Another option for departments who want to accept EMV transactions but do not want to replace their existing FD100ti is to purchase or rent the FD35 Pin Pad. This pin pad can be attached to the FD100ti to accept EMV transactions. The cost to rent is $12.50 plus tax/month and to purchase is $127.27 plus tax.

For departments who require the use of wireless swipe terminal, the FD410 is available to use in conjunction with a cellular network. The cost to rent is $92 plus tax/month and $799 plus tax to purchase outright. The FD410 however is not currently EMV ready.

EMV stands for Europay, MasterCard, Visa. It is the global standard for chip-based Debit and Credit Card transactions. It is a joint effort between Europay, MasterCard and Visa to ensure security and global acceptance so that MasterCard and Visa Cards can continue to be used everywhere. EMV technology is a global initiative designed to reduce fraud and help secure cardholder information.

Replacement Equipment

To request replacement equipment, please email [email protected] including the merchant name, merchant ID number, terminal ID number and complete address for shipping replacement equipment. The merchant ID number and terminal ID number can be found on the sticker on the terminal. If a replacement pin pad is needed, please include the associated terminal id number with the request as well as the pin pad serial number.

Onboarding for UCSF Credit Card Merchants

All departments who want to accept credit card payments are required to conduct a cost-benefit analysis. The analysis will ascertain if the volume of credit cards payments accepted will justify the cost of processing the credit cards and what type of credit card environment is best suited for the department. Before either accepting payment via credit card or signing any agreements involving credit card services/equipment, the department must receive approval from UCSF Merchant Services. To initiate an approval request, email UCSF Merchant Services at [email protected].

After approval by UCSF Merchant Services, the department completes the Credit Card Merchant ID Request Form. Once the form is received, the Controller's Office Cash and Controls Team will establish a merchant account. The overall process takes approximately 7 to 10 business days.

There are two types of credit card processing methods:

Card Swipe Terminal: The card swipe terminal is a stand-alone device used to process credit/debit card transactions. As the credit/debit is swiped, the terminal reads the magnetic strip on the back of the card as evidence of a card present transaction.

Web-based Gateway (Third-Party - Authorize.net): The University requires merchants to utilize secure servers when providing for the purchase of services via the web. Merchants are prohibited from storing credit card information on their servers and the merchant’s website must link to the campus hosted gateway to process payments. This gateway securely links to a single third party processor (currently Authorize.Net also known as Cybersource) for authorizations/approvals.

Credit Card Processing Method	Environment	Equipment Required	Cost
Card Swipe Terminal	Face-to-face Customer Interaction	Purchase or rent stand-alone credit card processing terminals from Bank of American Merchant Services	Pass-through bank charges and interchange fees Terminal rental
Web-based Gateway	Customers enter card information online through Authorize.Net via customer-owned device.	Must be preapproved by the campus credit card coordinator. URL is required	Varies

Establishing New Credit Card Handlers

The employee must have a background check on file. Proof of background check completion must be maintained on file within the department as well as the appropriate HR Service Center.
- Employees hired on or after March 13, 2017 complete a background check as part of the pre-employment process.
- Employees hired prior to March 13, 2017 who do not already have a background check completed by LiveScan will need to complete a new background check.
New credit card handlers must complete the required online course “PCI Security Awareness Training” in the UC Learning Center. This training is required before the employee can handle credit cards and annually thereafter as long as they continue to handle credit cards.
- If you, the employee's supervisor/manager, cannot assign this course to the employee in the UC Learning Center, send an email request to [email protected]. Include:
  - Employee's full name
  - Employee's email address
  - Employee's UCSF employee ID
  - Request the new credit card handler be assigned to the PCI Security Awareness Training.
Departments need to email the following information for new credit card handlers or depositors to with Cash & Controls Team:
- Name
- Phone Number
- Email Address
- Department Name
- Department Box Number
- Department Physical Address
- Name of supervisor/manager

Online Reporting Tools

Business Track

Business Track (formerly ClientLine) is a free web tool for tracking, analyzing, and monitoring payment processing information provided by our merchant processor.

Features:

Standardized reports
13 months of electronic transaction detail
Bank statement reconciliation
Summaries of credit, debit and gift card activity for selected time periods
Schedule reports for email delivery
Detailed chargeback and retrieval expenses

Due to the sensitivity and the amount of confidential data, access to Business Track should be limited to employees who are familiar with the University of California Policy BUS-49. Send email to the Controller’s Office Cash and Controls Team to request access and enrollment in Business Track.

Authorize.Net

The Controller’s Office Cash and Controls Team will set up user roles (except “Account Owner”) in Authorize.net for department users using the web-based gateway processing method for its payment gateway account. (See User Role Definitions). Send email to the Controller’s Office Cash and Controls Team to request access and enrollment in Authorize.net.

Recording Credit Card Transactions in the General Ledger

Journal Entries

Departments are required to settle the transactions via the processor on a daily basis. Financial journals must be prepared and approved by the department following the Credit Card Journals job aid.

Refunds

Credit Card Operating Regulations require that all refunds MUST be issued to the same credit/debit card as the original sale. The process for issuing refunds varies depending on the type of payment system used. Refunds CANNOT be issued before the end of day settlement has been processed.

Due to the potential for fraud, departments must carefully review operational procedures and determine staff members authorized to issue refunds. It is recommended that a department manager or supervisor with no cashiering functions be designated.

Under exceptional circumstances, such as when the credit/debit card account is closed, the refund can be processed via a Check Request (Form 5) with supporting documentation and settlement receipt attached.

Chargebacks

A chargeback reverses a credit/debit card transaction by debiting the campus bank account. Transactions may need to be reversed due for reasons such as authorization errors, processing errors, or disputes.

The most efficient way to receive chargeback information is through the Business Track Disputes Dashboard except for American Express. Business Track offers chargeback information dating back 6 months, and provides merchants with the description, amount, issuer, and other transaction-related information. Through Business Track, merchants can immediately dispute chargebacks.

You can also receive chargeback details through mail or email but this method is not recommended as letters are easily lost in the mail or delayed, and email can be overlooked or deleted. You also run the risk of not having enough time to dispute the chargeback due to the restricted time frame for disputing charges.

For American Express, chargeback notification is sent to the Controller’s Office Cash and Controls Team via email. Upon receiving the notification, Cash and Controls Team will forward the notification to the department for further research and response.

Closing a Merchant Account

To close a merchant account, please email [email protected] to request a call tag to return equipment. Include the merchant name, merchant ID number, equipment ID number and/or serial number as well as a statement requesting closure of the merchant account.

Returning Credit Card Equipment

To return credit card equipment (defective or no longer needed, etc), please email [email protected] to request a call tag. Include the merchant name, merchant ID number, equipment ID number or serial number and the reason for the return.

Call Tag

The Cash and Controls Team will request the Call Tag (Shipping Label) from the merchant processor - Bank of America Merchant Services.
Bank of America Merchant Services will email the Call Tag and shipping instructions to the merchant’s contact person.

STEP 1 – Pack the equipment individually and accessories in a box and prepare it properly for shipping. Get copy of the Call Tag.

STEP 2 – Affix the Call Tag to the box, making sure that no other labels show.

STEP 3 – Follow the shipping instructions included in the email from Bank of America Merchant Services.

If the equipment is not received back, the merchant account may be billed for the cost of the equipment (approximately $550.00) plus applicable tax.