Becoming a UCSF Credit Card Merchant
Departments that wish to establish a new method of accepting credit cards or make changes to existing payment methods must contact UCSF Merchant Services to obtain authorization and support prior to change or implementation. This page describes the merchant onboarding process.
Key Concepts
UCSF departments or units that wish to accept credit or debit cards for payment must apply to become credit card merchants. As a credit card merchant, the department assumes the requirements, risks, and responsibilities associated with accepting credit card payments. Concerns about credit card fraud, for both consumers and the credit card industry, have resulted in a set of requirements that all credit card merchants must follow.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure ALL merchants that process, store, or transmit credit card information maintain a secure environment. The University is obligated to comply with laws, regulations, guidelines, and policies such as BFB BUS-49 (opens in new window) and BFB IS-3 (opens in new window), to safeguard sensitive financial information, including credit and debit card data of its customers. UCSF merchants are required to participate fully in all necessary processes for training, monitoring, and reporting to the PCI Security Council in order to maintain merchant status.
UCSF merchants must not engage a third-party payment service provider, payment software, gateway, equipment, or outsourced payment service without prior completion of a UCSF Risk Assessment and approval by UCSF Data Security and Merchant Services.
In accordance with UCOP and the UCSF Controllers Office policy, all Credit Card Handlers must complete online UCSF PCI Security Awareness Training. Department supervisors or managers are required to educate employees upon hire and hold refresher course annually. Backgrounds checks and fingerprinting are mandatory. Merchant managers are required to keep a staff log of authorized credit card and payment processing staff, both as they are hired and terminated, and submit this log to Merchant Services as requested for system updates and/or audit requirements.
Credit Card Processing Methods
There are two types of credit card processing methods:
- Card Swipe Terminal: The card swipe terminal is a stand-alone device used to process credit/debit card transactions. As the credit/debit card is swiped, the terminal reads the magnetic strip on the back of the card as evidence of a card-present transaction.
- Web-based Gateway (Third-Party, Touchnet): The University requires merchants to utilize secure servers when providing options for the purchase of goods or services via the web.
Merchants are prohibited from contracting independently with third party web services for payment processing and storing credit card information on their servers. A merchant’s website must link to the campus hosted gateway to process payments.
For support in facilitating a web-based payment option for your department please email [email protected] to schedule a scoping discussion in partnership with the e-commerce group.
Credit Card Fees
The cost of accepting credit cards varies with every card. As a rule of thumb and as an average:
- Bank of America Merchant Services (BAM) charges $0.035 per item.
- Visa, MasterCard, and Discover charge approximately 1.55% of the amount of the charge and $0.10 per item as a fee.
- American Express charges 2.20% unless the charge is for tuition or another expense that American Express deems “mandatory/necessary.” The rate for these changes is 2.05%.
Costs include the following fee types:
- Convenience Fees: A fee the merchant assesses for providing an alternate payment channel.
- Discount Fees (Interchange Rates): Fees charged to the merchant by the credit/debit card companies for processing credit/debit card transactions. This fee is normally based on a percentage of the purchase.
- Processing Fees: Fees charged to the merchant by the credit/debit card processor for processing credit/debit card transactions.
- Transaction Fees: A fee charged to the merchant by the credit/debit card processor for each credit/debit card transaction.
Card brands charge discount fees approximately 2.5% to 2.75% of the transaction volume. The discount fees are applied to the designated ledger account monthly via a journal generated by Controller Office Cash and Controls Team. Journals are completed by card type (Visa/Mastercard, Discover, American Express).
Merchant Responsibilities
Credit Card Merchants, both in person and through e-commerce, have a significant responsibility when it comes to handling credit card payments safely. Ensuring the security of customer credit card information is not only essential for protecting the customers but also for maintaining the trust and reputation of the University. Review key merchant responsibilities in the safe handling of credit card payments.
Onboarding for UCSF Credit Card Merchants
All departments that want to accept credit card payments are required to conduct a cost-benefit analysis. The analysis will ascertain if the volume of credit card payments accepted will justify the cost of processing the credit cards and what type of credit card environment is best suited for the department. Before either accepting payment via credit card or signing any agreements involving credit card services/equipment, the department must receive approval from UCSF Merchant Services. To initiate an approval request, email UCSF Merchant Services at [email protected].
After approval by UCSF Merchant Services, the department completes the Credit Card Merchant ID Request Form. Once the form is received, Merchant Services will establish a merchant account, work with you to determine the appropriate payment terminal option, place equipment orders, and facilitate setup. The overall process takes approximately 30 business days from the time the Merchant ID Request Form is received from the department.