Credit Card Procedures and Policies

Credit Card Procedures and Policies

This page offers additional explanation and detail to SAP 21.01.02.M0.03 Credit Card Collections.

Account Setup

Before submitting forms, contact Financial Management Operations (FMO) to determine the best solution to your credit card transaction needs. FMO will establish a new merchant account through the credit card processor on your behalf. New merchant account activation typically takes 3 weeks from the time the form is received by FMO.

If you plan on accepting cards in person, you must complete all pages of the New Credit Card Merchant Application, including sections on software and hardware needs. In certain circumstances, it may be necessary to purchase or lease equipment from the credit card processor. Depending on the equipment's placement, you may require work orders for telecommunications or AC power accommodations.

If you plan on receiving credit card payments in instances in which the card is not present (such as over the phone, by fax, or online), you need only complete the first section of the New Credit Card Merchant Application. However, for e-commerce be sure to discuss your needs with FMO prior to requesting a merchant account. You may be able to be accommodated in an existing merchant account. Contact FMO at (979) 845-8118 or (979) 845-5209.

Card Processing, Daily Close out, and Deposit Procedures

Credit card sales should be recorded like any other sale. Customers should be given receipts verifying payment for purchases unless an exception is granted by the Associate Vice President and Controller.

  • To process sales for walk-in customers presenting an acceptable credit card, the card should be run through the credit card machine at the time of the sale to validate the account number. The credit card must be kept within the customer's sight and the CVV code must never be copied or stored. Any exceptions must be approved by the Associate Vice President and Controller.
  • Deposits should be made on a daily basis by someone other than the individual who accepted the transaction payments.
  • For credit card sales, the credit card detail report or bill slips should be sent to FMO, MS 6000, on a daily basis. This report should break down the Visa/MasterCard, Discover, and American Express totals. If the merchant has a VeriFone printer, attach the tape to the iPayment credit card detail report.
  • Merchants are responsible for reconciling credit card deposits to their FAMIS statements.

Equipment Replacement/Disposal

When you no longer need a particular device to swipe or read credit cards, that device must be returned to FMO for disposal. Notify FMO at 845-5209 or 845-8118 if you have a device needing to go to Surplus. This allows FMO to insure that all sensitive information is removed from the device prior to disposal.

Credit Card Equipment Loans

If you have a one-time event in which you need the use of credit card equipment, FMO requires a minimum of 3 day’s written notice. It is in your best interest to contact us as early as possible to reserve the equipment and confirm that it is not already scheduled for a different department. For full information about short-term use of credit card equipment, read Credit Card Equipment Loans.

Credit Card Security Compliance

Texas A&M takes credit card security very seriously. All departments who accept credit cards as a form of payment must comply with security rules established by the Payment Card Industry Security Standards Council and our card processor Global Payments, as well as university SAP 21.01.02.M0.03.

Merchants are required to complete and submit an annual security Self Assessment Questionnaire (SAQ) each May. Financial Management Operations provides detailed instructions for SAQs.

Consequences of Non-Compliance

Merchants found to be out of compliance with security standards will be given a reasonable amount of time to correct the problem and be re-audited. If PCI-DSS non-compliance is due to documentation, procedure, or training, the merchant will be given 30 days from notification to reach compliance. If the non-compliance is related to IT security, a compliance date will be established by mutual agreement between the merchant and NCIS. Failure to reach compliance by deadline may result in the suspension of the merchant's account by Texas A&M's card processor. Requests for deadline extensions must be approved by the V.P. Finance.

Individuals who fail to complete the mandatory, annual PCI training by deadline are automatically suspended from accessing cardholder data or systems that support the processing of such data. Merchants with < 20% overall training compliance will be given 5 business days to complete online training. Failure to reach minimum compliance will result in the suspension of the merchant's account by Texas A&M's card processor.