What You Should Know
A merchant account enables a department to process credit card transactions. The University has an established merchant relationship with PNC Bank, and uses First Data Global to process credit card receipts. New merchant accounts with PNC Merchant Services can be setup through cash operations.
Setting up a Merchant Account
If you would like to accept payment by credit card for sale of merchandise or services by your department, Cash Operations can help you to determine what form of credit card processing best suits your needs, and will provide the forms required to establish a new merchant account for your department. All requests for new merchant accounts need to be reviewed by Cash Management and authorized by the Associate Treasurer.
Upon approval, Cash Management will provide you with your merchant ID and a representative from PNC Bank and will help to setup of your new merchant account and configure any new terminals or software. Please keep in mind that it typically takes one or two weeks to establish a new merchant account.
Please remember to inform Cash Operations of the chartstring that all income and fees should be credited or debited against. Failure to do this will delay the processing of your department’s transactions.
Approved Methods for Processing of Credit Card Transactions
The Office of Information Technology has approved several terminals for the processing of credit card transactions. All new terminals approved for processing of credit card receipts are able to process EMV as well as contactless (NFC) payments such as Apple Pay.
All terminals should be upgraded to accept EMV (Europay, Mastercard, Visa) chip enabled technology by October 2015. EMV chip cards have a magnetic stripe on the back and look like a regular credit card, but have a computer chip embedded on the front of the card. The embedded chip creates a unique code for each transaction. Thieves often steal card data in order to create counterfeit cards, but the unique code makes the stolen data incomplete and virtually useless. If a terminal is unable to read an EMV chip-enabled credit card after October 2015 and is used to process a fraudulent transaction, the department will be required to absorb the fraudulent charge.
Standalone Wi-fi Terminals
Departments may choose from the following stand-alone terminals supplied by PNC Bank to process credit card payments:
Standalone Wi-fi Terminals (click to view list)
Although the above terminals are able to process credit card transactions wirelessly over a wi-fi network, the Princeton University wi-fi network is not configured to comply with PCI standards, and therefore transmission of confidential cardholder data over the University network is not permitted. Please note that the wi-fi must be turned off when using one of the above terminals.
Departments may also choose from the following mobile terminals supplied by PNC Bank for wireless processing of credit card payments over a cellular network:
Wireless Terminals (click to view list)
Existing FD400 wireless terminals are approved for processing of credit card transactions. However, these terminals cannot be upgraded to accept EMV cards, so departments using a FD400 terminal to process transactions after October 2015, will be responsible for absorbing the cost of any fraudulent transactions processed with this terminal.
To order a new terminal, please contact Cash Management. If you are opening a new merchant account, the purchase or lease of the terminal should be done at this time.
The following workstations are approved for processing credit card transactions:
Workstations (click to view list)
Existing Micros and RetailPro workstations are currently approved for processing of credit card transactions, however new workstations are only approved for use in conjunction with the Freedom Pay P2PE solution. Please consult with Cash Management prior to ordering a new workstation.
Card readers (like Square) that process credit card transactions in conjunction with a mobile phone are not authorized for use, except in our pilot program for Student Agencies. Please contact Cash Management if you would like further information on card readers.
Peripheral devices used to read a magnetic stripe or EMV Chip and upload cardholder data to a laptop/desktop computer via a USB connection are currently under review. Existing equipment is approved for processing of credit card transactions until such review is completed and specific equipment/sourcing is designated for new equipment.
Princeton University Websites
Princeton University websites must route customers to a secure third party gateway when credit card information needs to be entered to complete a purchase or donation. First Data Global (FDG) is the University’s third party gateway provider. Please contact Cash Management to if you need to establish an interface with FDG for your Department webpage.
Third Party Software Providers
Any third party software used to process credit card transactions must be reviewed and approved by OIT. Contracts must be reviewed and approved by cash management and a vendor relationship established by Purchasing. Any contract renewal or new contract with a third party software provider that processes credit card information must contain standard University PCI language.
Departments using third party software applications to process credit card transactions must annually obtain a Certificate of PCI Compliance from the vendor, and submit this Certificate to Cash Management. Third party applications must be configured to meet all PCI requirements for user IDs and passwords which are not satisfied by the University’s general network.
Note: In the event that none of the above PCI compliant methods of processing credit card transactions meet the business needs of your department, please contact Cash Management.
Compliance with Payment Card Industry Data Security Standards (PCI-DSS)
The payment card industry has established standards for the secure handling and transmission of cardholder data, commonly referred to as PCI-DSS. Princeton University is committed to handling confidential cardholder information in accordance with PCI-DSS, and therefore requires any department that accepts credit cards as a form of payment to complete and submit to Cash Management an annual Departmental Attestation of PCI Compliance.
Anyone in a department that handles credit cards must be authorized by the academic or administrative manager and must annually complete the University’s PCI Compliance Training Program. Authorized individuals should review University procedure and the Credit Card Processing Policy For Merchant Locations to understand how to securely accept, process, handle and store confidential cardholder data in accordance with PCI-DSS requirements.
If a breach of credit or debit card information is suspected or has occurred, the department manager should immediately report the breach to the OIT Help Desk at 258-HELP.
Monitoring Your Credit Card Receipts
My ClientLine is an online reporting tool provided by our Merchant Service Provider to assist Departments in tracking and reconciling credit card receipts. Department financial managers should reconcile credit card receipts against their statement on MyClientLine daily. Please contact Cash Management to establish a User ID for your Merchant Location.
Users can access My ClientLine at https://www.myclientline.net/. A training tutorial providing help on how to use MyClientLine is available at https://www.myclientline.net/publicS/clrp/training/demo.asp. For additional training or help setting up scheduled reporting, please contact Cash Management.
Cash Receipt and Account Reconciliation
When someone purchases an item or service from your department using a credit card, your merchant ID and the cardholder’s information is transmitted to our payment processor, First Data Global, via analog telephone line or via a third party provider’s secure network. It typically takes one day to process and receive funds from Visa, and three days to receive funds from American Express.
When cash is received by the University, funds are automatically applied to your department, based on your merchant ID and the chartstring you specified. Credit card transaction fees are charged to the department in the same manner.
Department financial managers should reconcile their account at least monthly to ensure that all credit card receipts have been properly credited to the appropriate chartstring. If necessary, department financial managers may redistribute credit card receipts to different chartstrings via Prime Journal.