FAQs

We would like to start accepting credit cards in our department. What do we need to do to get set up?

Contact UM Treasury PCI Compliance Office at (305) 284-1667 or via our email, pciteam@miami.edu
Merchant Onboarding Checklist

What is the Payment Card Industry Data Security Standard (PCI DSS) and to whom does it apply?

PCI DSS is the result of a collaboration of the major credit card associations to establish a
single data security standard designed to protect sensitive cardholder information. Any entity that
stores, processes or transmits cardholder data (including credit and debit cards) must comply
with PCI DSS requirements.

Do departments or units using third-party processors have to be PCI compliant?

Yes. Merely using a third-party company does not exclude a company from PCI compliance. It
may cut down on risk exposure and consequently reduce the effort to validate compliance.
However, it does not mean the company can ignore PCI.

What should I do if I am compromised or suspect a credit card data breach?

Contact UMIT Security and UM Treasury Department

Is it OK to process credit card payments on behalf of a customer on my work computer?

University employees are not allowed to process credit card transactions on University-owned
devices on behalf of customers. The customer must make the online payment using his or her
own device.

Who is required to complete annual credit card security training?

Annual training is required for personnel who have logical or physical access to credit cards
such as UMIT or are currently processing/transmitting/storing/reconciling credit cards.

Whom can I contact if I have a technical issue with our credit card machine?

For technical, hardware and troubleshooting support concerning credit card terminals
purchased from Elavon Technical Support: 1(800)-490-7332 option #3.

For terminals purchased from Bluefin, please contact: premiersupport@bluefin.com (312) 477-0179

If your unit needs to be replaced, please obtain approval from UM Treasury prior to making the
purchase.

What are the penalties for noncompliance?

The payment brands may fine an acquiring bank $5,000 to $100,000 per month for PCI
compliance violations. The banks will most likely pass this fine on downstream until it
eventually hits the merchant. Furthermore,

Non-compliance can result in fines and remedial efforts that could easily exceed $1 million. Costs include fines, forensic exams, cardholder notifications, setup of a call center, credit monitoring and more costly compliance requirements. The costs would be the responsibility of the merchant.
Fraud and identity theft are a risk to customers (students, faculty/staff and the general public) if a department is non-compliant.
Breach of cardholder information can result in negative publicity and damage to UM’s reputation.
The bank will also most likely either terminate your relationship or increase transaction fees.

Accordion Group

PCI Compliance

Resources

UM Network

Visit

Connect