University Policy 3.17, Accepting Credit Cards To Conduct .
CORNELL UNIVERSITYPOLICY LIBRARYAccepting Credit Cards toConduct University BusinessPOLICY 3.17Volume: 3, Financial ManagementChapter: 17, Accepting CreditCards to Conduct UniversityBusinessResponsible Executive: ExecutiveVice President and CFOResponsible Office: Office of theTreasurerOriginally Issued: January 2001Last Full Review: Juy 13, 2018Last Updated: April 22, 2020POLICY STATEMENTFor all units that accept credit cards as a method of payment for goods or services inrelation to university business/operations, Cornell University requires compliancewith Payment Card Industry – Data Security Standards (PCI-DSS) protocols, andwith the procedures outlined in this document. Units wishing to accept credit cardsfor payment must be pre-approved by the Office of Cash Management (Ithacacampus units) or the Finance Office (Weill Cornell Medicine units).REASON FOR POLICYThe university strives to ensure proper stewardship of its assets while supporting itsmission; toward this end, all units must treat the acceptance of credit cards in aconsistent and efficient manner.ENTITIES AFFECTED BY THIS POLICY Ithaca-based campuses and locations Cornell Tech campus Weill Cornell Medicine campusesWHO SHOULD READ THIS POLICY‒ Individuals responsible for accepting credit cards to conduct university business‒ Individuals responsible for developing or maintaining technology to conductcredit card transactions‒ Individuals utilizing third-party solutions to process credit card transactions foruniversity businessWEB ADDRESS FOR THIS POLICY‒ This policy: it-cards-conductuniversity-business‒ University Policy Office: www.policy.cornell.edu1
Cornell Policy LibraryVolume: 3, FinancialManagementResponsible Executive:Executive Vice President andCFOResponsible Office: Office ofthe TreasurerOriginally Issued: January 2001Last Full Review: July 13, 2018Last Updated: April 22 2020POLICY 3.17Accepting Credit Cards to Conduct University BusinessCONTENTSPolicy StatementReason for PolicyEntities Affected by this PolicyWho Should Read this PolicyWeb Address for this PolicyRelated ResourcesContactsContacts, Weill Cornell Campus UnitsDefinitionsResponsibilities, Ithaca Campus UnitsResponsibilities, Weill Cornell Campus UnitsPrinciplesIntroduction 14Prohibited Credit Card Activities 14Credit Card Advisory Group (C-CAG) 14PCI DSS Compliance 14Acceptable Credit Cards 15Security and Technical Standards 15Standards for Business Processes, Paper and Electronic Processing 15Methods of Processing Transactions 15Procedures, Ithaca Campus UnitsRequirements for Individuals Involved with Credit Card Processing 17Posting and Reconciling Transactions 17Accepting University Procurement Cards 17Handling a Customer Disputed Charge 17Processing Refunds 18Outsourcing to Third Parties 18Canceling a Merchant ID 18Decommissioning Computer Systems and Electronic Media Devices 18Actions if You Suspect a Breach 18Procedures, Weill Cornell Campus UnitsPCI DSS Compliance Certification 20Credit Card Information and Email 20Establishing a Merchant Account 20Decommissioning Computer Systems and Electronic Media Devices 20Protecting Sensitive Information 20Third-Party Outsourcing 21Transaction Reconciliation 21Processing Refunds 21Handling a Customer Disputed Charge 21Posting and Reconciling Transactions 2121111145671013141720
Cornell Policy LibraryVolume: 3, FinancialManagementResponsible Executive:Executive Vice President andCFOResponsible Office: Office ofthe TreasurerOriginally Issued: January 2001Last Full Review: July 13, 2018Last Updated: April 22 2020POLICY 3.17Accepting Credit Cards to Conduct University BusinessCONTENTS, continuedCanceling a Merchant ID 22Actions if You Suspect a Breach 22Index 233
Cornell Policy LibraryVolume: 3, FinancialManagementResponsible Executive:Executive Vice President andCFOResponsible Office: Office ofthe TreasurerOriginally Issued: January 2001Last Full Review: July 13, 2018Last Updated: April 22 2020POLICY 3.17Accepting Credit Cards to Conduct University BusinessRELATED RESOURCESUniversity Policies and Documents Applicable to All Units of the UniversityUniversity Policy 3.1, Accepting University GiftsUniversity Policy 3.2, Travel ExpensesUniversity Policy 3.6, Financial Irregularities, Reporting and InvestigationUniversity Policy 3.20, Cost Transfers on Sponsored AgreementsUniversity Policy 3.22, Safekeeping of Financial Assets, Including Cash, Checks, and SecuritiesUniversity Policy 3.25, Procurement of Goods and ServicesUniversity Policy 4.2, Transaction Authority and Payment ApprovalUniversity Policy 4.7, Retention of University RecordsUniversity Policy 5.1, Responsible Use of Information Technology ResourcesUniversity Policy 5.10, Information SecurityUniversity Policies and Documents Applicable to Only Ithaca Campus UnitsUniversity Policy 4.3, Sales Activities on CampusUniversity Policy 4.12, Data Stewardship and CustodianshipUniversity Policy 5.3, Use of Escrowed Encryption KeysUniversity Policy 5.4.1, Security of Information Technology ResourcesUniversity Policy 5.4.2, Reporting Electronic Security IncidentsCornell’s PCI Incident Response PlanPolicies and Documents Applicable to Only Weill Cornell Campus UnitsUniversity Policy 3.2.1, Travel and Business Expense Reimbursement, WCMWCM Policy 12.5, PCI PolicyExternal DocumentationPCI Security Standards CouncilPCI Security Standards Council List of Validated Payment ApplicationsUniversity Forms and SystemsIthaca Campus UnitsWeill Cornell Campus UnitsApplication for Credit Card Merchant AccountsmyCertificates (Security Awareness Training)Credit Card Awareness TrainingWCM File Transfer ServicePCI Self-Assessment Questionnaire (SAQ)Guidelines and DocumentsUnit Training Attestation4
Cornell Policy LibraryVolume: 3, FinancialManagementResponsible Executive:Executive Vice President andCFOResponsible Office: Office ofthe TreasurerOriginally Issued: January 2001Last Full Review: July 13, 2018Last Updated: April 22 2020POLICY 3.17Accepting Credit Cards to Conduct University BusinessCONTACTSDirect any general questions about this policy to your college or unit administrativeoffice. If you have questions about specific issues, contact the following offices.Contacts, Ithaca Campus UnitsSubjectContactTelephoneEmail/Web AddressPolicy ClarificationCash Management(607) 254-1590cashmanagement@cornell.eduBreach, ReportingCash Management(607) 254-1590cashmanagement@cornell.eduIT Security Office(607) 255-6664pci-help@cornell.eduContracts with Third-PartyProvidersProcurement and PaymentServices(607) 255-3804Departmental JournalCreditCash Management(607) 254-1590cashmanagement@cornell.eduGeneral Credit Card –Related QuestionsCash Management(607) 254-1590cashmanagement@cornell.eduCredit Card ProcessorSupport LinesFreedomPay(877) 888-8430Elavon(800) 725-1245PCI Compliance, Technicalor SecurityIT Security Office(607) 255-6664pci-help@cornell.eduSales Tax and Other TaxIssuesUniversity Tax Office(607) dfa.cornell.edu/procurement/(available 24/7)www.dfa.cornell.edu/tax/5
Cornell Policy LibraryVolume: 3, FinancialManagementResponsible Executive:Executive Vice President andCFOResponsible Office: Office ofthe TreasurerOriginally Issued: January 2001Last Full Review: July 13, 2018Last Updated: April 22 2020POLICY 3.17Accepting Credit Cards to Conduct University BusinessCONTACTS, WEILL CORNELL CAMPUS UNITSContacts, Weill Cornell Campus UnitsSubjectContactTelephoneEmail/Web AddressPrivacy Office(212) 746-1121privacy@med.cornell.eduPolicy ClarificationBreach, Reporting aInformation Security(646) 962-3010its-security@med.cornell.eduContracts with Third-PartyProvidersOffice of University Counsel(212) 746-0463jkahn@med.cornell.eduPCI Compliance, BusinessPracticesPrivacy Office(212) 746-1121privacy@med.cornell.eduController, Finance(646) 962-3635jos2067@med.cornell.eduPCI Compliance, Technicalor Security IssuesInformation Security(646) 962-3010its-security@med.cornell.eduSales Tax or UnrelatedBusiness Income IssuesFinance Department ComplianceOffice(646) 962-3695pat2005@med.cornell.edu6
Cornell Policy LibraryVolume: 3, FinancialManagementResponsible Executive:Executive Vice President andCFOResponsible Office: Office ofthe TreasurerOriginally Issued: January 2001Last Full Review: July 13, 2018Last Updated: April 22 2020POLICY 3.17Accepting Credit Cards to Conduct University BusinessDEFINITIONSThese definitions apply to terms as they are used in this policy.AcquirerThe bank or financial institution that accepts credit and or debit cardpayments for products or services on behalf of a merchant. The termacquirer indicates that the bank accepts or acquires transactionsperformed using a credit card issued by all banks within the cardindustry.BankA financial institution that provides merchant accounts to enable aunit to accept credit card payments. Funds are deposited into anaccount established at this institution.BreachAlso called “data breach.” An incident wherein information is stolen ortaken from a system without the knowledge or authorization of thesystem's owner. Stolen data may involve sensitive, proprietary, orconfidential information, such as credit card numbers, customer data,trade secrets or matters of national security.Card Verification Code or ValueA data element on a card's magnetic stripe that uses securecryptographic process to protect data integrity on the stripe, andreveals any alteration or counterfeiting. Referred to as the following,depending on payment card brand: CAV – Card Authentication Value – JCBCVC – Card Validation Code – MasterCardCVV – Card Verification Value – Visa and DiscoverCSC – Card Security Code – American Express (AMEX)Also, the rightmost three-digit value printed in the signature panelarea on the back of the card (for Discover, Visa, MasterCard) or thefour-digit number printed above the primary account number (PAN)on the face of the card (for AMEX). CID – Card Identification Number – AMEX and DiscoverCAV2 – Card Authentication Value 2 – JCBCVC2 – Card Validation Code 2 – MasterCardCVV2 – Card Verification Value 2 – VisaChargebackThe deduction of a disputed sale previously credited to a unit’saccount when the unit fails to prove that the customer authorized thecredit card transaction.Confidential InformationAlso called “Level 1 Information.” Information that has beendetermined by institutional information stewards to require the highestlevel of privacy and security controls. Currently, any information thatcontains any of the following data elements, when appearing inconjunction with an individual’s name or other identifier, is consideredto be confidential (level 1) information: Credit Card Advisory Group (CCAG)Social Security numberCredit card numberDriver's license numberBank account numberProtected health information, as defined in the HealthInsurance Portability and Accountability Act (HIPAA)A group of individuals that works with campus stakeholders to identifynecessary compliance activities or technology solutions,recommends updates to this and other policies, and advises the7
Cornell Policy LibraryVolume: 3, FinancialManagementResponsible Executive:Executive Vice President andCFOResponsible Office: Office ofthe TreasurerOriginally Issued: January 2001Last Full Review: July 13, 2018Last Updated: April 22 2020POLICY 3.17Accepting Credit Cards to Conduct University BusinessDEFINITIONS, continuedexecutive vice president and chief financial officer on PCIrequirements.CustomerAn individual or other entity that makes a payment to the universityfor goods or services.e-CommerceBusiness transactions that are conducted via the Internet. For thepurposes of this policy, e-Commerce refers to credit card transactionsthat are made online.Data BreachSee “Breach.”Lockbox ProcessingA method of processing through a lockbox is a service offered bycommercial banks to organizations that simplifies collection andprocessing of account receivables by having those organizations'customers' payments mailed directly to a location accessible by thebank. See Table 1, Methods of Processing Transactions, in theProcedures, Ithaca Campus Units section of this policy.MerchantA unit that accepts credit cards as a method of payment.Merchant DiscountA percent or per-transaction fee that is deducted from the unit's grosscredit card receipts and paid to the bank.Merchant ID (MID)An account established for a unit by a bank to credit sale amountsand debit processing fees.Merchant FeeA percent and/or per-transaction fee that is deducted monthly fromthe unit's gross credit card receipts and paid to the bank. Feestypically encompass service fees, discounts and interchange feespassed along from Visa/MasterCard.P2PEPoint-to-point encryption. A standard created by the Payment CardIndustry Security Standards Council (PCI SSC) in which credit carddata is encrypted immediately upon swiping/dipping the card at theterminal and remains encrypted until it reaches the processor.Devices must be reviewed and approved by the PCI SSC before theycan be listed as PCI-validated P2PE devices.Payment Card Industry DataSecurity Standards (PCI DSS)A set of comprehensive requirements for enhancing payment accountdata security, developed by the PCI SSC to help facilitate the broadadoption of consistent data security measures on a global basis.PCI DSS Security AwarenessTrainingAn online training program, available through CULearn for Ithacacampus units, and through myCertificates for Weill Cornell Medicine(WCM) campus units, that includes information on compliantprocesses (business and technical) and changes in industrystandards.PCI Security Standards CouncilAn organization for the ongoing development, enhancement, storage,dissemination, and implementation of security standards for accountdata protection in the payment card industry, through education andawareness. The organization was founded by American Express,Discover Financial Services, JCB International, MasterCardWorldwide, and Visa, Inc.(PCI SSC)Personal Identification Number(PIN)A numeric password known only to the user and a system toauthenticate the user to the system.POSPoint-of-sale device. A device that is used by a customer or thecashier to process a credit card payment.Primary Account Number (PAN)The 16-digit (15-digit for AMEX) account number on the credit card.Report on Compliance (ROC)An annual certification report issued by the PCI SSC to a third-partyprovider that has been validated as PCI-compliant.8
Cornell Policy LibraryVolume: 3, FinancialManagementResponsible Executive:Executive Vice President andCFOResponsible Office: Office ofthe TreasurerOriginally Issued: January 2001Last Full Review: July 13, 2018Last Updated: April 22 2020POLICY 3.17Accepting Credit Cards to Conduct University BusinessDEFINITIONS, continuedSelf-Assessment Questionnaire(SAQ)A form used as self-validation tool to assist merchants and serviceproviders in evaluating their compliance with PCI Data SecurityStandards (PCI DSS). For more information, contact CashManagement. Consult PCI SSC for the appropriate SAQ. SeeRelated Resources.Terminal and PrinterA method of processing credit cards at the university. See Table 1,Methods of Processing Transactions, in the Procedures, IthacaCampus Units section of this policy.UnitA college, department, program, research center, business servicecenter, office, or other operating unit.9
Cornell Policy LibraryVolume: 3, FinancialManagementResponsible Executive:Executive Vice President andCFOResponsible Office: Office ofthe TreasurerOriginally Issued: January 2001Last Full Review: July 13, 2018Last Updated: April 22 2020POLICY 3.17Accepting Credit Cards to Conduct University BusinessRESPONSIBILITIES, ITHACA CAMPUS UNITSThe following are the major responsibilities each party has in connection with this policy.Cash ManagementNegotiate all contracts with credit card companies.Review requests for new merchant IDs (MIDs), and establish whereappropriate.Consult with units regarding merchant accounts, merchant discounts,and all other aspects of this policy.Keep current with Payment Card Industry Data Security Standards(PCI DSS) regulations and make changes to processes, asappropriate.Coordinate and account for annual PCI DSS requirements: Provide PCI security awareness training portal to units.Collect, from every unit, signed and dated attestations thatall appropriate individuals have completed the annualsecurity awareness training.o Coordinate and review quarterly scans.Confirm that units using third-party providers have submittedproper documentation.oCornell IT Security Office(ITSO)Review unit Self-Assessment Questionnaire (SAQ)completion status; collaboratively work with units thathave an incomplete/fail status toward a successfulcompletion of this requirement.Submit annually the necessary documentation toacquirer for PCI certification at the university level.Maintain security standards as required by this policy.Keep current with PCI DSS regulations and make changes to toolsand processes, as appropriate.Consult with units on technical PCI DSS issues.Assist units when there are data breaches.Assist Cash Management in its mandatory annual training sessions.Credit Card Advisory Group (CCAG)Work with campus stakeholders to identify necessary PCI complianceactivities or technology solutions in compliance with the latest lawsand standards.Recommend updates to this and other policies related to acceptingcredit card payments in compliance with the latest laws andstandards.Advise the executive vice president and chief financial officer andother leadership stakeholders on PCI requirements, business needs,and compliance objectives.Cornell Procurement andPayment ServicesConsult with units regarding service contracts for third-partyoutsourcing of PCI-compliant credit card processing systems.When evaluating contracts on behalf of units, verify that the contractstates that it will become null and void if the vendor does not maintainPCI DSS compliance.IndividualReport any breaches to the IT Security Office and Cash Management,according to the “Reporting Breaches” section of this policy.Senior Finance Officer orDesigneeAttest annually to Cash Management confirming unit’s completion ofthe PCI security awareness training requirement.Approve (by signing a form) all applications for new MID requests.10
Cornell Policy LibraryVolume: 3, FinancialManagementResponsible Executive:Executive Vice President andCFOResponsible Office: Office ofthe TreasurerOriginally Issued: January 2001Last Full Review: July 13, 2018Last Updated: April 22 2020POLICY 3.17Accepting Credit Cards to Conduct University BusinessRESPONSIBILITIES, ITHACA CAMPUS UNITS, continuedUnit Processing PaymentsDetermine whether accepting credit cards will benefit the unit andwhether there is a valid business purpose.Applying for a Merchant ID (MID)Submit to the senior finance officer or designee for approval acompleted application for a new MID.Once approved by the senior finance officer or designee, submitapproved MID application to Cash Management.Administering the Credit Card ProcessMaintain security standards and employ procedures as required bythis policy, no matter what type of credit card processing is utilized.Provide proper unit controls regarding who may process credit cardtransactions (e.g., terminal passwords may be established for returntransactions).Maintain a segregation of duties between employees who processcredit card transactions, those who reconcile daily batches, and thosewho post to the general ledger.Charge sales tax where appropriate.Annually complete a merchant SAQ. (See Related Resources.)Taking Credit Card PaymentsGet an authorization from the bank for every transaction.Validate that the signature on the card reasonably matches thesignature of the purchaser.If the card says “see Photo ID” - validate that the photo ID matchesthe name on the card of the purchaser.Accept credit cards only for sales that are not prohibited (see theProhibited Credit Card Activities segment of this document).Complete an annual PCI self-assessment questionnaire, and submit itto Cash Management. (See Related Resources.)Ensure that anyone responsible for and/or involved with credit cardprocessing (sales, reconciliation, management of these individuals,technical support) attests to having taken the annual PCI DSSSecurity Awareness Training, and being fully trained and apprised ofunit and university policies and procedures for handling credit cardtransactions. Submit to Cash Management a signed and datedattestation that this requirement was met.Charge sales tax where appropriate.When a Card is not Present (e.g., Telephone Payment or OrderForm)Obtain the expiration date for use in the authorization process.Obtain an authorization from the bank for every transaction.Retain a copy of the confirmation.Destroy the card number after process completion with a cross-cutshredder.Handling Transactions after the SaleBalance and transmit transactions to the bank daily, if using aterminal. Complete and submit an electronic journal as part of thebatch closing process.Keep copies of credit card receipts and journal/register tapes. Storethem as securely as you would any confidential information. After aretention period of six months, destroy them with a cross-cutshredder.11
Cornell Policy LibraryVolume: 3, FinancialManagementResponsible Executive:Executive Vice President andCFOResponsible Office: Office ofthe TreasurerOriginally Issued: January 2001Last Full Review: July 13, 2018Last Updated: April 22 2020POLICY 3.17Accepting Credit Cards to Conduct University BusinessRESPONSIBILITIES, ITHACA CAMPUS UNITS, continuedReconcile the monthly credit card statement with the general ledger(KFS) within 30 calendar days of the receipt of the statement.Respond to all disputed charges, in writing, within two business daysof the receipt of the notice.Process refunds according to this policy.Reconcile internal sales records to the Kuali Financial System (KFS).If Using Third-Party OutsourcingConsult with Procurement and Payment Services before signing aservice contract.Annually attach a Report on Compliance (ROC), validating PCI DSScompliance of any third-party provider with your completed SAQ.12
Cornell Policy LibraryVolume: 3, FinancialManagementResponsible Executive:Executive Vice President andCFOResponsible Office: Office ofthe TreasurerOriginally Issued: January 2001Last Full Review: July 13, 2018Last Updated: April 22 2020POLICY 3.17Accepting Credit Cards to Conduct University BusinessRESPONSIBILITIES, WEILL CORNELL CAMPUS UNITSThe following are the major responsibilities each party has in connection with this policy.IndividualRecord RetentionKeep copies of credit card receipts and related documents. Storethem as securely as you would any confidential information.Destroy records after six months.Send all supporting documents to Finance promptly.Disputed Charges and RefundsRespond to all disputed charges, in writing, within two business daysof the receipt of the notice.Process refunds according to this policy.Director of Security, Identity, &IT Business ContinuityMaintain security standards as required by this policy and ITS policy12.5 – PCI Policy.Keep current with PCI DSS regulations and make changes to tools,processes, and the ITS PCI policy, as appropriate.Assist with providing adequate training content for individualsprocessing credit card transactions.Consult, advise, and perform risk assessments pertaining to technicalPCI DSS issues or when onboarding new merchants.Assist with incident response, including activation of the Security &Privacy Incident Response Plan, as needed.UnitInstitute proper controls regarding who may process credit cardtransactions.Monitor adherence to this policy.Maintain a segregation of duties between employees who processcredit card transactions, those who reconcile daily batches, and thosewho post to the general ledger.Complete an annual PCI self-assessment questionnaire (SAQ). (SeeRelated Resources.)At Point of Sale, When a Card is PresentedCheck the signature on the card and compare it to that of the personpaying for the service or making the donation.Check the expiration date on the card to make certain that the card isvalid.Process the payment and obtain a confirmation (authorizationnumber) from the bank for every transaction.Accept credit cards only for purchases that are not prohibited (see theProhibited Credit Card Activities segment of this document).Post payments in a timely manner.At Point of Sale, When Only a Card Number is Provided(Telephone Payment)Process the payment and obtain a confirmation (authorizationnumber) from the bank for every transaction.Retain a copy of the confirmation.Post payments in a timely manner.Destroy any physical information after processing.When a Third Party Processes a PaymentObtain confirmation of the payment.Process the payments.13
Cornell Policy LibraryVolume: 3, FinancialManagementResponsible Executive:Executive Vice President andCFOResponsible Office: Office ofthe TreasurerOriginally Issued: January 2001Last Full Review: July 13, 2018Last Updated: April 22 2020POLICY 3.17Accepting Credit Cards to Conduct University BusinessPRINCIPLESIntroductionA university unit that sells goods or services may choose to accept credit cards fromits customers as a payment option. Credit cards may be accepted only for goods,services, non-degree course registration fees, and gifts to the university. Note: This policy does not cover third party vendors selling goods or services oncampus. For more information, see University Policy 4.3, Sales Activities on Campus.Prohibited CreditCard ActivitiesProhibited credit card activities include, but are not limited to: The disbursement of cash from the university, including cash advances andamounts over a sale amount, except for travel advances on corporate creditcards (for more information, see university policies 3.2 and 3.2.1, regardinguniversity travel). Adjusting the price of goods or services based on the method of payment(e.g., giving a discount to a customer for paying with cash).For more information, contact Cash Management (at Weill Cornell Medicine (WCM),contact the controller in the Finance Department).Overall responsibility for a unit’s credit card system rests with the unit’s seniorfinance officer. Caution: Your unit should not accept credit cards unless there is a valid businessneed. When considering accepting credit cards, contact Cash Management. Note: A unit that sells goods and services, irrespective of the method of payment,must evaluate whether the sale requires the collection of sales tax and/or thereporting of unrelated business income. Contact the University Tax Office, (or, atWCM, the Finance Department Compliance Office), for additional guidance.Credit Card AdvisoryGroup (C-CAG)The Credit Card Advisory Group (C-CAG) serves as a resource for campusstakeholders for identifying necessary compliance activities or technology solutionsand reviews and recommends updates to this and other policies related to credit cardpayment processing, in compliance with the latest laws and standards. C-CAG alsoadvises the executive vice president and chief financial officer and other leadershipstakeholders on PCI requirements, business needs, and compliance objectives.PCI DSS ComplianceThe credit card industry has developed technical and business standards that affectthe way in which credit card business is conducted, called “Payment Card IndustryData Security Standards” (PCI DSS) (www.pcisecuritystandards.org).Cornell has developed PCI-compliant procedures for every method of paymentprocessing at Cornell. Every entity engaged in processing credit card transactions14
Cornell Policy LibraryVolume: 3, FinancialManagementResponsible Executive:Executive Vice President andCFOResponsible Office: Office ofthe TreasurerOriginally Issued: January 2001Last Full Review: July 13, 2018Last Updated: April 22 2020POLICY 3.17Accepting Credit Cards to Conduct University BusinessPRINCIPLES, continuedmust comply with this structure. Prior to accepting credit cards, the unit mustconsult with Cash Management (at WCM, the Assistant Controller in the FinanceDepartment) to determine the most efficient and secure processing method thatmeets unit business needs within the centrally developed processing structure.Acceptable CreditCardsFor Ithaca campus units, please check the Treasurer’s website for information.In WCM units, the university currently accepts Visa, MasterCard, Discover, andAmerican Express. Caution: Units are prohibited from negotiating their own contracts with credit cardcompanies or third-party vendors. For more information, contact Cash Management(at WCM, contact the controller in the Finance Department).Security andTechnical StandardsAll processes, procedures, or technologies must meet the required security standardsoutlined in the “Payment Card Industry Data Security Standards” (PCI DSS). Prior
Apr 22, 2020 · Accepting Credit Cards to Conduct University Business DEFINITIONS, continued 8 executive vice president and chief financial officer on PCI requirements. Customer An individual or other entity that makes a payment to the university for goods or services. e-Commerce Business
Radiance Dental 19301 SE 34th St Ste 101 Camas, WA 98607 360-369-6420 Accepting New Patients Plans: SmartSmile (Accepting New) Super SmartSmile (Accepting New) . Bright Now! Dental 2101 NE 129th St Ste 101 Vancouver, WA 98686 360-574-4574 Language: Vietnamese Accepting New Patients Plans:
Accepting Credit Card Payments . Policy Statement Harvard University accepts credit cards as payment from external parties for certain goods, services, or gifts. Harvard mandates that all credit card-accepting local units, called “merchants,” do the following: 1. For one-time sales, use the Universi
uate the quality of grain damaged by rodents with respect to nutritional value, infection by moulds and aflatoxin contamination. 2 Materials and methods 2.1 Study area The study was conducted in Mwarakaya ward (03 49.17́'S; 039 41.498′E) located in Kilifi-south sub-county, in the low landtropical(LLT)zoneofKenya.Thisstudy site wasselect-
University Policy 3.14, Business Expenses University Policy 3.19, Telephone Usage University Policy 4.8, Alcohol and Other Drugs University Policy 6.2.1, Leaves for Professors and Academic Staff University Policy 6.5, University Volunteers University Policy 6.13, Disability Accommodation Process for Faculty and Staff
Toys and Technology Policy Science Policy End of Day Policy Substitute Policy Sick Policy Co-Op Closure Policy Events Outside of Co-op Volunteer Responsibilities Cooperative Policy Age group Coordinator . 3 Lead & Co-Teaching Policy Co-Teaching Policy Class Assistant
address-family ipv6 unicast network . 2001:468::/48 route-policy EX1 redistribute connected route-policy EX2 neighbor 2001:db8::1 route-policy EXAMPLE1 in route-policy EXAMPLE2 out vrf FOO address-family ipv6 unicast import route-policy EXAMPLE1 export route-policy EXAMPLE2 Single-policy at attachment point Attach a policy at:
April 2018 Name of Policy Child protection and Safeguarding Policy, Education Scotland – Inclusion and Equality Description of Policy Policy Number Policy Status New Revision of Existing Policy Withdrawal of Policy Scottish Government Adopted Author Monica McGeever, Lead Officer Safeguarding Owner and business area Inclusion and Equality
The NHS coronavirus action plan (issued on 3 March 2020), makes clear that ‘at all phases of a future pandemic, the NHS/HSCNI and local authorities have plans in place to ensure people receive the essential care and support services they need – and sometimes this might mean that other services are reduced temporarily’. It also states that as the disease moves into different phases ‘the .
