The following information is an overview of the credit/debit card standards and requirements described in the University of Maine System’s Administrative Practice Letter (APL), “Credit/Debit Card Standards,” with additional information specific to the University of Maine. The APL “establishes procedures and requirements for University of Maine System (UMS) departments accepting payments by credit/debit card…and applies to all departments, individuals, and entities…involved in acceptance of credit/debit card payments on behalf of the UMS.” Click here to view the APL in its entirety (PDF).
The Payment Card Industry (PCI) Security Standards Council has a very thorough standard in place to ensure that merchants safeguard cardholder information. This is known as the Payment Card Industry Data Security Standard (PCI DSS). Click here for a copy of the PCI DSS and other related information.
In order to continue processing credit card payments using a personal computer, you must comply with the following requirements.
You must access the on-line site via a computer that is isolated in a single location and not connected to other locations or systems. This means you will need:
In addition, all departments accepting credit cards must comply with the following security procedures relating to the handling of cardholder data. Cardholder data consists of, at a minimum, the personal account number (PAN). Cardholder data may also be in the form of the PAN plus any of the following: cardholder name, expiration date, and/or card verification value (CVV).
In order to continue to enter credit card payments on-line, you must follow the University of Maine Procedures for PCI DSS Virtual Terminal Compliance
Those departments that elect to continue to manually process credit card transactions via a virtual terminal as identified above must complete the following tasks to properly comply with the terms in this message:
Department must register the computer with UMaine IT (Andy Moody-207-581-1592) by providing the following:
Failure to comply with the terms of this registration can result in disconnection of the PC from the campus network.
Alternative Processing Procedure:
If you no longer wish to enter credit card donations directly, please submit them to the Gift Processing Office in Alumni Hall, along with a Credit Card Gift Submittal Form, available on the Gift Processing web site.
In addition, you must comply with the security procedures listed above relating to the handling of cardholder data. Credit card donation information cannot be sent through campus mail and must be hand delivered.