• Home
• Treasury Operations
• e-Commerce

e-Commerce

Treasury Operations acts as technical administrator for merchant card (card payment) locations and online event registration sites. This department is responsible for ensuring that the University as a whole is compliant with the PCI DSS (Payment Card Industry – Data Security Standards) and is committed to protecting cardholder data as well as other sensitive payment information. Treasury Operations is charged with moving the University toward electronic payments and receipts, while engaging teams and resources University-wide to help make PCI DSS compliance business-as-usual.

Getting Started with Merchant Card Processing

Prior to applying for a merchant card account to start receiving credit card payments, you must first read the following:

• Merchant Card Policy
• Merchant Card Processing Procedures
• Credit Card Security (PCI DSS Compliance)
  • PCI DSS Security Awareness Education
• Merchant Card Processing Request Form (EDITABLE – with Processing Procedures and SoD Matrix)
• Merchant Guide - Payment Solutions

To apply, download the Merchant Card Processing Request Form from the Quick Links section below.

Approvals are granted based on a department's ability to demonstrate:

• Business case strength
• Robustness of the business processes and procedures to ensure duty segregation, accuracy in daily balancing and reconciling transactions and timely creation of deposits (CRTs), monthly tie out of transactions against budget statements
• Presence of security policies geared towards the protection of cardholder data

If all the above have been met and vetted satisfactorily, and revisions are not needed, the timeline for approval still varies widely based upon many factors; especially significant would be the PCI Compliance/Validation and specific PCI contract readiness of any primary and nested TPSPs (Third Party Service Providers) selected to be involved in the Merchant's card processing solution. Typically, any process involving a TPSP may take many months, and may extend over a period of years. As TPSPs make greater efforts to be at the ready with PCI complaint, validated and scope-reducing solutions, this timeline may shrink. Thus, properly evaluating and then engaging with TPSPs that already have well developed PCI Compliance and validation efforts behind their solutions is always the first, and best, measure. Please visit the Credit Card Security (PCI DSS Compliance) page for more information.

Please contact us at ccard@northwestern.edu as you first begin the TPSP evaluation process and if you need assistance completing an application. If you require a terminal or terminals for short term use only, you can rent the required equipment by clicking on Terminal Rentals in Quick Links.

Quick Links

• Merchant Card Processing Request Form (EDITABLE – with Processing Procedures and SoD Matrix)

For any questions concerning the merchant card program and PCI Compliance, please contact us via email at ccard@northwestern.edu.

Online Event Registration

For online event registration questions, visit Online Event Registration.