Campus Merchant Departments

Merchant Department Responsibilities

Binghamton University must comply with the PCI DSS in order to be authorized by the card brands (VISA, MasterCard, Discover, and American Express) to continue accepting credit cards as form of payment. Maintaining compliance is challenging for a rapidly growing, complex, decentralized organization like BU.

Each merchant account brings additional responsibilities for safeguarding sensitive data and compliance documentation is complicated with the various methods and systems in which BU merchants accept and process payments. Achieving and maintaining compliance requires a collaborative effort between Revenue Accounting, ITS, and all merchant departments across campus.

• PCI DSS Guidelines for Merchant Departments
• Merchant Request to Accept Credit Card Payments

Merchant Responsibilities

• Assign a PCI coordinator to structure and maintain PCI compliance as it relates to your merchant account. The PCI coordinator will work closely with Revenue Accounting and ITS to establish and maintain compliance.
• Determine the appropriate access to the cardholder data environment and to any systems with access to cardholder data based on "need to know" and define procedures for authorizing, maintaining and decommissioning that access.
• Define the roles and responsibilities of all employees, volunteers, and students as it pertains to the PCI DSS and ensure that all individuals participate annually in PCI DSS training.
• Establish appropriate business procedures for storing, transmitting and processing credit card data in your area(s) via electronic systems and/or paper forms.
• Keep merchant business procedures, staff training log and acknowledgement, Attestations of Compliance, PCI DSS contract language excerpts, visitor logs, swipe terminal inventory and inspection log, and any other required information up-to-date in the PCI DSS Documentation shared folder.
• Keep current with required technology upgrades so hardware and software are kept in compliance with the evolving life cycle of the PCI DSS.
• Seek opportunities to reduce PCI risk and PCI scope for your merchant account.