The preferred e-Commerce implementation is through the University web payment gateway (IPAY), together with CASHNet’s eMarket storefront or checkout. The department is responsible for developing an interface to the IPAY gateway based on standards specified by the UFIT liaison of the E-Commerce Committee. Any exception to this practice must be approved by the University Controller’s Office.
Credit card merchants at the University of Florida are required to follow strict procedures to protect customers’ payment card data and attest compliance with the Payment Card Industry Data Security Standards (PCI DSS). Also, an appropriate integration with the University’s financial and other systems needs to be ensured.
All University departments whose personnel store, process or transmit cardholder information. This also applies to units that outsource the processing of payment card information to third party vendors.
The process to set up an e-Commerce account takes approximately 1-2 months.
Contact Merchant Services to discuss the needs of the department/unit and, if needed, to select a service provider that is both University and PCI approved.
View service providers at https://usa.visa.com/splisting/splistingindex.html.
After all prerequisites have been completed:
The E-Commerce Committee reviews all applications involving credit card sales over the Internet. The Committee may include representatives from Finance and Accounting, Auxiliary Accounting and Educational Business Activities Enterprise Review Committee, the webmaster, UFIT, and UFIT Security.
Applications are reviewed for:
If an exception to an IPAY or CASHNet implementation is requested, the merchant must provide proof that the alternate e-Commerce vendor is certified PCI-compliant and ensure that the department and its vendor comply with all relevant provisions of the University of Florida Information Technology Directives, Security Policy, and the UF Standards on Credit Cards.
All third-party service providers under contract with the University of Florida must be PCI DSS compliant. Departments who contract with third-party service providers must maintain a list that documents their service providers and:
This also applies if the merchants’ e-Commerce website does not receive cardholder data but controls how consumers/their cardholder data are redirected to a PDI DSS validated third-party payment processor
Any significant changes to current processes planned by currently active e-Commerce merchants must be reviewed and approved by the E-Commerce Committee prior to implementation. Such changes include (but are not limited to):
Proposed changes should be submitted to Merchant Services for review by the University Controller’s Office.
Please contact your applicable third-party provider involved with your e-Commerce implementation to inquire about set up, transaction, and any other recurring fees.
Do NOT:
It is perfectly acceptable/encouraged for students and customers to make online payments from their personal devices.
Deposits – Recording Credit Card Settlements
PCI Security Standards Council
TRM125 – Payment Card Security Awareness Training
Banking & Merchant Services: (352) 392-9057
Treasury-creditcards@ad.ufl.edu
UF-Credit-Card-Merchant-Policy