Skip to content

    Pages for:

  • Faculty
  • Staff
  • Students
Cornell University
Cornell University
Office of the Treasurer
  • About
    • Contact
    • Events
    • News
  • Cash Management
    • Processing International Funds
      • Int’l Currency Conversion
      • International Exchange Rates
    • Processing Credit Cards
      • Getting Set Up
        • Requirements
        • Setting Up a New Merchant ID
        • Changing Your Merchant Setup
        • Choosing a Processing Option
        • Reporting Tools
      • FreedomPay Support, Guides and Forms
    • Processing Cash and Checks
      • Armored Car Service
      • Cash Deposits
      • Lockbox Processing
      • Remote Deposit Capture
      • Spotting Counterfeit Currency
      • Spotting Forged Checks
    • Processing Wires and ACH Payments
    • Paying Vendors by Wire, ACH, or Draft
    • Unidentified Receipts
    • Policies and Training
    • Forms
  • Debt
    • Investor Relations
      • Bonds, Mortgages, Notes Payable
      • Bond Offering Circulars
      • CU Debt Rating
      • Continuing Disclosure Information
      • Green Bonds
    • Internal Debt
      • Internal Borrowing Guidelines
      • Internal Borrowing Rate
      • Loan Program for Captial Projects
    • Private Use Compliance
      • Private Use Policy and Guidelines
      • Private Use Template: Cornell Staff Resource
      • Buildings Funded with Tax-Exempt Debt
  • forms
  • CU policies
  • training
  • KFS Support
  • e-SHOP

In this section

  • Processing International Funds
    • Int’l Currency Conversion
    • International Exchange Rates
  • Processing Credit Cards
    • Getting Set Up
      • Requirements
      • Setting Up a New Merchant ID
      • Changing Your Merchant Setup
      • Choosing a Processing Option
      • Reporting Tools
    • FreedomPay Support, Guides and Forms
  • Processing Cash and Checks
    • Armored Car Service
    • Cash Deposits
    • Lockbox Processing
    • Remote Deposit Capture
    • Spotting Counterfeit Currency
    • Spotting Forged Checks
  • Processing Wires and ACH Payments
  • Paying Vendors by Wire, ACH, or Draft
  • Unidentified Receipts
  • Policies and Training
  • Forms

Processing Credit Cards

The university supports the acceptance of credit cards as payment for goods and services to improve customer service, bring efficiencies to Cornell’s cash collection process, and increase the sales volume of certain types of transactions. In addition, the university must support unit compliance with industry standards governing credit card transaction processing, specifically Payment Card Industry Data Security Standard (PCI DSS).

All units must familiarize themselves with and adhere to the procedures set forth in Cornell university policies 3.17 Accepting Credit Cards to Conduct University Business and 5.4.2, Reporting Security Incidents, the university's PCI Incident Response Plan (PDF, 642 KB) and the PCI DSS requirements.

Processing through PayPal: Do not set up a PayPal account on your own! It must be opened with help from the Office of the Treasurer. Merchants who process a limited number of credit card transactions per year may choose to open a PayPal account to accept payments. Before you do so, contact Cornell PayPal Administration with estimates of the number of transactions you will process and the amount of annual revenue you expect to receive through this method.

Unit Requirements for Accepting Credit Cards to Conduct University Business

  • Contact Cornell Credit Card Payment Processing to establish a merchant ID (MID) and begin the setup process
  • Contact Cornell Credit Card Payment Processing to make changes to a merchant setup
  • Perform quarterly scans for IP-enabled processes
  • Complete an annual Self Assessment Questionnaire (SAQ). You may need to complete more than one SAQ, depending on the credit card environment.
  • Complete annual training for all staff members handling credit card data
  • Obtain an annual Attestation of Compliance when using a third-party vendor
  • Create and maintain business process and technical documentation for credit card processing

What is the Payment Card Industry Data Security Standard (PCI DSS)?

The Payment Card Industry Data Security Standard (PCI DSS) is a multifaceted security standard that include requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. The comprehensive standard is intended to help organizations proactively protect customer account data by providing a 12-requirement structure for securing cardholder data that is stored, processed and/or processed and/or transmitted by merchants and other organizations. The standard was developed by the PCI Security Standards Council, a global organization founded by the five major credit card companies with the intent of producing, maintaining, and educating merchants on standard practices and procedures to transact credit card business securely.

Non-Compliance Risks

For the University

At worst, Cornell may be prohibited from accepting credit cards as payment.

For the Merchant

The financial repercussions of non-compliance can be significant, especially in the event of a breach, and can have a domino effect on your business. Merchants who are compromised or found not to be in compliance risk incurring a number of fiscal and intangible costs, including, but not limited to, the following:

  • Paying...
    • to provide credit watch services to affected customers
    • a call center to assist compromised customers with questions or concerns about the breach of information
    • to notify all customers that are potentially at risk of having their credit card information compromised/stolen
    • a firm to annually audit Cornell's credit card environment, which is required for companies who have suffered a breach
    • fines levied by the credit card issuers and/or the acquiring entity
  • Having money held in escrow against future incursions
  • Recovering from damage to the company's brand
  • Losing the confidence of and good relations with customers, donors, parents, and students

For the Cardholder (your customer)

Customers can endure significant consequences when merchants fail to comply with accepted standards, including, but not limited to, the following:

  • Having their account blocked during reissuance process
  • Having their identity stolen, which may lead to significant financial losses

Office of the Treasurer

260 Day Hall
Ithaca, NY 14853

CONTACT US

Email:  treasurer@cornell.edu
Wires/Payments: cashmanagement@cornell.edu
Hours: 8:00 a.m. - 5:00 p.m., Monday - Friday

 

  • CUInfo
  • Executive Vice President and CFO
  • University Audit Office
  • Office of University Investments
  • Division of Budget and Planning
  • Risk Management and Insurance
  • Cornell University Policy Office
  • Alliance for Diversity and Inclusion
  • Cornell United Way
  • Campus Alerts
  • COVID-19 Response

©2022 Cornell University

Web Accessibility Assistance