Skip to content

    Pages for:

  • Faculty
  • Staff
  • Students
Cornell University
Cornell University
Office of the Treasurer
  • About
    • Contact
    • Events
    • News
  • Cash Management
    • Processing International Funds
      • Int’l Currency Conversion
      • International Exchange Rates
    • Processing Credit Cards
      • Getting Set Up
        • Requirements
        • Setting Up a New Merchant ID
        • Changing Your Merchant Setup
        • Choosing a Processing Option
        • Merchant IDs and KFS Accounts
        • Reporting Tools
      • PCI Compliance
        • Data Storage Requirements
        • Network Requirements
        • Data Compromise Management
        • Annual PCI Requirements
          • Security Awareness Education
        • Glossary
        • Contacts
      • FreedomPay Support, Guides and Forms
    • Processing Cash and Checks
      • Armored Car Service
      • Lockbox Processing
      • Remote Deposit Capture
      • Spotting Counterfeit Currency
      • Spotting Forged Checks
    • Processing Wires and ACH Payments
    • Paying Vendors by Wire, ACH, or Draft
    • Unidentified Receipts
    • Policies and Training
    • Forms
  • Debt
    • Investor Relations
      • Bond Financing Disclosure
      • CU Debt Rating
      • Bonds, Mortgages, Notes Payable
      • Bond Offering Circulars
    • Internal Debt
      • Internal Borrowing Guidelines
      • Internal Borrowing Rate
      • Loan Program for Captial Projects
    • Private Use Compliance
      • Private Use Policy and Guidelines
      • Private Use Questionnaires
      • Buildings Funded with Tax-Exempt Debt
  • forms
  • CU policies
  • training
  • KFS Support
  • e-SHOP

In this section

  • Processing International Funds
    • Int’l Currency Conversion
    • International Exchange Rates
  • Processing Credit Cards
    • Getting Set Up
      • Requirements
      • Setting Up a New Merchant ID
      • Changing Your Merchant Setup
      • Choosing a Processing Option
      • Merchant IDs and KFS Accounts
      • Reporting Tools
    • PCI Compliance
      • Data Storage Requirements
      • Network Requirements
      • Data Compromise Management
      • Annual PCI Requirements
        • Security Awareness Education
      • Glossary
      • Contacts
    • FreedomPay Support, Guides and Forms
  • Processing Cash and Checks
    • Armored Car Service
    • Lockbox Processing
    • Remote Deposit Capture
    • Spotting Counterfeit Currency
    • Spotting Forged Checks
  • Processing Wires and ACH Payments
  • Paying Vendors by Wire, ACH, or Draft
  • Unidentified Receipts
  • Policies and Training
  • Forms

Processing Credit Cards

The university supports the acceptance of credit cards as payment for goods and services to improve customer service, bring efficiencies to Cornell’s cash collection process, and increase the sales volume of certain types of transactions. In addition, the university must support unit compliance with industry standards governing credit card transaction processing, specifically Payment Card Industry Data Security Standards (PCI DSS).

All units must familiarize themselves with and adhere to the procedures set forth in Cornell University Policy 3.17 Accepting Credit Cards to Conduct University Business, the university's PCI Incident Response Plan (PDF, 642 KB) and the PCI DSS requirements.

Unit Requirements for Accepting Credit Cards to Conduct University Business

  • Contact Cash Management to establish a merchant ID (MID) and begin the setup process
  • Contact Cash Management to make changes to a merchant setup
  • Perform quarterly scans for IP-enabled processes
  • Complete an annual Self Assessment Questionnaire (SAQ)
  • Complete annual training for all staff members handling credit card data
  • Submit an annual Report on Compliance when using a third-party vendor
  • Create and maintain business process and technical documentation for credit card processing

What are Payment Card Industry Data Security Standards (PCI DSS)?

The Payment Card Industry Data Security Standards (PCI DSS) are multifaceted security standards that include requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. These comprehensive standards are intended to help organizations proactively protect customer account data by providing a 12-requirement structure for securing cardholder data that is stored, processed and/or processed and/or transmitted by merchants and other organizations. These standards were developed by the PCI Security Standards Council, a global organization founded by the five major credit card companies with the intent of producing, maintaining, and educating merchants on standard practices and procedures to transact credit card business securely.

Non-Compliance Risks

For the University

Cornell’s merchant status would be revoked by the acquirer, a mandate from the card issuers.

For the Merchant

The financial repercussions of non-compliance can be significant, especially in the event of a breach, and can have a domino effect on your business. Merchants who are compromised or found not to be in compliance risk incurring a number of fiscal and intangible costs, including, but not limited to, the following:

  • Paying...
    • to provide credit watch services to affected customers
    • a call center to assist compromised customers with questions or concerns about the breach of information
    • to notify all customers that are potentially at risk of having their credit card information compromised/stolen
    • a firm to perform a forensic exam, which can stall operations
    • fines levied by the credit card issuers and/or the acquiring entity
  • Having money held in escrow against future incursions
  • Recovering from damage to the company's brand
  • Losing the confidence of and good relations with customers, donors, parents, and students

For the Cardholder (your customer)

Customers can endure significant consequences when merchants fail to comply with accepted standards, including, but not limited to, the following:

  • Having his or her account blocked during reissuance process
  • Having his or her identity stolen

Office of the Treasurer

395 Pine Tree Road, Suite 330
Ithaca, NY 14850

CONTACT US

Email:  treasurer@cornell.edu
Phone: (607) 254-1590
Hours: 8:00 a.m. - 5:00 p.m., Monday - Friday

 

  • Site Feedback
  • CUInfo
  • Executive Vice President and CFO
  • University Audit Office
  • Office of University Investments
  • Division of Budget and Planning
  • Risk Management and Insurance
  • Alliance for Diversity and Inclusion
  • Cornell United Way
  • Campus Alerts

©2019 Cornell University

Web Accessibility Assistance