Skip to content

    Pages for:

  • Faculty
  • Staff
  • Students
Cornell University
Cornell University
Office of the Treasurer
  • About
    • Contact
    • Events
    • News
  • Cash Management
    • Processing International Funds
      • Int’l Currency Conversion
      • International Exchange Rates
    • Processing Credit Cards
      • Getting Set Up
        • Requirements
        • Setting Up a New Merchant ID
        • Changing Your Merchant Setup
        • Choosing a Processing Option
        • Reporting Tools
      • FreedomPay Support, Guides and Forms
    • Processing Cash and Checks
      • Armored Car Service
      • Cash Deposits
      • Lockbox Processing
      • Remote Deposit Capture
      • Spotting Counterfeit Currency
      • Spotting Forged Checks
    • Processing Wires and ACH Payments
    • Paying Vendors by Wire, ACH, or Draft
    • Unidentified Receipts
    • Policies and Training
    • Forms
  • Debt
    • Investor Relations
      • Bonds, Mortgages, Notes Payable
      • Bond Offering Circulars
      • CU Debt Rating
      • Continuing Disclosure Information
      • Green Bonds
    • Internal Debt
      • Internal Borrowing Guidelines
      • Internal Borrowing Rate
      • Loan Program for Captial Projects
    • Private Use Compliance
      • Private Use Policy and Guidelines
      • Private Use Template: Cornell Staff Resource
      • Buildings Funded with Tax-Exempt Debt
  • forms
  • CU policies
  • training
  • KFS Support
  • e-SHOP

In this section

  • Processing International Funds
    • Int’l Currency Conversion
    • International Exchange Rates
  • Processing Credit Cards
    • Getting Set Up
      • Requirements
      • Setting Up a New Merchant ID
      • Changing Your Merchant Setup
      • Choosing a Processing Option
      • Reporting Tools
    • FreedomPay Support, Guides and Forms
  • Processing Cash and Checks
    • Armored Car Service
    • Cash Deposits
    • Lockbox Processing
    • Remote Deposit Capture
    • Spotting Counterfeit Currency
    • Spotting Forged Checks
  • Processing Wires and ACH Payments
  • Paying Vendors by Wire, ACH, or Draft
  • Unidentified Receipts
  • Policies and Training
  • Forms

Requirements

Several requirements must be fulfilled when handling credit card payments at Cornell: Cornell's requirements and PCI DSS requirements, outlined below.

Cornell Requirements

Direct questions about credit card equipment, reconciliations, etc. to Cornell Credit Card Payment Processing. Direct questions about PCI compliance to PCI Help.

  • All device-based processing must occur through a validated point-to-point (P2PE) solution offered by Arrow Payments. See Getting Set Up for more information.
  • All eCommerce transactions must be fully outsourced to a third-party platform.
  • Any employee who processes cards or accesses systems that contain data pertaining to credit card transactions must take the annual PCI compliance training (CASH 200 in CU Learn) upon hire and on an annual basis thereafter.
    • Anyone who supervises these employees must also take the training.

PCI DSS Requirements

Version 4.0 of the PCI DSS has recently been released and will take full effect in March 2024.
More information about v. 4.0, access these documents, which open in Cornell Box (a Cornell NetID login is required):
  • PCI DSS Summary of Changes v3.2.1 to v4.0
  • PCI DSS v4.0 At a Glance
  • PCI DSS v4.0

The core of the Payment Card Industry Data Security Standard (PCI DSS) is a group of principles and accompanying requirements, around which the specific elements of the data security standards are organized. These 12 comprehensive standards, developed by the PCI Security Standards Council, are intended to help organizations proactively protect customer account data.

 

Build and Maintain a Secure Network and Systems

  • Requirement 1: Install and maintain network security controls.
  • Requirement 2: Apply secure configurations to all system components.

Protect Account Data

  • Requirement 3: Protect stored cardholder data.
  • Requirement 4: Protect cardholder data with strong cryptography during transmissions over open, public networks.

Maintain a Vulnerability Management Program

  • Requirement 5: Protect all systems and networks from malicious software.
  • Requirement 6: Develop and maintain secure systems and software.

Implement Strong Access Control Measures

  • Requirement 7: Restrict access to system components and cardholder data by business need-to-know.
  • Requirement 8: Identify users and authenticate access to system components.
  • Requirement 9: Restrict physical access to cardholder data.

Regularly Monitor and Test Networks

  • Requirement 10: Log and monitor all access to system components and cardholder data.
  • Requirement 11: Test security of systems and networks regularly.

Maintain an Information Security Policy

  • Requirement 12: Support information security with organizational policies and programs.

Office of the Treasurer

260 Day Hall
Ithaca, NY 14853

CONTACT US

Email:  treasurer@cornell.edu
Wires/Payments: cashmanagement@cornell.edu
Hours: 8:00 a.m. - 5:00 p.m., Monday - Friday

 

  • CUInfo
  • Executive Vice President and CFO
  • University Audit Office
  • Office of University Investments
  • Division of Budget and Planning
  • Risk Management and Insurance
  • Cornell University Policy Office
  • Alliance for Diversity and Inclusion
  • Cornell United Way
  • Campus Alerts
  • COVID-19 Response

©2022 Cornell University

Web Accessibility Assistance