Credit Card Processing

Departments of the University of Georgia, if approved, may accept credit/debit card for payment of services rendered and goods sold. Each unit's needs will determine what cards (American Express, Discover, MasterCard, and Visa) are accepted for payment.

Any authorized University unit wishing to accept credit/debit cards as a form of payment should contact Bursar and Treasury Services. You will be required to complete a Merchant Application for approval. If you are considering using a 3rd party vendor or 3rd party software application, you must complete the 3rd Party Vendor Application as well. Approval should be granted prior to signing any agreements or purchasing such software.

Once a unit is authorized to accept credit/debit cards, the unit will follow routine procedures to submit a Web Departmental Deposit form to the Bursar and Treasury Services so that the sales revenue can be recorded in the University Accounting System. The accepting unit must also transmit their sales electronically to the bank's processing center on a daily basis. Web Departmental Deposits should be submitted daily, with the exception of weekends and UGA observed holidays.

As a result of credit card breaches, the credit card industry has formed a council called the Payment Card Industry Council. This PCI Council has developed Data Security Standards (DSS) to assure customers that their brands, and using credit cards, are reliable and secure. These standards include controls for handling and restricting credit card information, computer and Internet security, and reporting of a breach of credit card information. These standards are mandated by the industry in order for a merchant to accept credit card payments.

To comply with the Data Security Standards, University of Georgia has contracted with a third party company, CampusGuard. All approved merchants must register with CampusGuard when issued an account. Using the third party assessor site, each department will complete a PCI Self-Assessment Questionnaire (SAQ) on an annual basis and will be required to review and close a quarterly network vulnerability scan. Quarterly scans need to be satisfied and closed before the next scan is completed.

Should you find yourself not in compliance with the approved credit/debit card policy and procedure, you will need to complete a Request for Exception. All merchants are expected to be in compliance with the approved credit/debit card policy and procedures.