The University supports the acceptance of credit cards as payment for goods and services to improve customer service, bring efficiencies to cash collection processes, and increase sales volume of certain types of transactions. Credit card payment is not allowed for any student tuition and fees.
Processing Payment Cards
Brown University departments must request approval from Financial Services to accept credit card payments by completing a Credit Card Merchant Request Form. If approved, implementation of this process may take 60 days or longer. Fees associated with the acceptance of credit cards will be charged to the department's budget. Under no circumstances should a department contact a credit card servicer directly or begin accepting credit cards without prior approval by Financial Services.
All individuals authorized to accept credit card payments must securely process, store and dispose of credit card data (paper and electronic media) according to Payment Card Industry Data Security Standards (PCI-DSS).
The Commerce Committee is a standing committee comprised of representatives from Finance and Administrative Services, Office of Information Technology, and Internal Audit Services.
The Commerce Committee performs the following functions:
- Establish requirements for commerce approval;
- Review of requests for commerce presence;
- Provide advice to Senior Officers on commerce policy, process, vendors, dissemniation/publication of commerce information, and commerce matters in general; and
- Evaluate and exercise due diligence of vendor relationships, including monitoring service providers' PCI DSS compliance on an annual basis.
Implementing Payment Card Processing
- Review University Policy on Accepting and Handling Credit Cards to Conduct University Business.
- Complete a Credit Card Merchant Request Form. Please allow 10 business days for processing.
- Financial Services will contact you regarding your request. If your request is approved, a new merchant account number will be requested and assigned to your department.
- Training will be provided by Financial Services if using the TouchNet system. Training is required for all individuals in need of access to TouchNet. PCI Compliance training is required for all individuals handling credit card payments.
- Implementation may take up to 90 days.
- Email questions to [email protected].
Departments looking to utilize an online commerce site for the purpose of ticket sales, registrations, and other types of products, that are a single-use or one-time event, may be able to utilize the Financial Services Merchant.
This option is for departments or groups looking to offer online commerce or in-person payment for events/services/products that are not ongoing/recurring. For Departments or areas that will need long term online commerce options, please contact [email protected]
Features of TouchNet Stores for Online Commerce:
- Card payment option that is University approved and compliant; other methods for collection of payment must be approved in advance by the Commerce Committee and meet the University Policy on Accepting and Handling Credit Cards to Conduct University Business
- Collect information in the form of modifiers for registration type events, such as: name, email, selection of sessions, meal type, special accommodations, affiliations, etc.
- Offer different registration types like student/professional or options like size and color for physical products as well as different fee models depending on the type or options selected.
- Ability to apply discounts or special codes.
- Reporting by transaction available that includes all information collected during the purchase.
Departments should contact Financial Services at [email protected] before completing the below form to discuss their needs and make sure this solution will work for their use case.
Complete a Brown TouchNet Commerce Site Request to initiate site setup. Please allow approximately 3 weeks for site development.
Revenue collected will be credited to the Cost Center provided to us when you complete the form. Credit card fees will also be charged to the Cost Center monthly.
Payment Card Security Incident Response Procedures
The PCI Payment Card Security Incident Response Plan supplements the Policy on Accepting and Handling Payment Cards.
An incident is defined as a suspected or confirmed data compromise in which there is a potential to impact the confidentiality or integrity of payment card data. A data compromise is any situation where there has been unauthorized access to a system or network where prohibited, confidential or restricted payment card data is collected, processed, stored or transmitted; payment card data is prohibited data.
In the event of a suspected or confirmed incident:
- Call the Brown University Help Desk at 401-863-4357
- Do not access or alter compromised systems
- Do not turn off the compromised machine - unplug the network cable
- Refer to Payment Card Security Incident Response Plan for further instruction