The University supports the acceptance of credit cards as payment for goods and services to improve customer service, bring efficiencies to cash collection processes, and increase sales volume of certain types of transactions. Credit card payment is not allowed for any student tuition and fees.
Processing Payment Cards
Brown University departments must request approval from Financial Services to accept credit card payments by completing a Credit Card Merchant Request Form. If approved, implementation of this process may take up to 60 days. Fees associated with the acceptance of credit cards will be charged to the department's budget. Under no circumstances should a department contact a credit card servicer directly or begin accepting credit cards without prior approval by Financial Services.
All individuals authorized to accept credit card payments must securely process, store and dispose of credit card data (paper and electronic media) according to Payment Card Industry Data Security Standards (PCI-DSS).
Implementing Payment Card Processing
- Review University Policy on Accepting and Handling Credit Cards to Conduct University Business.
- Complete a Credit Card Merchant Request Form. Please allow 10 business days for processing.
- Financial Services will contact you regarding your request. If your request is approved, a new merchant account number will be requested and assigned to your department.
- If you are requesting an e-commerce site, complete an E-Commerce Discovery Questionnaire.
- Training will be provided by Financial Services. Training is required for all individuals in need of access to TouchNet. PCI Compliance training is required for all individuals handling credit card payments.
- Implementation may take up to 90 days.
- Email questions to email@example.com.
Payment Card Security Incident Response Procedures
The PCI Payment Card Security Incident Response Plan supplements the Policy on Accepting and Handling Payment Cards.
An incident is defined as a suspected or confirmed data compromise in which there is a potential to impact the confidentiality or integrity of payment card data. A data compromise is any situation where there has been unauthorized access to a system or network where prohibited, confidential or restricted payment card data is collected, processed, stored or transmitted; payment card data is prohibited data.
In the event of a suspected or confirmed incident:
- Call the Brown University Help Desk at 401-863-4357
- Do not access or alter compromised systems
- Do not turn off the compromised machine - unplug the network cable
- Refer to Payment Card Security Incident Response Plan for further instruction