Merchant Contact Responsibilities
The merchant contact is responsible for the following items:
- Serve as department merchant activities coordinator and as point person for the Treasurer's Office.
- Serve as the person who completes the annual self-assessment questionnaire for PCI (Payment Card Industry) compliance through the3rd party company, Trustwave and ensures PCI compliance at all times.
- Successful completion of UM My LINC Merchant Certification TME102 Course annually by
- all applicable staff
- new and existing staff who are authorized to process credit cards or refunds
- any staff who do not process credit cards but come into contact with credit card data (i.e., full 16 digits of credit cards). For example, a person who opens the mail where credit card data is present.
- Read and follow the SPG policies and Merchant policies (e.g. Merchant Services Policy Document) which govern credit card activities. Review annually.
- Prepare (and update when necessary) departmental Internal Controls Written Procedures which also includes:
- Segregation of Duties
- Review of Daily Transaction Activity
- Controlled Access to Resources
- Annually complete the Internal Controls Gap Analysis.
- Train all departmental staff on processing credit card transactions and refunds if applicable.
- Update the "Authorized Users" in the Merchant Information page of MPathway's Financial & Physical Resources System (FINPROD) whenever authorized user staff changes. An authorized user is anyone who handles cardholder data (i.e. the full '16 digit' credit card number) or issues credit card refunds. You will receive an ITS email when you have been granted this MPathway’s access. Updating Authorized Users instructions are listed on the lower portion of this web page.
- Update the merchant contact and Merchant Policy document signers with personnel changes.
- Always contact firstname.lastname@example.org if you suspect or locate a credit card data loss/breach.
For merchants who utilize credit card terminals
- Maintain a list of your terminal make(s), model(s), serial number(s), and location(s).
- List must be updated when terminal is replaced or relocated. The serial number is located on the underside of the terminal.
- Terminal data is maintained in MPathways - FINPROD. Required list can be verified here and printed instead of manually creating a list. FINPROD descrepancies are reported to email@example.com.
- Ensure that all staff processing credit cards be trained on "terminal tampering."
- Inform staff that only Treasury Office staff can repair or replace terminals.