Payment Card Services Policy
Policy 503.8
Introduction
1. Appalachian State University requires that campus units be formally authorized to accept payment cards based on their compliance with this policy and related standards.
Scope
2. This policy is binding and applies to all Appalachian State University employees and service providers who transmit or process payment card transactions.
Definitions
Payment Card
- A card that can be used to make a payment for a purchase or in payment of some other obligation.
Customer
- An individual or other entity that makes a payment to the University for goods or services.
ITS
- Means the University’s Information Technology Services.
Merchant
- A campus unit that accepts payment cards as a method of payment.
NCOSC
- Means North Carolina Office of State Controller.
Payment Card Services
- Services that enable a Merchant to accept a transaction payment by use of a customer's payment card.
Payment Card Industry Data Security Standard (PCI DSS)
- A proprietary information security standard developed by the PCI Security Standards Council for organizations that handle cardholder information for the major debit, credit, prepaid, epurse, ATM, and POS cards.
Merchant ID (MID)
- An account established for a campus unit to credit sales amounts and debit processing fees.
Service Providers
- Companies that provide services to campus merchants or other services providers that control or could impact the security of cardholder data.
Primary Account Number
- Payment card number (credit or debit) that identifies the issuer and the particular cardholder account.
Cardholder Data
- Full magnetic stripe from a payment card or the Primary Account Number(PAN)plus any of the following:
- Cardholder name
- Expiration date
- Service Code or other Authentication Data
University
- Appalachian State University