What is Payment Card Services?

The University recognizes that the ability to accept credit card payments is necessary for modern e-commerce. Credit card payments provide a convenience to customers, help to stimulate sales, and contribute to increased operational efficiency.  Payment Card Services supports University departments and units that accept credit card payments by facilitating e-commerce payments, ensuring compliance with applicable laws and industry standards, and providing the training necessary to responsibly conduct payment card transactions.  Safeguarding of customer confidential information is of central importance in ensuring institutional compliance and protecting the security of University customers.

Responsibilities of UVA Payment Card Services

Payment Card Services assists departments and units by:

• Providing convenient ways to accept credit and debit card payments;

• Monitoring compliance with Payment Card Industry Data Security Standards (PCI-DSS);

• Training departments and units on PCI compliance requirements.

Payment Card Services helps departments and units with secure methods for accepting payment cards for:

• Conferences and workshops;

• Special events and fundraisers; and

• Sales of goods and services.

Payment Card Services offers numerous ways that departments and units can accept payment cards, including through:

• E-commerce websites;

• Desktop payments;

• Mobile payment devices; and

• Third-party payment servicers.

PCI-DSS Compliance

The Payment Card Industry Data Security Standards (PCI-DSS) apply broadly to all payment card transactions. Payment Card Services is responsible for monitoring the University's compliance with the PCI-DSS standards.

The PCI-DSS standards apply to:

• All payment transactions involving payment cards, regardless of method.

  • This includes situations where a department or unit directs customers to a third-party processor.

• All devices used to process payment card transactions, including swipe machines, point-of-service systems, PIN pads, and mobile/wireless devices connected to a network (Smartphone, tablets and PC’s).

• All vendor processes and products involved in payment card transactions, including payment application software, third-party providers, processors, website security and payment page accessibility.

  • Note:  The University is contractually obligated to assure compliance with the PCI-DSS standards if it directs a customer to a University-contracted vendor that accepts payment card transactions, even if the University does not directly benefit from the revenue.

PCI Compliance Training Opportunities:

 

• Front-Line Training

• Eventbrite User Agreement

Related Policies and Resources

Medical Center Policy 0335: Use of Payment Cards at the Medical Center

For additional information related to Payment Card Services, email uva_payment_card_svc@virginia.edu (uva_payment_card_svc).