Resources

PCI stands for Payment Card Industry. PCI Data Security Standards are national standards issued by the Payment Card Security Standards Council and apply to all entities involved in payment card processing – including merchants, processors, acquirers, issuers, and service providers. PCI also applies to all other entities that store, process or transmit cardholder data or may have an impact on the security of the cardholder data environment.

The University of Virginia recognizes that individual credit card information is confidential. Failure to maintain strict controls over this information could result in unauthorized use of a credit card numbers and create serious problems for the consumer, the unit, and the University. Credit card information is treated as carefully as other confidential information.

These services may include a registration form, manipulating the data into the reports, managing a conference, etc. If the vendor does not also collect credit card payment information or refer your customer to a third-party for payment card processing, then using these vendors do not bring your process under PCI compliance rules.

The card brands and credit card processors can assess significant fines (currently starting at $25,000 for each card type) for failure to comply with the standards and can revoke the University’s ability to accept payment cards if we are breached.

With PCI 3.0 (effective December, 2013) the University became responsible for annually verifying the payment card data flow and PCI compliance for all third- party contracted vendors and their external service providers (either AOC (Attestation of Compliance or ROC (Report of Compliance) for each vendor who touches payment card data). As the units renew agreements with vendors, and as we are made aware of their relationship with the University, we are then bound to verify compliance.

EPay is primarily a payment card process, not a registration process where payment may or may not be collected so payment of some type must be collected for each registrant. eStore will allow for a combination of $0.00 registrations and paid. (see question 10 below) There are options available for registration only events. Contact the Payment Card Services for more information. See other options, ITS Eventbrite

1. There are short-term, one-time only web processing options available. Please contact the PCPC.
2. You can apply for web processing through the Payment Card Services using E- Pay at UVA through Commerce Manager. A departmental website may be required. Depending on your needs, we may be able to manage your registration page and collect payment information for no additional fee.

See the summary below for a quick overview.

Any department or unit that accepts payment cards on an ongoing basis though the University vendors is issued a Merchant ID number (MID) by MC/Visa/Discover and American Express. These merchant account numbers identify you to the credit card companies and establish a contractual obligation to comply with all credit card rules and regulations Payment Card Services: FAQs, Procedures, & Forms Page | 7

Payment Card Processing – Swipe and Web specifics.

The process typically takes 2-3 weeks to obtain a merchant account once an application has been submitted. This does not include the time that the requestor may need for development of webpages, or if applications involve the use of non- standard University credit card payment methods (third-party vendors, for example).

• This procedure covers the steps a unit will follow in order to add a new EPAY process where the revenue will flow to the same PTAO or to the same clearing project as the existing account does and the description in Elavon will be the same for the new process.
  • Example: The Elavon Description is UVA Physics Events
    The orders in EPAY are:
    • UVA Physics Events – Jamison Clinic
    • UVA Physics Events – Annual Meeting of PI’s
• This procedure does not cover the steps a unit will follow if:

Contact the Payment Card Services to discuss the programs available and other considerations such as costs, accounting and security requirements. This information will assist the department’s understanding all of the ramifications of accepting credit cards directly, through EventBrite or another third-party provider.

We will then meet with the Program Coordinator, the department web developer if appropriate and your Fiscal staff to determine your needs.

The next step is to review the application procedure, complete an application, and submit it to Payment Card Services.

Mission Statement

The Faculty Senate, with the concurrence of the President, approved revisions to the University’s mission statement on May 15, 2013, to replace the statement that had been in effect since May 31, 1985. The Board of Visitors, after making additional modifications, approved the mission statement on November 15, 2013. The State Council of Higher Education for Virginia (SCHEV) approved the mission statement on January 14, 2014, to be effective 30 days following adjournment of the 2014 General Assembly.

1. Any agreement or contract to process or receive revenue from payment card activity by members of the University, University-related community or Medical Center requires prior approval. See policies at FIN-037: Governance and Compliance Requirements for Payment Card Activities for the University and Medical Center Policy 0335: Use of Payment Cards at the Medical Center.
2. Any unit anticipating NEW revenue from any source, directly or indirectly, must have prior approval for new Revenue Generating Activity.

This Quick Reference Guide (QRG) is designed to walk Fiscal Admin roles (e.g., Cost Center Manager, Preparer & Approver for Account Certification, P2P Roles - Requisitioner & Approver and Payroll Costing Manager & Specialist) through navigating the Fiscal Admin Dashboard. The Fiscal Admin Dashboard provides a one-stop shop for users in Fiscal Administrator or Operational Support Roles to access common tasks, reports, and other resources needed to perform their daily work.

This Quick Reference Guide (QRG) is designed to walk an Internal Service Delivery Data Entry Specialist through the process of editing an existing catalog item in Workday. By the end of this QRG, you will be able to successfully edit existing Internal Service Provider (ISP) Catalog Items in your catalog in Workday.

This Quick Reference Guide (QRG) is designed to walk an Internal Service Delivery Data Entry Specialist through the process of creating a new catalog item in Workday. By the end of this QRG, you will be able to successfully add Internal Service Provider (ISP) Catalog Items to your catalog in Workday.

This Quick Reference Guide (QRG) is designed to walk an Internal Service Delivery Data Entry Specialist through the process of changing an approved Internal Service Delivery (ISD) in Workday. This procedure will show you how to make changes to an ISD. If you need to completely remove the ISD, see the Cancel ISD Quick Reference Guide used to request cancellation of an ISD by the ISP Administrator.