Payment Card Processing Newsletter
October, 2021 issue
University of Nebraska—Lincoln
PCI Compliance Team
The PCI Compliance Team is a collaboration between Information Technology Services (ITS) and the Office of the Bursar. It is a cross-functional team responsible for administering the University of Nebraska-Lincoln payment card policies and procedures, monitoring payment card activity, and educating merchants.
Contact Information
Information Technology Services (ITS)
Office of the Bursar
Download the printable PDF version of this newsletter here.
What to do when an Issue Occurs while Processing a Transaction
You may experience situations when your stand-alone terminal has issues while processing a transaction. When this occurs, you need to be able to determine if a transaction successfully processed or not. There are two options for a terminal operator to verify if a transaction completed. This can be helpful in ensuring all payments are received and avoid duplications if there’s an interruption during the transaction.
Option #1 - Reprint the last receipt (recommended ):
- Select OTHER
- Select REPRINT
- Select LAST RECEIPT or SEARCH
- If Search is chosen:
- Select ALL, REFERENCE #, CLERK #, INVOICE/PO #, ACCOUNT #, CUSTOMER #, RRN, or APPROVAL CODE
- Locate the transaction (by swiping the card or entering the selected search criterion) and press SELECT
- Select MERCHANT COPY, CUSTOMER COPY, or BOTH
- The selected receipt(s) will print
If the transaction completed, the reprint receipt will generate the receipt that didn’t print. If it prints the transaction prior, it means the terminal reset before the transaction was complete.
Option #2 - View the batch history to see if the most recent transaction is showing in the batch:
- Select OTHER, then select REPORTS MENU
- Select DETAIL or DISPLAY, then select PRINT or DISPLAY
- If prompted, select sort method: REFERENCE #, INVOICE #, or CARD TYPE
- The selected information will display
- Press CANCEL to return to the Reports Menu
Results!! Elavon Continues as Card Processer
The State of Nebraska issued a Request for Proposal (RFP) for credit card processing earlier this year. UNL Bursar’s Office staff assisted in the bid evaluations. We are happy to announce US Bank/Elavon was selected again for the Merchant Services contract.
Carding Attacks Continue to Be Seen - Actions to Prevent It
A carding attack is an automated attack where multiple stolen cards are tested to determine their validity. A malicious actor will attempt to place an order on your website using a large number of credit cards and associated information such as addresses, expiration dates, and security codes. These attacks continue to occur and can be quite costly to the merchant. We have seen them occur against multiple sites at the University in varying scales.
Typically the intent of the malicious actor is not to place fraudulent orders. Instead, they are using your website to simply confirm the validity of the card data they have. These testing transactions can cost us 5-10 cents per transaction, which adds up quickly if not identified or resolved. The following actions help prevent your site from being vulnerable:
- Check with your developers and web service providers to be sure automated or rapid payment submission is not possible.
- Add captcha or something similar to make sure the payment process cannot be automated, or at least slow it down.
- Implement authorization filters with payment service providers to limit hourly and daily transactions.
- Check transaction activity often, probably daily, for excessive authorizations.
- Make sure alerts from payment processors or service providers go to an active/monitored email address.
- Make sure merchant contact information with payment processors or service providers is up to date.
For assistance in reviewing your sites, please contact ITS Security at security@nebraska.edu
Please notify the PCI Compliance Team if you think an attack has taken place.