Payment Card Processing Newsletter
FEBRUARY, 2025 ISSUE
University of Nebraska—Lincoln
PCI Compliance Team
The PCI Compliance Team is a collaboration between Information Technology Services (ITS) and the Office of the Bursar. It is a cross-functional team responsible for administering the University of Nebraska-Lincoln payment card policies and procedures, monitoring payment card activity, and educating merchants.
Contact Information
Information Technology Services (ITS)
Chris Cashmere phone: 402 472-1423
Office of the Bursar
Jennifer Hellwege phone: 402-472-9003
Lisa Hilzer phone: 402-472-9004
Download the printable PDF version of this newsletter here.
Reminder: PCI Attestation of Scan Compliance - Due Quarterly
E-commerce (SAQ-A) merchants accepting card payments are required to submit a PCI Attestation of Scan Compliance in the PCI Compliance Manager portal each quarter as evidence their e-commerce site is meeting the PCI external scan requirements.
You may have received an email from PCI Compliance Manager, similar to the one below, notifying you that it’s time to upload a new scan attestation.
Action Steps Due Quarterly:
Step 1 - Obtain the scan attestation
- If your e-commerce site is completely outsourced, the scan attestation needs to be obtained directly from your provider.
- If your e-commerce site is locally hosted by the university or managed in the department, the scan attestation can be provided to you by ITS. How to request a scan attestation:
1. Submit an ITS Ticket Request
2. Click Request Attestation from the right side options
3. Complete and submit a separate form for each Merchant ID (MID)/e-commerce site
Step 2 - Upload the scan attestation to PCI Compliance Manager portal
- Login to your merchant account and click Manage Account
- Find the Be Scan Compliant section and click Manage
- Click Upload Results
Questions about the scan attestation? Email ITS-Security-Compliance at its-sec-compliance@nebraska.edu
Questions about receiving the email notification from PCI Compliance Manager? Email bursar@unl.edu
Consideration: Cost of Accepting Payment via Card vs. Check
When a customer wants to pay their bill via card, you may want to consider the cost of card processing that will be charged to your merchant account. The university’s card processing costs typically cost around 2-3% of your card sales. If you decide to accept payment via card for a large sales item, you will incur a substantial processing fee.
For example: $3,000 bill paid via card x 2% processing fee = $60 cost to department
Even though card payments can be quicker, this cost should be considered when deciding what payment methods to accept for your sales activity.
Policy Reminder - Charging a Fee for Card Payments: Merchants are not allowed to charge a “convenience fee” or “service fee” to customers for card payment. The cost of card processing must be incorporated into your overall pricing of goods/services. Your pricing must be consistent for all customers, regardless of payment type. This UNL fee policy was adapted from information provided by Elavon. There are circumstances where your merchant account can be configured with Elavon to incorporate a fee; however, these are limited in nature, more complex, and must be part of your configuration. They cannot be added on by the department accepting payment.
Ingenico Terminal Best Practice: Password Protect Return Transactions
Elavon has the ability to enable a password feature on your Ingenico terminal for processing return transactions. When enabled, anytime an operator attempts a refund, they must enter the password in order to complete the transaction. This is helpful to departments for managing authorization of return transactions and in eliminating accidental returns due to the wrong button being pushed on the terminal.
Please send an email to bursar@unl.edu if you’re interested in enabling the password feature on your terminal