Merchant Services

UNIVERSITY PCI COMPLIANCE MEMO

The Florida State University Merchant Services group, within the Compliance department of the Controller’s Office, provides day-to-day operational support to all University departments with active merchant accounts accepting Visa, MasterCard, American Express and Discover cards as a form of payment. 

Other services provided include coordinating new and existing merchant environments, any necessary training as it pertains to operational activity and compliance requirements, as well as ensuring all University merchants, and Direct Support Organizations (DSO), are adhering to all applicable policies, procedures, and data security standards as prescribed by the University and the Payment Card Industry Security Standards Council (PCI SSC).

Merchant Services has the following responsibilities regarding the acceptance of credit cards on Florida State University's campus:

  • Serve as the first point of contact for any credit card processing inquiry
  • Issue and maintain all equipment necessary to accept credit cards as a form of payment
  • Review all departmental requests for any new payment card activity and assist in the process of approval from the University Payment Card Oversight Committee
  • Monitor and administer, in conjunction with the University’s Information Security and Privacy Office (ISPO), all merchant and DSO compliance with the PCI DSS and provide guidance in regards to the University’s PCI DSS attestation and compliance initiative

Interested Departments must first confirm their University cash collection point status and, if necessary to be approved as such, complete a University Cash Collection Point Application. Upon confirmation of being a cash collection point, the department must then complete and submit the University Application for Payment Card Merchants and Payment Card Cost Worksheet.

Upon approval of a Department's application, by the University Payment Card Oversight Committee, all employees and representatives designated by the department as having merchant services responsibilities must become familiar with, and adhere to daily, all Department and University payment card policies and procedures to maintain compliance with the Payment Card Industry Data Security Standards (PCI-DSS). 

As a first step, prior to any payment cards being accepted, it is a requirement that each representative complete the University’s Security Awareness Training in Canvas. Access to this training must be provided and the University Payment Card Coordinator will assist you with this. Furthermore, it is recommended to become familiar with the Payment Card Industry Security Standards Council's website, as well as browse the PCI DSS Quick Reference Guide. You can find the full PCI-DSS Requirements and Security Assessment Procedures version 3.2.1 here, as published by the Security Standards Council.

Also, please review the additional information and resources directly below. Each policy and procedure is vital to ensure the integrity and compliance of Florida State University as it pertains to the protection and security of the financial and data security infrastructure, as well as securing the confidentiality of University customer’s personal and financial information.

For existing merchants, if there are any changes to your staff that has payment card responsibilities, please complete the Merchant Employee Change Form to notify the Controller’s Office of any changes in personnel, additions and/or deletions, so Merchant Services can update their records. Also, to confirm that the necessary steps have been taken for any new hires and so access can be granted to the PCI Training course in Canvas, which includes the required Security Awareness Training.

For any assistance, please contact the University Payment Card Coordinator, Curt Caito, at 850-644-9475 (ccaito@fsu.edu).