Payment Processing Policy

Every department that accepts payments on PSU’s behalf must have a written procedure document in the office that incorporates the following policy guidelines:

Do:

  • Once a payment is processed, immediately shred the portion of  any form that contains credit card or routing/bank account numbers.  If a credit card was used, keep the cardholder’s signature.  There is no legitimate business need to retain cc or bank account  information. 
  • To refund a credit card, all you need is the authorization code.
  • You must use a crosscut or micro-cut shredder.   (Note:  It is okay to use a Shred It bin as long as it is secured to the wall or floor and is in a secure location.  It is best, however, to shred it immediately if possible.)
  • If a payment cannot be processed immediately upon receipt, it must be promptly locked away in a secure location.   (Note:  Not all locked cabinets are secure – it depends on the type of lock that is installed on it.)
  • A background check is required for anyone that will process and/or come in contact with checking or credit card information, unless all payments are point-of-sale transactions.
  • If using a point-of-sale credit card terminal, it must not print all the digits of the card number and it must be locked up at the close of business each day, unless it has tamper-proof controls on it.
  • If accepting payment information via fax, the machine should not print if you are not open for business. (If you are using a multifunctional device as your fax, contact ITS services to determine if security measures can be installed on it.)
  • If you have storage files (physical or virtual) that might contain sensitive payment information, you need to review the files and remove this data immediately.
  • Bolt all safes to the floor or wall.
  • If you are contracting with a third party company to accept credit card payments on PSU’s behalf, the company must be Payment Card Industry Data Security Standards (PCI DSS) compliant and provide appropriate documentation of it.
  • If payments are being accepted remotely (over the phone or through a payment gateway), be sure to request the 3 or 4 digit security code.
  • Effective June 2013 – If processing payments via an online payment processor, work with Information Technology Services to ensure you are accessing the processor through a dedicated machine (virtual or physical).
  • Effective June 2013 – Staff members who do not process payments, whether they are internal department employees or general services employees must not have access to locations containing payment information unless they are accompanied by a payment processing employee.

 

Do not:

  • Do not copy cash (in full or in part).
  • Do not write down credit card security codes (the 3 or 4 digit security code on the back of a credit card).
  • Do not copy checks.
  • Do not accept credit card or checking information via email or through social networks, such as Twitter and Facebook.(Note: If an unsolicited email with credit card or checking information is received, delete the payment information immediately, let the sender know that PSU does not accept payments this way and provide him/her with an appropriate means by which to make his/her payment.)
  • Do not simply cross out or cover up payment data (i.e. with a marker or white-out etc…).   It does not provide sufficient security; it must be cut out and shred immediately after processing.

Featured in Plymouth Magazine

Example Image

Faculty Forum: Brian Eisenhauer on Shrinking Our Environmental Impact

In his roles as professor, scholar, researcher, mentor, and campus leader, Brian Eisenhauer is at the center of Plymouth State’s sustainability and climate neutrality efforts. Under his leadership, Plymouth State has been consistently recognized as a leader in environmental sustainability and is regularly included in The Princeton Review’s Guide to Green Colleges, a compilation of [...]

Example Image

Remembering Gene Savage ’58

On May 14, 2012, New Hampshire lost a gifted educator, respected leader, and devoted friend. From his earliest days in education as a high school teacher, coach, and director of guidance, through his post as director of admissions at the University of New Hampshire, and later through his various administrative positions within the University System [...]

Example Image

PSU Collaboration Leads to Emmy

When Trish Lindberg was a 17-year-old musician, artist, and actor, her mother—a teacher herself—told her she would make a great teacher. Lindberg looked her mother right in the eye and said, “I will never be a teacher!” Mother Knows Best Decades later, Lindberg, now a Carnegie Foundation NH Professor of the Year, a recipient of [...]