Policy Administrator: Vice President for Administration
Authority: Payment Card Industry Data Security Standard; Title 5, 42396.2 (Principles of Personal Information Management)
Effective Date: July 1, 2008
Cross References: Bank Accounts and Cash Management; Conditions of Maintenance of Good Standing by Auxiliary Organizations at Sacramento State; Delegated Financial Authority and Responsibilities; Non-State Funds, Accepting and Administering
Policy Number: ADM-0117
CREDIT CARD ACCEPTANCE
On November 1999, the Gramm-Leach-Bliley Act was signed into law. This legislation established the requirement for protecting a customer’s non-public information obtained during the course of business, including credit card information. As a result, the Payment Card Industry (PCI) Data Security Standard was developed by the major credit card companies. Businesses accepting credit cards must comply with this standard or risk losing the right to process credit card payments and be audited and/or fined. As California State University, Sacramento and its auxiliaries do accept credit cards for payment, the university and its auxiliaries must comply with the PCI Data Security Standard.
Any department at Sacramento State wanting to accept credit cards for payment of goods or services must obtain approval prior to doing so and must agree to meet the requirements of the PCI Data Security Standard. This policy governs the process by which university departments request approval to accept credit card payments deposited with the University.
The University Chief Financial Officer and his/her designee, the University Bursar, are responsible for the process and enforcement of this policy.
University auxiliaries accepting credit cards for payments are responsible for complying with the PCI Data Security Standard.
This policy applies to any University department or auxiliary wanting to accept credit cards for goods or services provided. University departments may request authorization to accept credit cards via the Procedures hyperlink below. Auxiliary organizations of the University may establish their own procedures, so long as they remain in compliance with the PCI Data Security Standard.
If payments are to be deposited with an auxiliary, contact that auxiliary for authorization to accept credit card payments.
Approved by Alexander Gonzalez, President
October 2, 2008