Skip to main content
Search
Southern Illinois University Edwardsville Logo
Apply to SIUE
Sun setting on Rendleman Hall

Bursar Sub MenuDismiss

  Pay My Bill FAQ Students & Parents About Us Contact Us University Staff

University Staff

Bursar University Staff
Processing Options Who to Contact Security & Compliance FAQ Merchant Request Form Selecting a New POS Device Vendor Resources

Selecting a New POS Device Vendor

As outlined in the Southern Illinois University System’s University Guidelines, Section 3.9 -PCI DSS Information Security Policy, “Southern Illinois University’s preferred method for acceptance of Payment Cards is through the State of Illinois contract.” The approved card processor with the State of Illinois contract is NCR.

  • NCR is the State of Illinois approved contracted Credit/Debit processor
  • NCR does allow settlement through approved gateway, such as TSYS, Spreedly, NMI Gateway, TSTS eComm.
  • If gateway used by vendor is not noted above, contact Dawn Sparks Bursar@siue.edu to review set up prior to selection
  • Office of the Bursar will assist with acquiring merchant ID

If the point-of sale hardware and software vendor does not process, or settle, through NCR or an approved gateway, an exception must be approved prior to an agreement/contract is established. This alternative method is where the selected vendor is the merchant of record and responsible for the following:

  • Vendor is responsible for acquiring merchant ID
  • Transactions are settle through the vendor’s processor and vendor forwards revenue to the appropriate University bank account
  • Vendor must submit annual documentation of PCI-DSS compliance
  • Vendor must submit an annual letter of attestation of breach 

Regardless of the method, the department is responsible for, but not limited to, the following:

  • Collect proof of vendor’s PCI-DSS compliance (needed for annual P.O. risk assessment)
  • Collect vendor’s SOC audit report (needed for annual P.O. Risk assessment)
  • Collect vendor’s Letter of Attestation of Breach document (needed for annual P.O. Risk assessment)
  • Reconcile transactions against internal ‘sales’ data
  • Proper security for any computer, and other equipment, used to process card payments. Ex. Computer should not be used for any other departmental business or activity on the University network
  • Maintain up-to-date departmental procedures to handle, secure, and reconcile payment card transactions
  • Maintain accurate records to ensure Cardholder Data Environment access within the department is limited to only positions required the access for their job functions. All access should be terminated immediately upon personnel leaving the department.
  • Maintain accurate records of annual training for all department personnel involved in the payment card transaction environment
  • Maintain up-to-date P2PE (Point-to-Point Encryption) supported devices. This is a critical component to secure our campus card enivonment for compliance. 
© 2024  SIUE, Edwardsville, IL 62026 Contact SIUE Privacy Notice | Consumer Disclosures & Complaints Equal Opportunity Employer Employment Emergency Notification (e-Lert)

Southern Illinois University Edwardsville is authorized to operate as a postsecondary educational institution by the  Illinois Board of Higher Education.