TouchNet uStores is finally here!
In response to ongoing demand to provide a PCI Compliant ecommerce solution for schools and units, the Office of Treasury Management is very happy to announce the implementation of TouchNet uStores. With uStores, a department can develop a website, connect to a payment gateway, automatically post revenue to their GL account and minimize PCI Compliance.
Currently, if your department wants to accept payments for smaller volume events, periodicals, digital images, admission fees, you would either accept checks to be processed by Cash Receipts or accept credit cards using Certain Software.
Now, your department can open a uStore and accept echecks and credit cards! Contact otm_ecommerce@harvard.edu to request more information.
Preparing for PCI Compliance Certification 2018
Although we are in the midst of a very cold winter, spring will soon (we hope!) be here and with it PCI Compliance recertification! This is just a reminder not to leave your merchant account attestation tasks to the last minute. Your fully executed self-assessment questionnaire is to be delivered to OTM by June 30, 2018.
In addition to the annual online training for all staff that work with credit cards, Treasury and HUIT IT Security will host the annual PCI Compliance Training on campus. Dates and times will be forthcoming over the next several weeks. It is recommended that all business and technical contacts for the merchant accounts attend.
If you are using a point-of-sale system for processing card present transactions, part of the annual attestation includes a penetration test of the network that is connected to the cardholder environment and to ensure that network is sufficiently protected from other Harvard networks. Penetration tests are performed internally and externally and are approximately $7,500 - $10,000. These costs are the responsibility of the merchant as a cost of doing business. One way to eliminate these annual costs is to implement a point-to-point encryption hardware solution where external credit card terminals process the transaction, encrypt the card data at the time of swipe/dip and then transmit the data from the terminal directly to the payment gateway and by-pass the Harvard Network.
Choosing a Vendor
It is strongly recommended to choose a vendor that is already being used at Harvard. If your business need requires a new vendor (who is redirecting to a payment gateway or who will collect, transmit or process credit cards), be aware that the vendor will need to be approved by Cash Management, Strategic Procurement and HUIT IT Security.
At a minimum, all vendors involved in credit card acceptance have to be listed on Visa’s Registry of Service Providers.
Strategic Procurement should be contacted to ensure vendor contract language agrees to Harvard requirements, including the inclusion of the PCI Rider.
If necessary, HUIT IT Security will perform a Security Review and Vendor Risk Assessment depending on the classification of data being collected.
Addition to eCommerce
The Office of Treasury Management is very happy to announce the addition of Martha McEwan to the staff of eCommerce. Martha has been at Harvard for five years in OTM and will now be dedicated full time to supporting eCommerce initiatives, particularly TouchNet uStores. Martha can be reached at martha_mcewan@harvard.edu or 617-495-5630.