Merchant News: 3rd Quarter FY23

ClientLine Upgrade

Effective January 31, 2023, when you log into Business Track for ClientLine reporting, you will now only be able to view ClientLine Enterprise (CLX), a replacement to the existing ClientLine reporting portal. You will no longer be able to access the legacy ClientLine system. The login for the new system remains the same at Merchant Login, as will your username and password. An email was sent out January 18th with instructions to generate a Monthly Merchant Statement. ClientLine instructions are available under Related Resources.

If you continue to have questions, reach out to your Cash Management Accountant.

New PCI Data Security Standard

The PCI Data Security Standard is the global standard that provides a baseline of technical and operational requirements designated to protect credit card data. The next evolution of that standard, PCI DSS v4.0, was released in June 2022, but the current standard will remain in effect for two years. Therefore, Harvard merchants will be required to comply with the new standard for the PCI Compliance Certification by June 2024. There will be no changes for this year’s certification.

If you are an ecommerce merchant (SAQ A), there are significant changes with the new standard that may affect how you accept credit cards. The bulleted lists below summarize some of the changes. Please note that for SAQ B and P2PE, changes are minor and related to policy and procedures. We are sharing this information now so that you and your technical team can begin planning and budgeting these changes.

SAQ A Highlights

Manage the integrity of all payment page scripts loaded and executed in the consumer’s browser
Minimum pw length increases to 12 characters
Change and tamper detection mechanism payment pages
Quarterly ASV Scanning

SAQ P2PE Highlights

Protection of Stores Account Data Policies and Procedures Restricting Physical Access to Cardholder data policies and procedures

SAQ B Highlights

Protection of Stores Account Data Policies and Procedures
Restricting Physical Access to Cardholder data policies and procedures

Next Steps:

Ecommerce Merchants: Within the next several weeks, we will be reaching out to all ecommerce merchants to collect information (including network or data flows diagrams) as part of our preliminary gap assessment.

In Person or Mail Order/Telephone Order Merchants: Impact from v4.0 will be limited to ensuring adherence to policies and procedures.

Analog Phone Lines for Credit Card Activity

HUIT has notified the Office of Treasury Management that the use of analog phone lines for credit card terminal connectivity will be discontinued effective June 2024. If your department is currently using an FD130 or FD150 to process credit card transactions, please contact Stephanie Motta at your earliest opportunity to investigate a replacement solution.

Replacement solutions include two options:

Stand-alone devices that connect to a cellular network
Installing TouchNet’s Point-of-Sale system (see more information below)

Both solutions will provide the same level of PCI Compliance scope and merchants will qualify to answer the SAQ P2PE.

There will be an open forum for merchants to ask questions of HUIT representatives on Wednesday, February 8, 2023, at 11:00 am – 12:00 pm. Join the open forum for merchants.

TouchNet Marketplace POS (Point-of-Sale) System