Skip to main content

Merchant Services and PCI Compliance

Merchant Services and PCI Compliance focus on securing merchant accounts and transaction security.

What is Merchant Services?

Merchant Services provides day to day operational support to departments on campus with active merchant accounts (MasterCard, Visa, and American Express). Other services provided include coordinating with NC Office of the State Controller (OSC) as necessary to establish new merchant accounts and ensure all merchant accounts are in good standing and in compliance with applicable policies, procedures and standards as required by the University, OSC and the Payment Card Industry (PCI).

Merchant Services has the following responsibilities with regards to the acceptance of credit cards (Visa, MasterCard, Discover, and American Express cards) on the NC State University campus:

  • Answering any questions concerning accepting credit cards by various business units, schools or colleges on the NC State University campus.
  • Issuing and maintaining all equipment necessary to accept credit cards on NC State University campus.
  • Reviewing and approving all departmental requests for a merchant account.
  • Monitoring merchants’ compliance with PCI DSS, this also includes providing guidance to merchants coping with PCI issues.
  • Serves as the first point of contact for any credit card inquiry for the university.

What is PCI Compliance?

From the world’s largest corporations to small Internet stores, compliance with the PCI Data Security Standard (PCI DSS) is vital for all merchants who accept credit cards, online or offline, because nothing is more important than keeping your customer’s payment card data secure. The size of your business will determine the specific compliance requirements that must be met. If you are a merchant that accepts payment cards, you are required to be compliant with the PCI Data Security Standard.

Merchant Services Glossary

PCI DSS Quick Reference Guide

Policies, Procedures, & Guidelines

  • Nelnet Sequoia – Campus Enterprise Only
  • Cvent Destiny OneCE – McKimmon Only
  • iModules Ungerboeck – McKimmon Only
  • Eventbrite Micros – Campus Enterprise Only
  • Reporter – HigherOne CASHNet

The list is subject to change based on the vendor’s validation status with PCI-DSS

Please contact Merchant Services for information prior to engaging for service.

Effective Date: May 18, 2018

North Carolina State University (“NC State”) is committed to personal privacy. This privacy statement outlines what personal information NC State may collect about you and how the University may use it. The following explains NC State’s information collection and disclosure practices for the website www.ncsu.edu and the network of websites making up the NC State University online network.

NC State’s websites are not intended for children under the age of 13 unless they are explicitly labeled for children. We do not knowingly solicit data online from, or market online to, children under the age of 13. For more information regarding the collection of children’s personal information, please review the section below labeled Children Program Participation Activities.

The University may amend this privacy statement from time to time without notice; therefore, NC State asks that you review this statement periodically to ensure that you are aware of the most updated statement. When required by law the University will notify you of any changes.

NC State is a non-profit, public, higher education institution. The functions of the University may at times involve the collection and dissemination of scientific, technical, economic, scholarly, and in some cases, personal information.

NC State complies with applicable federal and state laws, as well as UNC System and NC State policies, for the collection, use, and disclosure of personal information.

Website Information Collection

What information do we collect and how does NC State use it?

  • Information you provide us. If you fill out an admissions or employment application, or complete an online form or purchase, then the University may collect personal information that you provide, including but not limited to:
  • Name
  • Residential or Mailing Address
  • Email Address
  • Phone Number
  • Social Security Number
  • Credit or Debit Card Information

By providing this personal information you acknowledge that, where permitted by federal or state law, NC State may use this information for the express purposes for which the information was provided, which may include to:

  • Respond to your request for information
  • Process applications for admission or employment
  • Process information for administrative purposes
  • Process orders for goods or services
  • Notify you of products or services
  • Improve online content and communications
  • Improve University services
  • Process information for purposes as may be detailed on University websites or mobile applications
  • Information Automatically Collected. When you visit NC State websites, the University automatically collects technical information from you using website tracking technology, such as Google Analytics. Information that NC State collects includes:
    • web visit information – pages visited on our websites; date and time of each visit; websites visited before or after visiting our sites; details of visits including terms used in search queries
    • log information – domain name of internet service provider; internet protocol address; network traffic; attempts to access unauthorized sites

NC State collects this information through cookies, to assist, manage and improve online content to deliver the best user experience, provide, customize, and personalize communications and market our activities to you, as well as to protect University networks from unauthorized or harmful activities, such as network system breaches or computer viruses. Generally, upon receipt, the information automatically collected from you is aggregated and not individually identifiable to site visitors; however, if there is a network security breach, log information is retained and reviewed to support an internal University or law enforcement investigation.

Sharing Information with Third Parties

NC State works with many vendors and contractors who assist the University with its day-to-day affairs. Personal information that you provide to NC State or which the University automatically collects is used or shared with these organizations for the express purposes for which the information was collected or as otherwise expressed in this privacy statement. University vendors and contractors are only permitted to use personal information for the express purposes permitted in their agreements with the University. Otherwise, personal information is not released to third parties unless permitted by applicable law, including in instances where the information needs to be disclosed to protect the safety and security of the University community or University property, or where the University is legally compelled by law or judicial order.

Non-university Websites

This privacy statement applies solely to information collected on NC State’s online network. If you click on a link that directs you to a website or resource outside of the NC State online network you are subject to the privacy policies of that site. The University is not responsible for the privacy practices of non-university websites, including independent websites of faculty, staff, or students that are not supported by the University.

Notice to University Faculty and Staff

The University encourages its colleges, departments, and units contributing to the NC State University online network to post, as necessary, more specific approved privacy notices pertaining to the collection and use of any personal information associated with those sites.

International Transfer

If you use or access NC State’s online network outside of the United States, the university may transfer information from that jurisdiction to the United States, where data protection regulations may not offer the same level of protection as in other parts of the world, such as the European Union. If you use or access NC State’s online network in the European Union, NC State will transfer data to the United States to execute contractual obligations, comply with applicable law, and protect the health and safety of the user or others.

Children Program Participation Activities

NC State University offers programs and activities designed for children and youth (e.g. summer camps or 4-H programs). Parents and guardians may register or apply their children for these University programs through NC State’s online network. These registration and application websites are intended to be used only by adults and not by children under the age of 13. NC State does not knowingly collect personal information from children under the age of 13. Any personal information of children provided to NC State on these sites should be shared with the University only by a child’s parent or legal guardian. Information that may be requested from parents and guardians, and voluntarily provided to the University include:

  • Child:
    • Name
    • Birthdate
    • Grade Level
    • Gender
  • Parent or Legal Guardian:
    • Name
    • Residential or Mailing Address
    • Email Address
    • Phone Number

Access, Control, and Correction of Your Information

NC State respects your right to access, correct, request deletion, and request restriction of NC State’s usage of your personal information. You have the right:

  1. To request access to or transfer of your information;
  2. To ask about the methods in which your information is maintained and processed;
  3. To request information about the organizations with whom you information may be disclosed;
  4. To ask NC State to delete or restrict how the university uses your information, but this right is determined by applicable law and may impact your access to and participation in the university activities and services;
  5. If you believe your information is incorrect or incomplete, you can request corrections or updates to any inaccuracies, and for those corrections to be made if it is deemed inaccurate by NC State;
  6. To object to the collection, processing, retention or use of your information; and
  7. To lodge a complaint with the appropriate authorities, including United States and European Union Governmental Bodies.

You may exercise these rights by contacting NC State’s online network support at data-privacy@ncsu.edu. If you choose to exercise these rights, NC State may be unable to effectively offer you certain educational services, which may prevent you from being accepted or participating in the university’s educational activities. In addition, NC State may not be able to comply with your request in order to meet its obligations and requirements under applicable laws.

Protection of Personal Information

NC State uses its best efforts to protect the personal information that you provide to us or that it automatically collects. The University works diligently to safeguard your personal information to prevent unauthorized information access or disclosure, maintain information accuracy, and ensure the appropriate use of collected information. To assist with these efforts the University has created and implemented appropriate technical and administrative procedures to safeguard personal information consistent with applicable privacy and data security laws.

Nevertheless, NC State cannot guarantee these safeguards will protect any personal information that you provide. Although the University will use its best efforts to protect this information from unlawful access or disclosure, providing personal information to the University is at your own risk.

Public Record Disclosure Requirements

As a public institution, and instrumentality of the State of North Carolina, NC State is subject to the NC Public Records laws. This means that records in all forms, including email provided to the University, are subject to public disclosure, unless the record is designated by law as confidential or not a public record. Some examples of confidential records include education records of students; personnel records of employees; medical records; law enforcement records; research data, records, or information of a proprietary nature; and information received by the University deemed as trade secrets and marked “confidential.”

For more information regarding public records, please visit the NC State Office of General Counsel’s information on public records.

Retention of Personal Information

Records created by and submitted to NC State are maintained and destroyed according to requirements under the state laws of North Carolina, as well as federal laws and institutional policies. For more information regarding University record retention practices, please visit the NC State Office of General Counsel’s information on record retention.