SECTION 1. Policy Statement

1. Applicability
   1. This policy applies to situations where the University accepts credit cards and debit cards as a method of payment for goods or services that the University sells. For purposes of this policy, credit and debit cards are referred to as “payment cards.”
   2. This policy does not apply to the University’s procurement cards (see FI0530) or the University’s travel cards (see FI0531).
   3. This policy does not apply to transactions made using a University-issued identification card.
2. General Policy
   1. Once a department obtains permissions as required by this policy, a department may accept payment cards.
   2. Departments must never store a payment card number, whether in electronic format or on paper.
   3. Departments may outsource some or all of their payment card transaction processing. Departments that utilize this option reduce their risk by transferring some risk to the outsourced provider.
   4. Compliance with Payment Card Industry (PCI) Data Security Standards (DSS) is mandatory for all University departments that have merchant accounts. Every department that accepts payment cards will have a merchant account identification number assigned to them.
   5. Departments are responsible for all costs associated with the department maintaining PCI DSS compliance.
3. Processing Fees
   1. Departments may recoup credit card processing fees by factoring the fees into the final price of the department’s goods or services.
   2. Departments must not charge differential prices based on the customer’s method of payment, except that the University may impose processing fees as a separate cost for tuition payments and for athletic events when the customer pays via credit card.

SECTION 2. Reason for the Policy

This policy provides the requirements and guidelines for all credit card processing activities at the University of Tennessee, including debit card processing and e- commerce activities. The policy addresses protection against the exposure to and possible theft of account and personal cardholder information and the compliance with credit card company requirements for card information that is stored, processed, or transmitted on the University’s information technology resources.

SECTION 3. Scope and Application

This policy applies to the following University departments: (1) departments that want to establish a merchant account and begin accepting payment cards; and (2) departments that have a merchant account and accept payment cards.

SECTION 4. Procedures

Procedures

SECTION 5. Definitions

N/A

SECTION 6. Penalties/Disciplinary Action for Non-Compliance

The University may suspend a department’s ability to process credit and debit cards, if the department fails to comply with this policy or its procedures. The University may take any actions necessary to enforce this policy and its procedures, such as confiscating equipment. Further, credit-card providers (such as VISA), might impose fines on the department. The department will be solely responsible for paying the full amount of any fines.

SECTION 7. Responsible Official & Additional Contacts

Subject Matter	Office Name	Telephone Number	Email/Web Address
Policy Clarification and Interpretation	Justin Holt, Office of the Treasurer	865-974-4100	Holt@tennessee.edu

SECTION 8. Policy History

Revision 5: December 2023

Revision 4: June 2019

SECTION 9. Related Policies/Guidance Documents

FI0310—Receiving and Depositing Money FI0330—Unrelated Business Taxable Income FI0331—Sales and Use Tax FI0405—Procurement

FI0420—Contracts