Merchant Contact Responsibilities

Merchant Contact Responsibilities

The merchant contact is responsible for the following items:

  • Serve as department merchant activities coordinator and as point person for the Treasurer's Office. 
  • Serve as the person who completes the annual self-assessment questionnaire for PCI (Payment Card Industry) compliance through the ​3rd party company, CampusGuard and ensures PCI compliance at all times.   
  • Successful completion of UM My LINC Merchant Certification TME102 Course annually by:
    • you.
    • all applicable staff
      • new and existing staff who are authorized to process credit cards or refunds
      • any staff who do not process credit cards but come into contact with credit card data (i.e., full 16 digits of credit cards).  For example, a person who opens the mail where credit card data is present.
  • Read and follow the SPG policies and Merchant policies (e.g. University of Michigan Merchant Requirements) which govern credit card activities.  Review annually.
  • Prepare (and update when necessary) departmental Internal Controls Written Procedures which also includes: 
    • Segregation of Duties
    • Review of Daily Transaction Activity
    • Controlled Access to Resources
    • Supervision
    • Verification
    • Documentation 
  • Annually complete the Internal Controls Gap Analysis.
  • Train all departmental staff on processing credit card transactions and refunds if applicable.
  • Update the "Authorized Users" in the Merchant Information page of MPathway's Financial & Physical Resources System (FINPROD) whenever authorized user staff changes. An authorized user is anyone who handles cardholder data (i.e. the full '16 digit' credit card number) or issues credit card refunds.  You will receive an ITS email when you have been granted this MPathway’s access.  Updating Authorized Users instructions are listed on the lower portion of this web page.
  • Notify Merchant Services of any relevant personnel changes that impact the account (e.g., refund approver[s], merchant contact, IT Contact when needed, etc.).
  • Always contact merchantservices@umich.edu immediately if you suspect or locate a credit card data loss/breach. 

For merchants who utilize credit card terminals:

  • Maintain a list of your terminal make(s), model(s), serial number(s), and location(s).
    • Each business day, verify your credit card terminal info (above) and keep a record of the verification along with the name of person performing that task.
    • List must be updated when terminal is replaced or relocated. The serial number is located on the underside of the terminal.
    • Terminal data is maintained in MPathways - FINPROD.  Required list can be verified here and printed instead of manually creating a list.  FINPROD descrepancies are reported to merchantservices@umich.edu.
  • Ensure that all staff processing credit cards be trained on "terminal tampering."
  • Inform staff that anyone who requests access to evaluate or repair the terminal must provide identification that verifies their affiliation with U-M Treasurer's Office.  Notify merchant contact and Treasurer's office immediately if someone without proper identification attempts to access your terminal.
  • Taking credit cards via approved phones: https://finance.umich.edu/resource/approved-phones-taking-credit-card-processing