Internet Merchant Accounts (IMAs)
- Approval Processes. To be set up with an Internet Merchant Account for use within this community, the department must:
1. Be approved by the campus controller.
2. Be set up within the Community with its IMA by the Community administrator.
3. Pay the initial up-front fee to purchase the online gateway account, pay any setup fees, and pay the ongoing costs of merchant card acceptance.A department should have a substantial number of ongoing payment transactions to offset the initial and ongoing costs of an IMA.
- Accounting. Treasury and the Community administrator will work with the unit to ensure that the payment funds flows are properly accounted for. In most cases, the unit will work directly with the campus Bursar office to make the appropriate entries, particularly for special events and contributions.
If you accept credit card transactions, you must state a refund policy on your website. Generally, the statement is located on the page that collects credit card transactions. Here’s a sample refund policy. You may choose to use your own.
The University of Colorado Colorado Springs College of Business does not give refunds except in documented, extenuating circumstances. All refunds must be approved by the [insert the title of a campus official here; don’t use a person’s name in case he/she leaves] and requires surrender of the original receipt.
- Visa / MasterCard / Discover. A base card merchant account comes with the ability to accept Visa-, MasterCard-, and Discover-branded card payments. The ability to accept other card brands is NOT a part of the base merchant account.
- American Express. If a department wishes to also accept American Express cards, the Treasurer’s office will work with the unit to apply to Amex for this additional card type.
- PayPal and Everything Else. At this time, the University cannot accept payments through PayPal or other card and/or payment brands. This is an area of ongoing research but this is not expected to change in the immediate future.
Card payments are the most costly type of payments a unit can accept. There are multiple costs involved in card acceptance; here is a list of the major ones:
- Merchant discount. The payment card associations assess a percentage of the payment charged to the card to cover the costs of maintaining the card payment network (and profit). This is called the merchant discount and varies depending on the type of card proffered, the method of processing, whether or not the card earns loyalty points (frequent flyer miles, etc.) and other factors. On average, the unit should expect to pay approximately 2.5% of the amount charged in merchant fees.
- Processing fees. Each card transaction is charged a processing fee, typically around $0.25. There is also a long list of other or “special” fees charged, depending on the circumstances (chargeback, duplicate statements, etc.).
- Online processing fees. For IMA payments, the initial setup fee covers the cost of online processing through the Community.
- Swipe card terminals. Note that if a merchant is sponsoring special events or needs an in-person payment capability, there is the ability to rent a card swipe terminal on a short-term basis (minimum of one month).
- Security costs. Payment card information is classified as sensitive data and must be protected to a specific minimum standard known as the Payment Card Industry Data Security Standard (PCIDSS). At the very least this means implementing appropriate and secure payment processing procedures to ensure the security of cardholder information.
- Proper processing and accounting. Each unit is responsible for working with its campus controller and the Treasurer’s office to ensure that proper, secure, and consistent business practices are in place and followed for processing card payments. This includes ensuring that all accounting entries are made properly and timely as well as reconciling funds flows and PeopleSoft accounts. Note that under Treasury policy paid University staff, not volunteers, must process and handle credit card payments.
- Fraud avoidance and detection. The merchant is generally responsible for fraudulent transactions and so must implement fraud avoidance and detection as part of its every day business practices.
- Handling disputes. Each merchant is responsible for handling customer disputes, both directly with the customer and through the card network. Refund policies must be disclosed to the unit’s customers, whether on the department or event’s web page or physically posted where customers can see them, if payments are taken in person.
- Protecting cardholder data. As noted above, cardholder data is defined as sensitive data and must be protected to at least the standard required under the PCIDSS. Should a merchant suffer a breach of security or expose cardholder data, the merchant will be entirely responsible for the costs of investigation, notification, remediation, and fraud. These costs generally start at around $50,000 for a minor incident and could easily go as high as hundreds of thousands of dollars (or more).
- Annual data security compliance certification. Under the PCIDSS, each merchant is required to annually assess their compliance with the standard. Depending on the circumstances, the merchant might also have to pay for outside security auditors and/or vulnerability scans if cards are processed in an electronic or Internet environment. Any deficiencies found must be remediated immediately or the privilege of card acceptance will be revoked.
The CU Treasurer’s Office sets up merchant account and then that new account data is sent to Harris Connect. The entire process can take approximately two months. For cost savings, waves will be held 2-3 times a year to set up merchant accounts in bulk for the Harris system.
The department must set up a “clearing” speedtype, into which Treasury will post all Harris payment activity. For most departments with only a single event going on at a time, this “clearing” speedtype could actually be their regular speedtype; in this case Treasury will make the entry for them. For departments with multiple activities going on simultaneously and who want to break out the activities into their own speedtypes, someone will have to take the daily Harris reports and create journal entries to move the funds out of the clearing speedtype into the appropriate speedtype for each activity. Even if the department uses one speedtype for everything, someone in the department will need to use the daily Harris reports to create journal entries to put any donations / gifts into the appropriate campus fund 34 gift clearing account, then send the required detail along to Treasury so we can acknowledge and process the donation / gift.
Generally, there will be no need for a cash receipt unless the department is more comfortable using that form to post PeopleSoft entries than doing it directly into PeopleSoft. The actual money from payments goes into a bank account at Wells Fargo for which Treasury is responsible to post the entries into PeopleSoft – this is why Treasury posts the department’s activity into their clearing speedtype / account code rather than letting each department do this step themselves.
Everyone who has an IMA (Internet Merchant Account) in the Harris system uses the same processing system: Harris passes the card transaction to Cybersource. Cybersource processes the transaction through to Wells Fargo Merchant Service. Wells Fargo puts the money into a CU bank account processed by Treasury. Treasury makes the PeopleSoft entries in the department’s clearing speedtype / account code to book the revenue. The department distributes the revenues, as necessary, to the various speedtype / account codes for its events.
Presuming the total varies based on the number of transactions in any given billing period, do we have a percentage range for what the fees cost… in other words, if our unit has just one transaction, let’s say, is the transaction fee 3%, 10%, or somewhere in the range of 2% to 3% of the total transaction?
There are two types of fees for credit card merchants. The first are fixed fees, such as $0.25 per transaction processed. Other fixed fees are more for exception items such as chargeback processing ($10). However, these constitute a very small part of the cost of accepting credit cards.
The second type of fee is much larger, and is variable based on the type of card a customer uses for payment. At this point there are something like 85 different ‘interchange’ rates charged based on whether the card used for payment is a Visa or MasterCard, has frequent flyer miles or not, is processed online or offline, is a credit or debit card, is a company or consumer card, and so forth. It can get overwhelming to figure this out!
However, we have seen that most merchants are offered four or five types of cards almost all the time (personal Visa, personal MasterCard, debit card, etc.) and it is the interchange rate on those four or five main categories that control their costs. For most merchants – and this would include those merchants using the Harris system – their cost usually comes in somewhere between 2.25% and 2.65% of the amount charged. For those merchants with a lot of customers who are using corporate credit cards to make payments to us (other companies’ equivalent to our Acard), their cost comes in closer to 3%. We generally advise merchants to budget around 2.5% of their revenues unless they see their actual costs come in higher (their monthly statement will give them the exact cost of their interchange).
For questions about becoming a merchant and accepting card payments, please contact:
|Treasurer's Office||University Relations|
The Treasurer’s web site has additional