Merchant Services

To accept payment cards from customers, departments at The Ohio State University need to set up a merchant account through the Treasurer's Office. This process can take up to 15 business days. Please complete this online form. You may need information from your fiscal and/or IT resources to complete the form.

You need separate merchant accounts for physical (in-person) and online sales. You will need to fill out the form separately for each method.

If you need to order additional credit card terminals, you do not need to fill out this form. Please see our page on ordering supplies.

Please contact merchant@osu.edu with any questions about this process or accepting credit cards in general.

Pre-Approved Methods

There are two pre-approved methods for accepting payment cards:

1. Credit card terminals purchased through the Treasurer's office are used to process in-person transactions. In limited instances, they can also be used to process payments via mail or telephone, but these methods require additional guidance.
2. Pre-approved online payment processors offer standalone or integrated options for accepting payments online. 

Other methods must be reviewed and approved by Ohio State's PCI Committee and/or external PCI compliance auditor. Departments that want to use a point-of-sale software system or other process must contact Ohio State Merchant Services for assistance. 

PCI Compliance

The payment card industry established a group (the PCI Council) to standardize requirements for handling payment card data and processing payment card transactions. Merchants, including university departments, are required to comply with these standards. For more information, please refer to the university's Payment Card Compliance Policy or contact Ohio State Merchant Services. 

Two Steps of a Transaction

• Authorizing the charge – when a merchant accepts a customer’s payment card, swiping the card is a request to our processor to determine if the card can be charged. 
• Settlement or “Batching out” – at the end of the business day, a merchant will settle the authorized transactions. This process is called batching out. The transactions are sent in a batch to the processor who will request customers’ charges be sent to our OSU bank account.

Auto Journal Posting

The Treasurer’s Office will establish an automatic journal process for payment card deposits and fees. For each merchant account, departments can specify a revenue chartfield (worktag in Workday) for deposits and an expense chartfield (worktag) for fees.

Reconcilation

Departments must reconcile their accounts no less than monthly, although we recommend more frequent reconciliation for deposits. Merchant transactions must be reconciled to Ohio State’s bank account using the General Ledger and your merchant statements. Monthly statements are provided by email.

Policy

Refer to Payment Card Compliance Policy and the PCI Requirements document for complete details. 

Contact Ohio State Merchant Services to discuss pre-approved options for online payment processing.

• Nelnet Storefront is a traditional online shopping experience. Users can browse products with listing images, add them to a shopping cart and check out. A Storefront can also be used for basic event registrations. Storefront offers the most flexibility in customizing the look and branding experience.
  
  A Storefront implementation is an 8-12 week process involving a Nelnet project manager. We currently have a waiting list for Storefront implementations.
• Nelnet Commerce Manager is a simple but flexible option for accepting payments online.
  
  As a payment gateway, an existing application or website can redirect to Commerce Manager to securely process credit card transactions. We can also assist with integrating payments through a Qualtrics survey.
  
  Commerce Manager can also be set up as a standalone site to sell simple individual items (e.g. a ticket to a fundraising dinner) or to collect customer information (order number, invoice number, etc.) and accept payment in an amount entered by the customer. We can also provide a tool to create customized payment links or QR codes to expand the possibilities for online payments.
• Cvent is an event management platform. They provide advanced reporting and additional services specifically for conferences or events (badge printing, on-site registration, etc.). They can create a website for your event and accept registration payments through the website.
• Cybersource is an existing online payment gateway. Most business units currently using Cybersource will be transitioned to a Nelnet solution. Cybersource accounts should only be created after consultation with Ohio State Merchant Services.

If technical limitations prevent you from using a pre-approved option, then the service provider, the product selected, and the implementation must meet the following requirements:        

• PCI compliant – The service provider must be certified as a Level 1 service provider under PCI-DSS. You can search a list of service providers here.
• Contract addendum– The service provider must sign a contract addendum accepting responsibility for our customers’ payment card data per PCI regulation 12.8.2.    
• Restrict local data – The service provider must accept payments using an iframe or redirect, not an API. This limits the PCI data security requirements that university merchants must meet as no cardholder data is handled by university personnel and no cardholder data is on the Ohio State network.  

With any online service, customers must enter their own payment information. Ohio State personnel must not have access to cardholder data and must not enter it on behalf of the customer.

Policy and Requirements document

Refer to Payment Card Compliance Policy and the PCI Requirements document for complete details.

There are fees for processing payment cards. Fees are charged by the card brands, by our payment card processor, and by online payment gateways.

• Fees charged by the card brands: Visa, MasterCard, American Express and Discover charge fees based on the type of card presented and the type of transaction (e.g. in person or online). Generally, the rate will be lower for debit card transactions and basic consumer credit card transactions and higher for corporate and signature/preferred rewards cards. 
• Transaction processing fees: Our processor charges a transaction fee to authorize and settle payment card transactions with our bank.
• Gateway fees: Online payment gateways generally charge an initial setup fee along with a fee per transaction.
• PCI Admin fee: There are a number of costs related to our annual PCI compliance attestation and other services that are paid centrally. In 2020, our office began charging a fee to recover these costs.
   

  Average transaction amount	Fee per transaction
  < $5.00	$0.07
  $5.00 - $10.00	$0.09
  > $10.00	$0.10

Because fees are variable, we recommend using 2.5% of credit card sales for budget purposes.

BuckID merchant accounts are managed by the BuckID office. Please visit buckid.osu.edu for more information.

Ohio State departments that would like to purchase payment card terminals may select from the pre-approved options below:

• FD150 (connects via dial-up or Ethernet): $599 one-time purchase
  • RP10 PIN pad (optional): enables customers to complete transactions on the FD150 without handing over their card and enables debit PIN transactions; $250 one-time purchase 
• Clover Flex (connects via WiFi or AT&T 4G cellular): $775 one-time purchase
  • No additional fee for WiFi connection
  • $25/month fee for cellular connection
• Additional approved options that include features such as integrated cash drawers and networked printers are also available from Clover. Please contact us for more information.

To order terminals, the Merchant Manager must email the following information to merchant@osu.edu:

• Merchant name and number (12-digit number)
• Model number and quantity of terminals to order
• Shipping address for the terminals

Policy and Requirements

Refer to Payment Card Compliance Policy and Payment Card Requirements document for complete details. 

• Terminal Inspection Form

The Ohio State Information Security Control Requirements (ISCR) require devices with S4 (Restricted) institutional data to be destroyed or shredded by an approved vendor.  Please contact one of the vendors listed below to properly destroy your old payment card terminal.

Royal Document Destruction - 614-751-9731
Shred It - 614-231-7470