- Mission, Vision & Values
- Staff Directory
- Business Centers
Point of Sale (POS) marks the location of the transaction. The customer will come to your place of business in person to make a purchase. The customer’s credit card will be physically swiped or dipped into a terminal. An example of this type of transaction is making a purchase in person at a retail store and checking out using your credit card. Please note a percentage of point of sale transactions can be accepted over the phone or by mail order. Due to data security issues, mail order transactions are discouraged.
Two types of terminals are in use at OSU. The primary type of terminal relies on an analog dial up phone-line. The second type of terminal connects via a cellular wireless connection.
The dial up POS terminal relies on a dial up phone line to make transactions. The merchant is responsible for having the phone line setup by Telecom before it can be used. In rare cases, ethernet connections are allowed in special circumstances, where dial up is not an option. If your merchant will use an analog dial-up phone line, order the Verifone VX520 terminal.
The cellular wireless terminal is optimal for businesses that need to move the payment location around, for example for special events. It makes its transactions through a cellular connection and functions everywhere with enough cellphone service. The terminal is more expensive compared to its dial up alternative and it charges a monthly fee. If your merchant will use a cellular wireless connection, order the Ingenico iWL250G with Comm Base terminal.
For more detailed information on terminal options and pricing please refer to the Terminal & Software Pricing document.
The next step of the process is to fill out section A and B of the New Merchant Credit Card Processing Application (MID Application).
From the date the New Merchant Credit Card Processing Application is submitted, it will be 4-6 weeks until payments can be taken from customers. Below you can see the steps the application has to go through before you can start to take payments.
If an analog dial-up phone jack will need to be installed, work with Telecom so the jack is in place and operational when the POS terminal arrives.
Please review the Oregon State Treasury Best Practices Training Presentation. This document gives you a good understanding about accepting credit cards and what to look out for.
Develop policies and procedures for credit card acceptance, using the PCI DSS Questions and Expected Testing in SAQ B. These policies and procedures will be submitted as evidence with your yearly PCI DSS SAQ document.
If any cardholder data will be written down, purchase a cross-cut or micro-cut shredder for disposal of cardholder data. A locked shredding bin is not sufficient. If you are unsure what to purchase, here is a suggestion.
Once you are doing business with the POS Terminal you are responsible to continuously assess your operations and fix any vulnerability which could potentially cause a credit card data breach. This is part of the PCI compliance requirements.
The list of PCI DSS SAQ B requirements can be found in the SAQ document (for dial-up and cellular wireless SAQ B, for ethernet connection SAQ B-IP). You are responsible for on-going compliance with all of these requirements. Some of these requirements are:
For more information on what you have to do throughout the year to stay PCI compliant please visit the PCI Compliance for OSU Credit Card Merchants website.
Q1. Who answers questions about your Point of Sale transactions (products, orders, payments, credit card transactions, refunds)?
Q2. Who makes the merchant’s deposits?
Q3. Will there be potential downtimes?