Select Page

The Institution’s PCI-Compliant Guide to Setting Up a New Merchant Account

Arrow Payments

The Institution’s PCI-Compliant Guide to Setting Up a New Merchant Account

As emerging payment methods continue to rise in popularity – including at colleges and universities – it can be important to revisit the basics. Understanding how to set up a new merchant account is key for institutions that accept payment cards. 

A merchant account is a necessary and special business bank account that makes it possible for institutions to accept and process debit and credit card payments. Setting up this account, however, is a little more involved than setting up a regular bank account. Remaining PCI compliant should take center stage for any departments considering accepting payment cards. 

How to Begin Setting Up a New Merchant

We recommend implementing “Step 0”, which includes establishing a policy that includes a thorough review for any department considering accepting payment cards. This is critical for universities to remain PCI compliant while offering additional payment options to students, staff, and parents. Prior to setting up a new merchant account, the requesting department should review all PCI compliance requirements and verify that they can fulfill them. 

The next step is to complete an application for a new merchant account. You will need to have locations and contact information on hand. You’ll also need to include more in-depth details, including: 

  • Description of proposed payment activity
  • Staff members who will be managing payment card information
  • Description of the types of payment processing (in-person, mobile, online, etc.)
  • An estimate of transaction volume and frequency expected from the department/merchant

​PCI at the Center

Ideally, your institution’s PCI team sits at the center of all processes regarding new merchant accounts. The requesting department should get approval from the PCI team and any vendors involved in PCI compliance before signing any third-party contracts for new merchant account services or software. 

Given the onslaught of cyberattacks against colleges and universities, the department requesting a merchant account should identify all security vulnerabilities and compliance risks before getting in the weeds with a new merchant account and additional payment solutions. The benefits to this are two-fold: the department can deploy new payment solutions with complete confidence that all risks have been identified and resolved, and the university as a whole can identify and escalate any larger, unknown security risks that may be uncovered during this phase. 

​Beyond the PCI team, there are likely other departments that should be involved in approving and assisting with new merchant accounts. Be sure to check in with the finance team, who may manage banking relationships. The IT department will likely also play a role in new merchant account setup, which may vary depending on the type of new payment methods requested. While each department will have a unique role in the process, all teams should collaborate to make sure all boxes are checked. 

New Merchant Account Final Steps

Once the initial reviews are complete and all necessary departments have been consulted, there are a few remaining steps. Payment processing solutions are an important consideration. In many cases, your institution has an approved list of vendors, software, and hardware for consideration. Be sure to confirm which solutions are approved for use. 

Before a new merchant can begin accepting payments, it’s also important to compile the necessary documentation. Many of these items are things that will need to be updated and maintained over time. Consider the following: 

  • Payment card data flow diagram
  • Merchant and device inventory
  • Payment card processing equipment inspection logs
  • Payment card security and incident response procedures
  • Point of sale equipment documentation
  • Point of contact information for everyone who handles payment card data
  • Training documentation 
  • Payment Card Security Policy documentation (signed copies verifying that stuff understands policy)
  • ​Third-party vendor compliance reviews

Documenting and understanding your institution’s policies and procedures around new merchant account opening can ensure the process goes smoothly – and that the department remains compliant from start to finish.

For more information about how we can help you set up new merchant accounts, contact us today

Thought Leadership

Recent Insights

Check out the latest trends and reports from Arrow Payments.

The Evolution of Higher Education Cyber Attacks

The Evolution of Higher Education Cyber Attacks

Higher education faces unique challenges when it comes to cybersecurity. Data breaches and ransomware attacks continue to plague colleges and universities, though most have taken steps to combat these threats. Even so, a recent report by cybersecurity company...

Guarding Against Payments Fraud

Guarding Against Payments Fraud

Payments fraud is a serious and ongoing challenge for treasury practitioners, requiring an increasing amount of vigilance and foresight. According to the 2023 AFP Payments Fraud and Control Survey, 65% of organizations reported being victims of payments fraud in 2022,...

Cultivating Emotional Intelligence in Leadership

Cultivating Emotional Intelligence in Leadership

We’ve discussed how emotional intelligence (EQ) makes you better at business. We’ve even talked about how EQ and payments are tied together. This article explores why EQ is crucial for leaders to possess. Yes, technical skills and a strategic mindset are valuable...

Gain Visibility into Your Higher Education Payment Systems

Find out what’s happening in every department and start building solutions that address fundamental needs.

Start My Discovery