Learn how to be compliant with UB policies and the payment card industry. Accept credit, debit and electronic payments from customers, in-person and for services over the web. Learn how to ensure secure transactions and locate the forms to use.
You must have an approved rate on file before collecting revenue, whether it is via ACH, wire transfer, UB Marketplace or in person. Read more about Developing and Managing Fees.
UB departments can accept payments by ACH (electronic checks) or wire transfer for financial transactions.
When expecting an ACH or wire transfer you must send details to the appropriate contact, including the exact dollar amount expected and the account to post to. This ensures the funding is properly identified and applied to the account, without delays.
Find detailed State ACH and wire transfer information (password required):
Erin Guiffrida
IFR, Revenue Accounting and Treasury Management
Financial Management
Phone: 716-645-2601
Email: erinhunt@buffalo.edu
UB Marketplace is a third-party e-commerce solution allowing UB departments to accept payments via credit card, debit card and ACH (electronic checks) for products and services other than academic fees and tuition. Departments can use the forms and follow the steps on this page to set up new products, manage existing products, or submit requests regarding GL Codes (State only), user access, refunds and discount codes.
For UB Marketplace users who have registered and been granted vendor or store admin access, follow the UB Marketplace Setup Procedures to set up your product in UB Marketplace.
The UB Marketplace Orders page provides real-time information regarding payments made via UB Marketplace. You can review individual payments comprising daily or summarized fee deposits for a day or a range of dates.
If your department decides to receive the data electronically, then it is responsible for providing the additional programming required, including any integrations needed for the application.
All products in the UB Marketplace must contain an approved image.
Erin Guiffrida
IFR, Revenue Accounting and Treasury Management
Financial Management
Phone: 716-645-2601
Email: ubs-marketplace@buffalo.edu
Leah Kerr
IFR, Revenue Accounting and Treasury Management
Financial Management
Phone: 716-645-0232
Email: ubs-marketplace@buffalo.edu
UB takes credit card information security very seriously. It is your responsibility to know the security policies and procedures. Our experts are also available to help you to ensure the security of your credit card payments.
Credit card accepters have been added to our PCI Compliance list and are contacted annually by email to complete any necessary training and the annual PCI Compliance questionnaire for your department.
Lance Mahalic
IFR, Revenue Accounting and Treasury Management
Financial Management
Phone: 716-645-2626
Email: lmahalic@buffalo.edu
Tricia Canty
Internal Control Coordinator
Policy, Compliance and Internal Controls
Phone: 716-645-2639
Email: tscanty@buffalo.edu
Not applicable for Research Foundation accounts.
No, only those who process and handle customer payment card information are required to take the yearly PCI data security course. However, if you are interested in taking the course anyone is welcome to participate.
If you electronically store card holder data post authorization or if your processing systems have any Internet connectivity, a quarterly scan by a PCI SSC Approved Scanning Vendor (ASV) is required.
Yes. Merely using a third-party company does not exclude a company from PCI compliance. It may cut down on their risk exposure and consequently reduce the effort to validate compliance. However, it does not mean they can ignore PCI.
The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream until it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees.
Card holder data is any personally identifiable data associated with a card holder. This could be an account number, expiration date, name, address, social security number, etc.. All personally identifiable information associated with the card holder that is stored, processed, or transmitted is also considered card holder data.
PCI applies to all organizations (departments) or merchants, regardless of size or number of transactions, that accept, transmit or store any card holder data. Said another way, if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply.