Becoming a Merchant

 Step 1 - Proposal Submission

Proposals that require the collection of payment card information must be sent to George Cerminara at The Proposal to Accept Payment Cards is designed to outline the business activity involved, outline the card processing method to be used and show approval by the responsibility center head.

Select a Process – your proposal must reflect the card processing method that best suits your business activity model.

  • E-Commerce – extend your business model through the internet.
  • Card Present/Mail Order Telephone (MOTO) activities.
  • Virtual Terminal – entering card data directly through a payment gateway.

PLEASE NOTE - If your Pitt Merchant solution includes a supplier agreement where the University will receive from and pay invoices to the supplier, you must add the supplier to the University's supplier file by completing and processing a Supplier Verification Form which is located towards the bottom of the Panther Buy Forms page. There is also a detailed instructions link available on that page for completing the Supplier Verification Form. The EBRG process does not include adding a supplier to the University’s supplier file; it is a separate process.


 Step 2 - Internal Review

Once a complete proposal has been received, the proposal will be forwarded to all members within the EBRG for review. In addition, the EBRG may share the proposal with other areas as appropriate. These other areas either provide additional support to the process or are responsible for safe guarding customer information.  Further, any contracts or purchased services that are involved for the project must be vetted by Purchasing Services and the Office of General Counsel, and must contain language regarding the vendor’s compliance with PCI DSS.

 Step 3 - Responsibilities and Fees

As a University of Pittsburgh Card Merchant, you will be responsible for adhering to all applicable University policies, payment card industry requirements as well as Federal and Pennsylvania state laws.  Links to various resources to help you understand your responsibilities can be found in the Resources section of this website.

The fees associated with accepting payment cards include may include such fees as are shown below.  Details about the fees related to your specific proposal can be obtained from Emily Gavin in the University’s Office of Finance at

  • Set-up fees
  • Equipment rental
  • Merchant services transaction fee
  • Interchange
  • Chargeback fees

 Step 4 - Security and Risk Assessment

The EBRG reviews each proposal for potential risks inherent in implementing an e-business initiative. The EBRG will identify any risks during the review and provide recommendations for mitigating those risks.  The EBRG’s primary goal is to identify the security of any business initiative.  While we will review and comment on any associated business risk, the business aspect of any proposal remains the responsibility of the Department.

The University through its E-Business Resource Group (EBRG) considers safeguarding customer information a critical component of all initiatives that accept payment cards.  To assist merchant locations in implementing a secure payment solution, the EBRG has established a comprehensive list of guidelines and a security review process meant to supplement common security practices, as well as existing University policies and procedures related to computer usage and information security.  These guidelines are also intended to promote compliance with relevant federal and state regulations, in addition to payment card industry requirements.

All proposals must comply with the requirements outlined in the various documents below;

Any proposed vendor(s) or third party payment service providers will be required to complete a University of Pittsburgh Security Assessment Questionnaire.  Further, any contracts or purchased services that are involved for the project must be vetted by Purchasing Services and the Office of General Counsel, and must contain language regarding the vendor’s compliance with PCI DSS.

Please note that while the EBRG will assist departments with assessing their project’s security and make recommendations, each department is ultimately responsible for ensuring the security of their payment solutions.

 Step 5 - Approval

Once all of the EBRG’s concerns have been addressed, the EBRG representative will communicate approval to the unit originating the proposal. The unit must then contact the Office of Finance to establish a merchant account.  Once the project is approved and a merchant account application signed by the originating unit’s responsibility center head is received, the Office of Finance will contact the University’s merchant bank to establish the merchant account.  The process of opening a merchant account can take as long as 10 business days to complete.

Allow 8 to 12 weeks to complete the overall approval process.  Note that the process can be shortened by using payment solutions, software or equipment that has been pre-approved.

Copyright © | Pitt IT | Legal