Existing Merchants


Last year, more than eighty University of Pittsburgh merchants processed over 20,000 credit card transactions, generating close to $60 million dollars in revenue. Due to our processing volume, the credit card industry views the University as a Level 3 Merchant. As a result, we are required to perform a yearly PCI validation.

The University has approved the acceptance of multiple credit card types for payment of departmental sales or services. The approved credit card types are MasterCard, Visa, Discover Card, and American Express. Your department may choose to accept any or all of these card types.

PCI Training

PCI TrainingAll University employees handling payment cards or related data are required to complete PCI Data Security training as part of the University’s overall Information Security Awareness Training program. Computing Services and Systems Development (CSSD) provides the training shown below. Departments that currently offer an approved alternative to any of the University training should contact CSSD to determine what additional training may be required.

Merchant Resources

Merchant ResourcesTo demonstrate the University’s ongoing commitment to compliance with PCI DSS and other related payment card standards and to highlight existing policies and guidance relevant to this topic, the following policy and guidance documents were issued. The E-Business Resource Group (EBRG) serves as a resource to the University community that provides guidance on PCI DSS related matters. 

Financial Information

financial informationThis section provides an overview of the transaction flow for credit card payments and information for existing Pitt Merchants that includes resources for online statements, information on requesting and returning equipment, terminal user guides, and reconcilement responsibilities, as well as details on chargebacks, inquiries, and monthly reconciliations. 

PCI Risk Management

PCI Risk ManagementUniversity of Pittsburgh Merchants must follow the Payment Card Industry Data Security Standards (PCI DSS) to manage risk and protect our business and client information.