University of Minnesota  Procedure

Closing Payment Card Accounts

Sidebar

Expand all

Sidebar

Table of Contents

TOC placeholder

Questions?

Please use the contact section in the governing policy.

Introduction

Managing a payment card account and protecting cardholder data requires a significant commitment of staff time and funding. Many times monthly fees are assessed to keep an account open. When an account is no longer needed, it should be closed in order to free these resources to be reinvested in the department’s mission.

Payment card accounts must be closed in a manner that maintains the security and integrity of both hardcopy and electronic cardholder data.

Closing Payment Card Accounts

  1. Payment Card Manager completes UM 1609 Payment Card Account Form (DOCX) and sends to Accounts Receivable Services at [email protected].
  2. Accounts Receivable Services will notify the department of any additional steps that need to be taken to close the account. Steps to complete may include some or all of the following:
    1. Payment Card Manager and department IT staff work with University Information Security (UIS) to verify that all electronic media (servers, desktops, hard drives, backups, CD’s, etc.) have been securely cleaned of all cardholder data. Payment Card Manager works with department IT staff to ensure that payment application software is uninstalled. Simply deleting the program may not meet PCI DSS guidelines. See Administrative Appendix: Media Sanitization Standard.
    2. Payment Card Manager returns all rented equipment to the acquiring bank. The bank will send out a call tag to the merchant if the processing equipment is rented. Box up the equipment, attach the call tag and arrange for pickup by a secure courier. Charges for the monthly rent amount will continue until the bank receives the rented equipment back.
    3. Payment Card Manager terminates all 3rd party vendor or service provider contracts. Contact Purchasing Services for additional information on managing contracts.
    4. Payment Card Manager ensures that all hardcopies containing cardholder data are destroyed according to University data retention policy. See Administrative Policy: Managing University Records and Information.
    5. Payment Card Manager works with Accounts Receivable Services to securely dispose of all purchased equipment such as payment card terminals.
  3. Accounts Receivable Services will work with the University’s acquiring bank to close the account. Accounts are closed once the payment card companies and acquiring bank determine there is no outstanding activity. The Payment Card Manager is notified when the account is officially closed, this can take a significant amount of time.