Skip to content

    Pages for:

  • Faculty
  • Staff
  • Students
Cornell University
Cornell University
Office of the Treasurer
  • About
    • Contact
    • Events
    • News
  • Cash Management
    • Processing International Funds
      • Int’l Currency Conversion
      • International Exchange Rates
    • Processing Credit Cards
      • Getting Started
        • Rules and Requirements
        • Setting Up a New Merchant ID
        • Changing Your Merchant Setup
        • Reporting Tools
      • Credit Card Processing Fees
      • Credit Card Support, Guides and Forms
    • Processing Cash and Checks
      • Armored Car Service
      • Cash Deposits
      • Lockbox Processing
      • Remote Deposit Capture
      • Spotting Counterfeit Currency
      • Spotting Forged Checks
    • Processing Wires and ACH Payments
    • Paying Vendors by Wire, ACH, or Draft
    • Unidentified Receipts
    • Policies and Training
    • Forms
  • Debt
    • Investor Relations
      • CU Debt Rating
      • Green Bonds
    • Internal Debt
      • Internal Borrowing Guidelines
      • Notice of Intent to Borrow for Capital Project
      • Internal Borrowing Rate
    • Private Use Compliance
      • Private Use Policy and Guidelines
      • Private Use Template: Cornell Staff Resource
      • Buildings Funded with Tax-Exempt Debt
  • forms
  • CU policies
  • training
  • KFS Support
  • e-SHOP

In this section

  • Processing International Funds
    • Int’l Currency Conversion
    • International Exchange Rates
  • Processing Credit Cards
    • Getting Started
      • Rules and Requirements
      • Setting Up a New Merchant ID
      • Changing Your Merchant Setup
      • Reporting Tools
    • Credit Card Processing Fees
    • Credit Card Support, Guides and Forms
  • Processing Cash and Checks
    • Armored Car Service
    • Cash Deposits
    • Lockbox Processing
    • Remote Deposit Capture
    • Spotting Counterfeit Currency
    • Spotting Forged Checks
  • Processing Wires and ACH Payments
  • Paying Vendors by Wire, ACH, or Draft
  • Unidentified Receipts
  • Policies and Training
  • Forms

Rules and Requirements

Questions about credit card equipment, reconciliations, etc.? Contact Cornell Credit Card Payment Processing.

Questions about PCI compliance? Contact PCI Help.

Departments accepting credit cards are required to create and maintain business processes and technical documentation for credit card processing. To ensure business continuity, the unit should have multiple people who know how to process credit cards. Every department that takes credit cards must keep its PCI compliance program documentation readily available, outlining steps for credit card processing.

Units must meet and maintain Payment Card Industry PCI) Compliance standards.

Rules for Accepting Cardholder Data

For information about getting set up to accept credit cards, see Getting Started.

Questions? Contact the Cornell Credit Card Payment Processing team.

The following rules are applicable to Ithaca, Geneva, and at Cornell Tech locations, where Cornell University is the Merchant of Record.

Cardholder data (CHD) is any information associated with a payment card, including the primary account number, cardholder name, expiration date, service code, etc.

Merchants at Cornell (the unit or department that accepts credit cards as a payment method) must only accept credit cards using one of the acceptable data collection methods below.

For more definitions and information about credit card processing, see our PCI Compliance Glossary and University Policy 3.17, Accepting Credit Cards to Conduct University Business.

Acceptable Data Collection Methods

In person

Cornell only accepts in-person payments through EMV-enabled and point-to-point encrypted devices. EMV-enabled devices are those that use Europay, Mastercard, and Visa security standards. These devices should also accept NFC-enabled cards or electronic payment methods like Apple Pay, Google Pay, and Samsung Pay.

Online (eCommerce)

Outsource payment processing completely. This keeps you PCI compliant and avoids quarterly vulnerability scans. Use a third-party processor like a shopping cart or gateway. Customers will enter some data on an external site and then go to the payment page to complete their payment.

If a third-party processor won’t work for your area, like when the merchant uses a CardConnect hosted payment page, send the link to the customer. You can share it by email, text, or print it on an invoice or another document.

Don't put direct links to payment pages on any Cornell website. This includes using embedded links or iFrames. A payment page contains fields for CHD entry. Any Cornell website with a direct link to a payment page or an iFrame view must undergo quarterly vulnerability scans.

One-Time-Use Credit Card Payments

One-time-use credit cards, also known as virtual or disposable credit cards, do not hold sensitive cardholder data (CHD). This means merchants can receive these card numbers via email and they should process the data promptly.

Prohibited Data Collection Methods

Cornell prohibits collecting cardholder data by these methods because they do not meet security compliance standards.

By postal or campus mail or fax: Open to theft and prone to error when manually entered.

By phone: Cornell uses RingCentral for its phone system. This system uses VoIP technology. It converts your voice into digital data packets and insecurely transmits cardholder data over the internet. If you must use a phone, use PCI Pal for calls above 10 per month. If you have fewer calls, redirect callers to an eCommerce solution or use flip phones with no Wi-Fi. For information about getting a flip phone, visit the Cell Phones page on the Procurement website.

By email: If a customer sends cardholder data, permanently delete the email and tell the customer to use an acceptable payment channel.

Office of the Treasurer

260 Day Hall
Ithaca, NY 14853

CONTACT US

Email:  treasurer@cornell.edu
Wires/Payments: cashmanagement@cornell.edu
Hours: 8:00 a.m. - 5:00 p.m., Monday - Friday

  • DFS Home
  • CUInfo
  • Executive Vice President and CFO
  • University Audit Office
  • Office of University Investments
  • Division of Budget and Planning
  • Risk Management and Insurance
  • Cornell University Policy Office
  • Alliance for Diversity and Inclusion
  • Cornell United Way
  • Campus Alerts
  • COVID-19 Etiquette for Faculty and Staff

©2025 Cornell University

Web Accessibility Assistance