CREDIT CARDS AT UVA Tim Sigmon Sandy Bryant Deborah Mills January 11, 2001

BACKGROUND Needed to accept credit cards for a variety of services –Donations –Admissions fees –Continuing Education –Conference & event fees –many others

BACKGROUND Partnered with the University Comptroller –Accounting issues –Credit card balancing issues –Procedures for approving credit card usage for the service

BACKGROUND Decisions for Phase I –Credit cards for services only; no goods –Did not want to store credit card numbers on university machines –ITC provides the credit card infrastructure –Departments develop or contract for development of the “storefront” and the backend processing

PILOT Examined options for the acquiring financial institution (Cybercash, Signio, SurePay, …) Selected SurePay ITC developed the infrastructure ITC developed the “storefront” and the backend processing for the pilot Long-term the ITC Business Services group will customize a template for the “storefront” & backend for a fee

PILOT Architecture –Java servlets and JSPs –SurePay Java SDK; transactions in XML –Tomcat – v.3.1 –Apache – v with SSL –Locally written software – straightforward & available –Hardware – Sun Ultra 10, 440 MHz, 512 MB, mirrored 9GB drive –Identical warm spare – moveable disk array

1.The department gathers the contact and purchasing data… Name: Item Cost Quantity 1 $ $15.00 John Doe Calculate Total 10 3 Departmental Web Server HTTP

Credit Card Gateway 2.Computes the total and returns a confirmation screen with hidden fields specifying the Credit Card Gateway Please Confirm! $ $45.00 Total: $ Yes Departmental Web Server HTTP Page Source Name Total John Doe $145.00

Credit Card Gateway 3.The Credit Card Gateway returns a form requesting Credit Card number… Credit Card Type CC Number: Total: $ Submit HTTP SSL VISA ********

Credit Card Gateway 4.The Credit Card Gateway returns a screen confirming the request was received and simultaneously passes the information to the Credit Card Authorizer Thanks! Your submission has been received. Return to Department HTTP SSL SurePay Server

Credit Card Gateway 5.The Credit Card Authorizer sends authorization status to Gateway. Gateway passes status (via , http, etc.) to department HTTP or SSL SurePay Server Departmental Web Server Authorize or Decline

6.Department contacts individual (via , phone, etc.) with status of credit card transaction. Departmental Web Server Your VISA card has been authorized for $ You are now enrolled in … Thank you Name Total Status John Doe $ Authorized

Web Manager SurePay Server John Doe $ Authorized Monies moved into account = 7.Department then uses the Credit Card Authorizer’s web management system to record business activity to later compare with bank’s account statements.

PILOT USERS Areas using the credit card gateway or interested in using it –Continuing Education –International Health –Casenex (a distance learning environment) –Development (i.e., fund raising) –Cavalier Advantage Card –Parking and Transportation –Transcripts –Box Office type transactions

ISSUES TO CONSIDER Understand the fee structure of the acquiring financial institution and negotiate (!) Work with your finance area on procedures for setting up merchant IDs and institutional procedures Audit approval Understand address verification (AVS) and how/where you will/will not use this Fraud prevention capabilities don’t make a lot of sense for long term services

ISSUES TO CONSIDER Work with the finance area on the web interface for transactions and settling Learning curve for departments – setting up their site and processing credit cards Asynchronous confirmation for customers on the results of the charge –Most large sites do this –Departments deal with the acceptance/rejection of transactions differently

ISSUES TO CONSIDER Asynchronous confirmation for customers on the results of the charge –Big sites do this –Accepting/rejecting the transactions dealt with differently by departments