With UBC’s Digital Payment Program to replace ePayment launched, all ePayment onboarding requests will be redirected to DPP

Learn more

You are here:
Home > Virtual Terminal > Requirements

Virtual Terminal Requirements

ePayment Virtual Terminal is subject to both UBC and PCI DSS polices and procedures. These polices and procedures apply to all stages and aspects of the payment process, from how the credit card information is obtained to the computer (Virtual Terminal machine) used to process the payments. Merchants must adhere to all the polices and procedures at all times.

Please note: Merchants may be asked to undergo PIA. For more information, please review: https://epayment.it.ubc.ca/news/pia-assessment-requirement

Procedural:

  • You and all other Virtual Terminal users must complete all required PCI DSS/Virtual Terminal training.
  • You and all other Virtual Terminal users must agree to ePayment Virtual Terminal Terms of Use
  • Credit card information can only be obtained via regular posted mail, paper faxes in a secure location or over the phone. Other methods such as email, voice mail, etc. are NOT permitted.
  • Data security incidents surrounding Virtual Terminal machine(s), credit card information, and so on, must be reported immediately per UBC IT’s Incident Response Plan (IRP).
  • All VT machines must be clearly labeled; stickers may be requested from ePayment support.

Security:

  • ePayment Virtual Terminal must be accessed only on Virtual Terminal machine(s).
  • No generic logins permitted on Virtual Terminal machines(s) and the actual Virtual Terminal; everyone must have their own individual login ID.
  • Sharing of Virtual Terminal machines only permitted among trained, authorized Virtual Terminal and trained, authorized non Virtual Terminal users.
  • No electronic storage or transmission of credit card information, ie no emails, digital faxes, spread sheets on a computer, voice mails, etc.
  • Credit card information must be shredded immediately after payment processing (ie you cannot store it for re-occuring payments unless approved by ePayment Support). It must be a cross-cut shredder which cuts the paper into minute pieces of about 1/4" x 1- a half" in size.
  • Paper storage may be permitted under certain circumstances. Refer to: https://epayment.it.ubc.ca/virtual-terminal/requirements/visa-stored-cre... for more information

Technical:

  • Virtual Terminals are to be procured from UBC SHHS team (contact for please cost/requirements)
  • Virtual Terminal machine(s) must be in reasonably secure locations, eg in an office, or staff only section.
  • You must be able to or have IT resources to install/setup the Virtual Terminal computer
  • You must have a FMS account for ePayment to generate JV entries.

PCI DSS

  • You must provide the IPs of each Virtual Terminal machine for vulnerability scans (both internal and external).
  • Each Virtual Terminal machine must be made available for the vulnerability scans.
  • You must provide details on how you are using ePayment Virtual Terminal. If it changes, you will need to inform ePayment Support.
  • You must provide details how you intended to obtain, store, and discard all credit card information.
  • You must comply with all audits required by ePayment Support.
  • You must inform ePayment Support of any staff changes if they are Virtual Terminal users.

A place of mind, The University of British Columbia

UBC Information Technology
6356 Agriculture Road
Vancouver, BC V6T 1Z2,

Emergency Procedures | Accessibility | Contact UBC | © Copyright The University of British Columbia