308.7 – University of North Carolina at Chapel Hill Procedure on The University's Payment Gateway



The University of North Carolina at Chapel Hill is using TouchNet's hosting service. TouchNet will run, manage and maintain our licensed TouchNet software in their Data Center. TouchNet certifies that its Data Center meets the stringent requirements of Payment Card Industry Data Security Standard (PCI DSS). No credit card data interacts with the University's systems greatly reducing the risk of a security breach attributable to University actions.

TouchNet is the University's payment gateway and is required to be used for all online credit card transactions. To apply for an exception, email CERTIFI at certifi@unc.edu.

Scope of Applicability

This procedure applies to any official or administrator with responsibilities for managing university payment card transactions and those employees entrusted with handling payment cards and payment card information.


A user will access the merchant's university web application and will be transferred to TouchNet's Marketplace uPay site when it comes time to pay for a service. Each merchant will have a defined site, called uPay, where the payment card information will be entered. Then the TouchNet Payment Gateway will process the payment from our customers sending the payment data to our credit card processor. The Payment Gateway stores the payment transaction information in a database tokenized encrypted data files.

The TouchNet Payment Gateway sends all required data to our processor for both the authorization and settlement. Settlement occurs every evening starting at 10:00 PM. The Payment Gateway will run an automatic, daily batch settlement at the specified time that we defined in the merchant set up.

In the Payment Gateway Operations Center, you can review payment data in searchable reports. At login, every Operation Center user sees only the Merchant accounts, tasks and reports for his/her access rights. A user's role may include rights to view reports, configure the Payment Gateway, set up Operation Center users, set up merchant and host accounts, process credit or complete single authorizations.

User Roles and Responsibilities
User Roles Responsibilities
Accountant Review credit card merchant reports based on assigned merchant access
Cashier Can process credits and single authorizations

How uPay Works

The uPay features of Marketplace allow you to configure online payment pages that you can connect to existing campus web applications. You can customize your uPay site for handling specific transactions. uPay sites focuses only on the payment pages. Your product pages are created in your campus application external to the uPay site. The web application then calls the uPay site when it is time for a payment to be accepted. The uPay site can pass information back to the campus web application regarding the status of the transaction. The ITS Business Analyst from Enterprise Applications will work with each Merchant to develop the uPay site(s).

For any technical questions or to establish your uPay site and user access after your merchant account or a change to your merchant account has been approved, contact Enterprise Applications through certifi@unc.edu.

Related Requirements

External Regulations and Consequences

University Policies, Standards, and Procedures

Contact Information

Primary Contact
Subject Contact Telephone E-Mail
General Questions and PCI Compliance Merchant Services 919-843-0420 certifi@unc.edu
Deposits and Reconciliation Cashier's Office 919-962-5846 deposits@unc.edu
Data Security ITS - Information Security 919-962-4357 security@unc.edu or certifi@unc.edu
TouchNet Connection TouchNet Administrator 919-445-9319 certifi@unc.edu
100% helpful - 1 review
Print Article


Article ID: 131505
Thu 4/8/21 9:10 PM
Wed 3/15/23 9:06 PM
Responsible Unit
School, Department, or other organizational unit issuing this document.
Finance and Budget
Issuing Officer
Name of the document Issuing Officer. This is the individual whose organizational authority covers the policy scope and who is primarily responsible for the policy.
Issuing Officer Title
Title of the person who is primarily responsible for issuing this policy.
Cash Manager
Next Review
Date on which the next document review is due.
09/02/2021 12:00 AM
Last Review
Date on which the most recent document review was completed.
09/02/2020 10:12 AM
Last Revised
Date on which the most recent changes to this document were approved.
09/02/2020 10:12 AM
Effective Date
If the date on which this document became/becomes enforceable differs from the Origination or Last Revision, this attribute reflects the date on which it is/was enforcable.
09/02/2020 10:12 AM
Date on which the original version of this document was first made official.
07/01/2006 12:00 AM