UGA Cooperative Extension Service Credit Card Machine Policy



Similar documents
Guides for County Office Fiscal Management

The University of Georgia Credit/Debit Card Processing Procedures

Credit and Debit Card Handling Policy Updated October 1, 2014

Payment Card Industry Compliance

INFORMATION SECURITY POLICY. Policy for Credit Card Acceptance to Conduct College Business

Payment Card Acceptance Administrative Policy

A8.700 TREASURY. This directive applies to all campuses of the University of Hawai i.

ACCEPTING CREDIT CARDS AND ELECTRONIC CHECKS TO CONDUCT UNIVERSITY BUSINESS

Appendix 1 Payment Card Industry Data Security Standards Program

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

Failure to follow the following procedures may subject the state to significant losses, including:

CREDIT CARD PROCESSING POLICY AND PROCEDURES

This policy applies to all GPC units that process, transmit, or handle cardholder information in a physical or electronic format.

Standards for Business Processes, Paper and Electronic Processing

How To Control Credit Card And Debit Card Payments In Wisconsin

PCI General Policy. Effective Date: August Approval: December 17, Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS:

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL

LIVINGSTON COUNTY CREDIT CARD PROCEDURES

IUP PURCHASING CARD PROGRAM PROCEDURAL GUIDELINES

POLICY SECTION 509: Electronic Financial Transaction Procedures

UTAH STATE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Dartmouth College Merchant Credit Card Policy for Managers and Supervisors

Merchant Card Processing Best Practices

DCCCD BUSINESS PROCEDURES MANUAL. Revision Log

UCSD Credit Card Processing Policy & Procedure

PURCHASE CARD POLICIES AND PROCEDURES MANUAL

SECTION 509: Payment Card and Electronic Funds Transfer (EFT) Procedures

Information Technology

Company-wide Credit Card Policy

The Science of Credit Card Processing

TERMINAL CONTROL MEASURES

Travel Card Policy and Procedure Manual

CRM4M Accounting Set Up and Miscellaneous Accounting Guide Rev. 10/17/2008 rb

WINONA STATE UNIVERSITY TRAVEL CREDIT CARD PROGRAM USERS GUIDE

MASTERCARD CREDIT CARD PROGRAM

Liberty County School District Purchasing Card Procedures

POLICY & PROCEDURE DOCUMENT NUMBER: DIVISION: Finance & Administration. TITLE: Policy & Procedures for Credit Card Merchants

Dartmouth College Merchant Credit Card Policy for Processors

CREDIT CARD MERCHANT POLICY. All campuses served by Louisiana State University (LSU) Office of Accounting Services

. Merchant Accounts are special bank accounts issued by a merchant. . Merchant Level: This classification is based on transaction volume.

1.0 Purpose. 2.0 Applicability. 3.0 References. 4.0 Attachments. 5.0 General. 5.1 Abbreviations. 5.2 Definitions. 5.3 Responsibilities. 6.

THE EVERGREEN STATE COLLEGE

Purchasing Card Procedure Manual

Merchant Account Service

Getting Started Using CC Merchant for Trams Back Office

UNL PAYMENT CARD POLICY AND PROCEDURES. Table of Contents

CREDIT CARD MERCHANT PROCEDURES. Revised 01/21/2014 Prepared by: NIU Merchant Services

FAQ s for Payment Card Processing at the University

BUSINESS SERVICES DIVISION PROCEDURES MANUAL REVISED DATE 08/13 CASH HANDLING

Date Adopted:

TOSHIBA GHOST CREDIT CARD (Toshiba Card) Frequently Asked Questions (FAQs)

Tulane Purchasing Card Policies and Procedures

Fraud Protection, You and Your Bank

2.0 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI-DSS)

UW Platteville Credit Card Handling Policy

Saint Louis University Merchant Card Processing Policy & Procedures

SECTION: SUBJECT: PCI-DSS General Guidelines and Procedures

THE ABC s of Credit Card Processing

CREDIT CARD PROCESSING & SECURITY POLICY

The purpose of Mohawk College s Purchasing Card Policy ( policy ) is to:

Purchasing Card Policy and Procedure Manual

Credit Card Handling Security Standards

University Credit Card Policies and Procedures Index

Table of Contents. 2 TouchSuite Welcome Kit

Dear Valued Merchant,

Arkansas Tech University Procurement Card (P-Card) Program Policies and Guidelines Manual

Eagle POS Procedure Guide For Epicor Bankcard Processing

Office of Finance and Treasury

Cash, Petty Cash, Change Funds, and Credit Cards

WVU FOUNDATION & UNIVERSITY PURCHASING CARD PROGRAM POLICIES & PROCEDURES. Updated October 2012

Recommendations for Improving Purchasing Card Procedures

Bursar s Office Department Cash Receipting Training for Receipt Book, Pre Numbered Tickets and Cash Register Users.

Policy Contact: Zags Travel & Expense Credit Card Administrator, Controller s Office

University of Dayton Credit / Debit Card Acceptance Policy September 1, 2009

QuickBooks Credit Card Merchant Service May 18, 2015 revised

cardholder USER GUIDE Purchasing

St. Edward s University Purchasing Card Manual. July 1, 2013

Fraud Minimisation Guide ANZ Merchant Business Solutions

University Policy Accepting Credit Cards to Conduct University Business

University of York Policy on the Management of Debit/ Credit Card Data

Transcription:

UGA Cooperative Extension Service Credit Card Machine Policy PCI compliance requires that each office have their own set of policies and procedures for handling credit cards. College wide policies reflect the minimum required policies and procedures, but each office must develop their own set of policies and procedures for compliance. Set up Process All offices wishing to accept credit card payments should seek and obtain approval from the district office. The set up process will be coordinated through the CAES Business Office and utilize the existing state contract. You will still be able to maintain your current banking institution; however, once approved by the district office, you must use the approved vendor and adhere to the attached procedures. Forms of Payment Currently Visa, Discover and MasterCard are the only credit cards that will be accepted. Identify Credit Card Processing Terminals All credit card processing terminals should be properly inventoried, listing department and location, with any changes communicated to your district office before relocation. The office must also verify that the terminal has retained the tamper sticker and is stored securely. Adequately document the information for each terminal location, which is to be provided to your district office. Adequate information includes the name and phone number of the contact person, management responsible for the terminal, and other information as required by your district office and the CAES Business Office. Securing Credit Card Processing Terminals Secure processing terminals during and after working hours to prevent unauthorized access. If it is possible to assign password and/or user identification to staff operating terminals this option must be utilized. This protects the integrity of the processing function by assigning passwords and/or user identification (ID), which can help prevent unauthorized use. Passwords and User Identification should not be shared. If exception reports are available that identify violations of password and user ID usage, they are to be reviewed by the CEC. Credit Cardholder Information 1 P a g e

Credit Card transactions should be processed when the named card holder is present and able to present the actual card for use. Obtain accurate and valid credit cardholder information (via personal contact - cardholder present) The credit cardholder information required to process transaction is: Dollar amount Photo ID Expiration date Signature Use the credit card that is presented and SWIPE the card to obtain authorization and perform the transaction. (MANUAL credit card processing costs are significantly higher than SWIPE processing costs.) Security of Cardholder s Information Credit card information should be properly secured or destroyed in a timely manner as determined by the retention schedule from the BOR Policy. Signed credit card receipts will be maintained for one year. Full credit card numbers, as well as the three digit number located on the back of the card, should never be retained for any purpose. Credit Card information or transaction reports cannot be shared, misused, or left unsecured. Violation of this policy could result in criminal prosecution. Processing of Credit Card Transactions Ensure only authorized staff process credit card transactions. Whenever possible, process credit card transactions by SWIPPING the credit card, which is the preferred method. Credit card transactions that are processed by SWIPE cost the Center as much as 60% less than the MANUAL processing fees. Work with your district office to obtain periodic transaction reports to assist management in determining the manner in how credit card transactions are being processed. Review them for trends by locations in processing methods (swipe vs. manual); and investigate for reasonableness of methods used and associated costs. Processing Credit Cards Transactions over the Phone Transactions accepted when the credit card is not presented pose a greater risk to the office by increasing the possibility of use by unauthorized individuals, and by compromising the office s position in cases of disputed charges. However, if the credit cards are taken over the phone the following additional information must be recorded: full address, full credit card number (after use, all but the last 4 numbers must be punched out), full name on the card, zip code, and notation that this transaction was taken over the phone. 2 P a g e

For additional security, have the individual eventually sign the receipt if they come to the office. Never email anything with credit card number on it. Credit card information may be faxed if and only if the fax machine is not a multi-purpose machine. Processing Credit Card Refunds/Credits Refunds will need to be processed back to the original card only. It is illegal to refund the customer through check, cash, or other means. Since full credit card numbers are not retained, the customer would either have to bring in the card or provide the number to you for manual entry into the terminal. You must pull the original sales slip to verify the amount to ensure you do not provide a credit in excess of original purchase. All refunds must be documented to include: the name of the person receiving the refund, the reason for the refund, the program or activity associated with the refund, the CEC signature of approval, and the customers signature along with a copy of the original receipt provided to the customer at the time of purchase. PCI Compliance Training UGA Cooperative Extension Services are required to complete yearly training in PCI compliance. All personnel who process credit card payments must complete this training. New employees whose job responsibilities include handling credit cards must complete PCI compliance training before handling credit cards. Proof of training must be submitted to the district office as well as the CAES fiscal compliance coordinator. Daily/Monthly Processes and Reports County offices are required to perform the following tasks daily and procure proper authorization at all required steps: END OF DAY PROCESS: Three summary reports are available on a daily basis that provides: (1) The list of each individual card transaction that comprises the daily total (Batch Report); (2) The totals by day per card type (Batch Settlement) summary; and, (3) A summary report (Batch Report Batch Inquiry). This report includes total dollars of sales, voids, and credits, with the quantity of each type of transaction. At the close of each business day or at the start of the following business day, the following close out steps must be performed: 3 P a g e

1. Print batch report. 2. Review transactions from the batch report. 3. Record transactions in daily credit card deposit record. 4. The CEC reviews and signs the daily credit card deposit record. 5. All transactions must be entered into QuickBooks Online. Maintain the credit card transaction report for audit purposes. The CEC s review is to ensure all refunds/credits are supported with adequate documentation, and have been approved. The district office should evaluate if the two additional summary reports should be reviewed to determine if they offer value as a control at the location. MONTHLY END PROCESS: 1. Each month the following steps must be performed: 2. The daily credit card deposit record is finalized for the month. 3. The bank statement is reconciled to QuickBooks Online, the monthly credit card deposit record, and receipt book. 4. Monthly reconciliation of credit card deposit record is reviewed and approved by the CEC. 5. Monthly reconciliation of credit card deposit record is sent to the District office. 6. The CEC is responsible for contacting the district office if inappropriate credit card transactions are suspected within their office. 7. In addition, the district office analyzes credit card, monthly credit card deposit record, and bank data to help identify inappropriate transactions, and will engage appropriate office personnel as needed. Documentation of Credit Card Payment Process Each county office must document how they take and process a credit card. They must state all steps from when the credit card is received from the customer to where receipts are stored in the office. 4 P a g e

Other Terminals must be connected to an analog phone line in the office. Digital phone lines are not acceptable. Individual office policies must include an incident response portion. Any unique procedures or practices must be noted in individual office policies. Only employees with a UGA background check may handle anything with credit cards. Questions or Comments Questions or comments on these guidelines can be addressed to the CAES Business Office s Fiscal Compliance Coordinator. 5 P a g e