|
|
|
|
|
|
|
|
Policy and Procedure ManualChapter 330, Financial Management and Services Responsible Department: Accounting
and Financial Services Exhibit A: Responsibilities and
Guidelines for Retail Merchants This section outlines policy and procedure pertaining to the authorization granted to University units and affiliates to accept credit and debit cards as a form of payment for services performed or for merchandise sold by such activities. Merchants are subject to this policy and the guidelines in the appropriate exhibit. A. Acquiring bank--merchant bank contracted through Office of the President Banking Services Group and/or Office of the Treasurer on behalf of all campuses in the UC system to perform credit card processing services. B. Authorization--process by which a merchant obtains prior confirmation from the acquiring bank that a specific financial transaction will be processed successfully when settlement is completed. C. Card--unexpired credit card affiliated with a credit card company (e.g., Visa U.S.A., MasterCard International) or branded debit card affiliated with recognized banking networks for which a merchant has established acceptance of with the acquiring bank. D. Cardholder information--personally identifiable data associated with the cardholder including account number and expiration date. E. Centralized payment process--controlled system of Internet sites, software applications, and communication protocols that interact together for the purpose of capturing and transferring cardholder information to the acquiring bank via the Internet and securely storing the information in a single repository. F. Chargeback--a reduction of the merchant’s cash receipts initiated by the acquiring bank in response to transaction that has been rejected by the acquiring bank or issuing bank or disputed by the cardholder. G. Convenience fees--costs imposed on cardholders by the merchant to defray the expense of providing a convenient alternate payment channel (e.g., Internet, self-service kiosks, Interactive Voice Response (IVR)). H. Credit card security compliance programs--programs established by the credit card associations for the purpose of protecting cardholder information that require specific actions and operating procedures by the merchant (e.g., Visa U.S.A. Cardholder Information Security Program (CISP), MasterCard International’s Site Data Protection Program (SDP), American Express’s Data Security Standards (DSS) and Discover’s Information Security and Compliance (DISC) Program). I. Discount fees--costs imposed on merchants by the acquiring bank in exchange for the privilege of accepting a card. Discount fees are comprised of three components: 1. Interchange--non-negotiable fees established by the credit card associations which are collected from the merchant by the acquiring bank and paid by the acquiring bank to the issuing banks. 2. Assessments/Access--non-negotiable fees established by the credit card associations which are collected from the merchant by the acquiring bank and paid by the acquiring bank to the credit card associations. 3. Processor’s fee--negotiable cost established by contract which is collected by the acquiring bank on their own behalf. Processor fees are negotiated and contracted through the Office of the President Banking Services Unit and/or the Office of the Treasurer. J. Issuing bank--financial institution that grants credit to a cardholder by issuing a credit card to the cardholder. K. Merchant--a University department or an affiliate of the University that has received the appropriate prior authorization to accept cards as a form of payment for services performed or for merchandise sold by the department or affiliate. A merchant is assigned a specific merchant account(s) with the acquiring bank. Merchants fall into one of the following three categories: 1. Retail merchant--conduct all of their card transactions in a face-to-face environment with the card physically present for the transaction. 2. Phone/mail merchant--generate cardholder information forms either through telephone communication with the cardholder, through the mail, or by standalone facsimile machine not connected to any computer network. 3. Internet merchant--conduct all of their card transactions through the Internet within the centralized payment process. L. Merchant account--a unique account established with the acquiring bank that is used to track equipment, transactions, fees, compliance activities, and designated points of contact and all related information of the merchant. M. Operating guidelines--rules and procedures published by the acquiring bank that specify the operational parameters that each merchant must adhere to when accepting a card as a form of payment. N. Payment Card Industry (PCI) compliance standards--a specific set of technical requirements and business practices published collaboratively by Visa U.S.A. and MasterCard International addressing cardholder information security that each merchant must comply with and demonstrate compliance with on a periodic basis. O. Settlement--process by which a merchant presents a single or group of financial transactions to the acquiring bank for the purpose of converting the credit information collected from a cardholder into cash receipts. P. Student payments--payments integral to a student’s or admitted person’s instructional record that are covered under the Family Educational Rights and Privacy Act (FERPA). Usually, these relate to non-matriculated students’ payments for instructional activities, payments by student’s admitted and enrolled, or pre-instructional outreach activities. Q. Surcharge--costs imposed on cardholders by the merchant to defray the expense of accepting a form of payment. When permitted, surcharges may be charged irrespective of channel. A. The Treasurer of The Regents has been granted the authority to execute agreements on behalf of the University in connection with banking type services (Regents' Bylaw 21.4.n) and regulates the use of card services. B. Services for processing cards, depositing cash receipts and validating compliance with all credit card companies’ compliance programs and any other related services will be contracted on a systemwide level through the Office of the President Banking Services Group and/or the Office of the Treasurer. Merchants may use only services of vendors with systemwide contracts in place. C. Cards may be accepted from the cardholder by a merchant for their own transactions within the parameters of the appropriate operating guidelines. Merchants may not accept cards or authorize or complete settlement for transactions of other University units or affiliates. D. Merchants must authorize each transaction in order to secure the most favorable interchange fee rates. IV. Establishment and Maintenance of Card Services A. Requests to accept cards will be considered from University units and affiliates. Each request will be evaluated on its own merits. Requests must be made in writing to the UCD Credit Card Coordinator for recommendation to the Vice Chancellor—Administration. Requests to accept cards should demonstrate the ability to comply with the merchant responsibilities in V.D below and must contain the following information: 1. Department name. 2. Department business and compliance contact with oversight authority. 3. Business contact’s e-mail address. 4. Departmental physical delivery address. 5. Telephone number. 6. Fax number. 7. List of credit card companies that will be accepted (Visa, MasterCard, American Express, Discover). 8. Statement justifying the need to accept cards. 9. Departmental general ledger account to which any chargebacks and discount fees will be charged. This account may not consist of state funds (the account may not have an OP Fund of 199xx). B. Upon approval of the request by the Vice Chancellor—Administration, the UCD Credit Card Coordinator will prepare and submit all documentation to the acquiring bank and credit card companies to establish the merchant account, order the merchant terminal and notify the merchant of the assigned merchant number. C. Fees and billing Discount fees, rental costs for equipment, and fees for banking network access fees are deducted monthly from the campus bank account. Accounting & Financial Services allocates these costs to merchants based on their merchant accountant. A merchant statement is provided monthly by the acquiring bank. D. Chargebacks 1. Accounting & Financial Services will receive all chargeback notifications. Accounting & Financial Services will notify the appropriate merchant of the notification and prepare appropriate accounting entries to reflect the chargeback. 2. Merchants must respond directly to the acquiring bank within the appropriate time frame by providing requested information or appropriate documentation to demonstrate the legitimacy and appropriate processing of the original transaction. The acquiring bank has sole authority to determine if the chargeback will be reversed and the cash receipts returned to the merchant. Upon receipt of a chargeback reversal notification, Accounting & Financial Services will notify the appropriate merchant of the notification and prepare appropriate accounting entries to reflect the chargeback reversal. E. General ledger entries 1. Merchants must prepare a DaFIS Statement of Cash Collections, or the UCDMC Statement of Collections and Receipts Issued (Calcode 71461-135), to record in the general ledger the deposits that have been settled with the acquiring bank. (See Section 330-55.) 2. The credit entry should cite the department revenue account. 3. The debit entry should equal the total settlement amount. 4. The general ledger account to be cited for campus units is: a. 3-1100320-0041 Visa/MasterCard. b. 3-1100320-0042 Discover. c. 3-1100320-0043 American Express. d. 3-1100320-0044 Debit card. e. 3-1100320-0045 Care credit card. 5. The account number to be cited for UCDMC units is: a. 3-1100340-0041 Visa/MasterCard. b. 3-1100340-0042 Discover. c. 3-1100340-0043 American Express. d. 3-1100340-0044 Debit card. e. 3-1100340-0045 Care credit card. A. The Vice Chancellor--Administration has been authorized by the Chancellor to approve requests from campus units and affiliates to establish a merchant account and accept cards as a form of payment for services performed or for merchandise sold by such units and affiliates. This authority may not be redelegated. B. The UCD Credit Card Coordinator (Manager—Internal Control Accounting & Financial Services) is responsible for: 1. Providing information and assistance to University units and affiliates that are analyzing the responsibilities and costs of accepting cards as a form of payment. 2. Recommending to the Vice Chancellor--Administration approval of appropriate requests from campus units and affiliates to accept cards as a form of payment. 3. For campus units and affiliates approved to accept cards, establishing merchant accounts, selecting and ordering terminals and coordinating all compliance activities. 4. Immediately deactivating merchant accounts that are determined to be out of compliance with operating guidelines, PCI compliance standards or compliance standards required by the acquiring bank, Office of the President or University policy or directive. C. Accounting & Financial Services is responsible for: 1. Reconciling the depository bank account to the general ledger cash account monthly. 2. Maintaining procedures to ensure the appropriate and timely recording of deposits onto the general ledger. 3. Administration and coordination of chargeback defense efforts. 4. Administration of the University’s centralized payment process. D. Information & Educational Technology is responsible for reviewing department network architecture for compliance with technical standards. E. All merchants are responsible for: 1. Complying with all requirements of the appropriate operating guidelines. 2. Performing all periodic compliance activities requested by the UCD Credit Card Coordinator in a timely manner. 3. Recording all card transactional activity on the general ledger within 3 business days of settlement. 4. Notifying the UCD Credit Card Coordinator immediately when merchant accounts are no longer needed and should be deactivated. 5. Responding to chargeback notifications and credit card company inquires. 6. Ensuring that no cardholder information is stored electronically in any database, application or system. 7. Following the responsibilities and guidelines in the appropriate exhibit. A. UC Office of the President: Delegation of Authority—Use of Commercial Credit Cards (DA 1095), 7/30/93. B. UC Accounting Manual: 1. Chapter C-173-14, Cash: Campus Cash Collection Deposits. 2. Chapter C-173-85, Cash: Credit and Debit Card Program. C. UC Business & Finance Bulletin: 1. BUS-49: Cashiering Responsibilities and Guidelines. 2. IS-3: Electronic Information Security. D. UCD Policy & Procedure Manual: 1. Section 260-15, Solicitation and Acceptance of Gifts. 2. Section 330-55, Departmental Cashiering Operations. E. Credit Card Companies Security Requirements: 1. Visa U.S.A. Cardholder Information Security Program (CISP). 2. MasterCard International Site Data Protection (SDP) Program. 3. American Express Data Security Standards (DSS). 4. Discover Information Security and Compliance (DISC) Program. 5. Payment Card Industry (PCI) Standards. Copyright © 2006 The Regents of the
University of California, Davis Campus. All Rights Reserved. |
|
