Accepting Electronic Payments

FIN-TRE-110

The IU Seal: Indianensis Universitatis Sigillum MDCCCXX

Scope
Policy Statement
Reason for Policy
Definitions
History
Related Information

About This Policy

Effective Date:: 11-01-2003
See current policy

Date of Last Review/Update:: 11-18-2016

Responsible University Office:: Treasury Operations

Responsible University Administrator:: University Treasurer

Policy Contact:: Brittany Hubbard
Associate Treasurer and University Bursar
bchubbar@iu.edu

Policy Feedback:: If you have comments or questions about this policy, let us know with the policy feedback form.

Scope

All Indiana University units and employees.

Policy Statement

All entities of the University that receive or expect to receive payments electronically must comply with the guidelines and procedures issued by the Office of the Treasurer, Treasury Operations. Campus entities who wish to take payments via payment cards must be approved by Campus Administration (in conjunction with Policy VI-121, Establishing and Modifying Revenue Producing Activities (RPA). Once approved, the request should be forwarded to the Office of the Treasurer, Treasury Operations for final approval and implementation. University Administration units should submit their requests for approval to the appropriate Vice President and then forward to the Office of the Treasurer, Treasury Operations. All other units should submit their requests directly to the Office of the Treasurer, Treasury Operations.

Entities accepting payment cards will sign an agreement with the Office of the Treasurer, Treasury Operations that details their responsibilities as well as the security requirements (Payment Card Industry Data Security Standard and IU Data Security Policies) that must be followed. This agreement may be updated from time to time as requirements change. Failure to follow the requirements of the agreement may result in the Office of the Treasurer, Treasury Operations revoking your ability to process payments.

Entities must accept only payment cards authorized by the Office of the Treasurer, Treasury Operations and agree to operate in accordance with the contract(s) the University holds with its Service Provider(s) and Card Brands. This is to ensure that all transactions are in compliance with all Payment Card Industry Data Security Standards (PCI DSS), Federal Regulations, NACHA rules, service provider contracts and Indiana University policies regarding security and privacy that pertain to electronic transactions.

No complete payment card account numbers are to be maintained in any University databases or files without written approval of Treasury. The storage of truncated numbers, in approved formats, is permissible.

All Processing Equipment is to be obtained via the Office of the Treasurer.

Exceptions to this policy will be limited and will require a business plan (including reason why the available central processing systems will not work for your area) to be submitted and approved by the Office of the Treasurer in advance of any equipment or system purchase.

All payments received must be directed into a University Approved Bank Account. The type and nature of the electronic transaction (e.g., ACH, Credit Card, Point of Purchase, wire, etc.) will dictate which bank within the University’s banking network the transaction will be deposited.

Accounting entries to record the receipt of the payment will be linked directly into the University’s Kuali Financial System (KFS), whenever possible, to ensure timely recording of transactions and expedite the prompt reconcilement of general ledger and bank accounts.

Reason for Policy

To establish guidelines for ensuring payments received electronically are processed in an efficient, consistent, secure and controlled manner in compliance with all applicable rules, regulations and University contracts/policies.

Over 80% of all funds that flow into Indiana University are received electronically. Receiving Electronic Payments (Fedwire or ACH) is advantageous to Indiana University for a number of reasons. The data and dollars associated with funds received electronically can be fed directly into University receivable, financial and banking systems. Additionally, they are paperless and do not have any Float associated with them which means they can be used immediately to fund University disbursements or to purchase investments.

Funds received electronically fall under numerous Federal Regulations, NACHA operating guidelines, the Payment Card Industry Data Security Standards (PCI DSS) and any contracts that are in place regarding processing these types of payments. They present unique challenges in integrating the receipt of funds into departmental accounts receivable systems and the University’s general ledger and banking systems. This policy will provide the necessary guidance to ensure that the University takes advantage of the opportunities electronic payments present while meeting the regulatory requirements, operational challenges, internal control and security responsibilities associated with accepting payments electronically.

Definitions

ACH: Automated Clearing House. This is a funds transfer system that was developed as an electronic payment alternative to checks. While Fedwire is real-time transfer system, ACH uses a batch settlement process which typically provides for next day settlement making it much less expensive than Fedwire. An example of an ACH transaction is a pre-authorized debit to a checking or saving account or direct deposit of payroll.

Approved Bank Account: Any account (checking, savings, depository, money market, etc.) opened by the Office of the Treasurer, Treasury Operations at a Financial Institution which has any one of the following:

Uses the name Trustees of Indiana University, Indiana University, Indiana University Purdue University at Indianapolis or any abbreviation thereof, or;
Uses the University’s tax identification number, or;
Receives the deposit of or disburses University funds.

Note: Only the Indiana University, Office of the Treasurer can open or close bank accounts. See Policy VI-52.

Campus Administration: Vice Chancellor for Administration and Finance (for IUB campus, the Associate Vice Provost for Finance) or their delegate.

Card Brands: Visa, MasterCard, Discover and American Express are examples of Card Brands.

Debit/ATM Cards: A type of Payment Card that deducts purchases directly from an individual’s checking account.

Electronic Payments: Payments covered under this policy include, but are not limited to:

Payments received via an ACH credit. Examples of payments that are typically received via an ACH credit are:

Contract and Grant awards
Financial Aid funds
Web-initiated payments (e.g., tuition and student loan payments)
State Appropriations

Payments received via Fedwire

Payments received via Point of Purchase terminals

Payments received via Payment Cards

Payments received via Mobile Payment

Federal Regulations: Electronic payments fall under numerous banking and disclosure regulations. Examples include Reg E, Reg J, Electronic Funds Transfer act (1978) USA Patriot Act and Fair and Accurate Credit Transactions Act.

Fedwire: This is a funds transfer system administered by the Federal Reserve. It is a real-time method of transferring funds between parties.

Financial Institution: A bank, credit union, brokerage house or financial services provider.

Float: Float is the interval between the time an item is deposited and the time the funds are available for use. For example, when a check is deposited, it may be 1-3 days before the funds the check represents are available to cover checks written or transferred to an investment.

Mobile Payments: Electronic transactions that are transacted with a mobile phone.

NACHA: National Automated Clearing House Association. NACHA is the regulatory body for the ACH payment network.

Payment Card: Credit Cards (e.g. VISA, MasterCard and Discover), American Express, Diners Club, Debit and Smart cards.

Payment Card Industry Data Security Standard (PCI DSS): an industry standard that sets technical and compliance standards for protecting cardholder data. PCI DSS is supported by VISA, MasterCard, Discover and American Express and applies to everyone that stores, processes or transmits cardholder data.

Processing Equipment: Credit card readers/ printers, point of purchase terminals/printers. Additionally, cash registers that process Payment Cards may require special configurations to process via the Indiana University systems, so it is very important that the Office of the Treasurer be contacted prior to making any commitment to purchase cash registers.

Service Provider: The entity or entities selected by the Office of the Treasurer, Treasury Operations who process Payment Card, Fedwire, ACH transactions.

Smart Cards: A type of Payment Card that stores information and value on a computer chip embedded in the card.

History

This policy was established on November 1, 2003.

Revised to add scope November 2016.

Please note: This is an archived version of the policy. View the current version.