Accepting Electronic Payments
About This Policy
- Effective Date:
- Date of Last Review/Update:
- Responsible University Office:
- Office of the Treasurer
- Responsible University Administrator:
- Executive Vice President for Finance and Administration
All Indiana University units and employees.
Electronic payments covered under this policy include, but are not limited to:
- Payments received via an ACH credit. Examples of payments that are typically received via an ACH credit are:
- Contract and Grant awards
- Financial aid funds
- Web-initiated payments (e.g., tuition and student loan payments)
- State appropriations
- Payments received via Fedwire
- Payments received via point of purchase terminals
- Payments received via Payment Cards
- Payments received via Mobile Payment
Funds received electronically fall under numerous Federal Regulations, NACHA operating guidelines, the Payment Card Industry Data Security Standards (PCI DSS), as well as the terms of any contracts that are in place regarding processing these types of payments. Electronic payments present unique challenges in integrating the receipt of funds into unit accounts receivable systems and the university’s general ledger and banking systems. This policy provides the necessary guidance to ensure that the university takes advantage of the opportunities electronic payments present while meeting the regulatory requirements, operational challenges, internal controls, and security responsibilities associated with accepting payments electronically.
Reason for Policy
To establish guidelines for ensuring payments received electronically are processed in an efficient, consistent, secure, and controlled manner in compliance with all applicable rules, regulations, university contracts, and university policies.
- All university units that receive or expect to receive payments electronically must comply with the guidelines and procedures issued by the Office of the Treasurer, Treasury Operations.
- Campus units that wish to take payments via payment cards must be approved by campus administration, which entails successful completion of the process identified in Establishing and Modifying Revenue Producing Activities (RPA). Once approved, the request should be forwarded to Treasury Operations for final approval and implementation.
- University administration units should submit their requests for approval to the appropriate Vice President and then forward to Treasury Operations.
- Units accepting payment cards will sign an agreement with Treasury Operations that details their responsibilities as well as the security requirements (Payment Card Industry Data Security Standards (PCI DSS) and IU data security policies that must be followed. This agreement may be updated from time to time as requirements change. Failure to follow the requirements of the agreement may result in Treasury Operations revoking the unit’s ability to process payments.
- Units must accept only payment cards authorized by Treasury Operations and must agree to operate in accordance with the contract(s) the university holds with its Service Provider(s) and Card Brands. This is to ensure that all transactions are in compliance with all Payment Card Industry Data Security Standards (PCI DSS), federal regulations, NACHA rules, service provider contracts and Indiana University policies regarding security and privacy that pertain to electronic transactions
- No complete payment card account numbers are to be maintained in any university databases or files without written approval of Treasury Operations. The storage of truncated numbers, in approved formats, is permissible.
- All Processing Equipment is to be obtained via Treasury Operations .
- Exceptions to this policy will be limited and will require a business plan, including reason why the available central processing systems will not work for the unit. The business plan must be submitted and approved by Treasury Operations in advance of any equipment or system purchase.
- All payments received must be directed into a University Bank Account. The type and nature of the electronic transaction (e.g., ACH, Credit Card, wire, etc.) will dictate which bank within the University’s banking network the transaction will be deposited.
- Accounting entries to record the receipt of the payment will be linked directly into the university’s Kuali Financial System (KFS), whenever possible, to ensure timely recording of transactions and to expedite the prompt reconcilement of general ledger and bank accounts.
ACH (Automated Clearing House): A funds transfer system that was developed as an electronic payment alternative to checks. While Fedwire is real-time transfer system, ACH uses a batch settlement process which typically provides for next day settlement making it much less expensive than Fedwire. An example of an ACH transaction is a pre-authorized debit to a checking or saving account or direct deposit of payroll.
Federal Regulations: Electronic payments fall under numerous banking and disclosure regulations. Examples include Reg E, Reg J, Electronic Funds Transfer act (1978) USA Patriot Act and Fair and Accurate Credit Transactions Act.
Payment Card Industry Data Security Standard PCI DSS): An industry standard that sets technical and compliance standards for protecting cardholder data. PCI DSS is supported by VISA, MasterCard, Discover and American Express and applies to everyone that stores, processes or transmits cardholder data.
Processing Equipment: Credit card readers/ printers, point of purchase terminals/printers. Additionally, cash registers that process Payment Cards may require special configurations to process via the Indiana University systems, so it is very important that the Office of the Treasurer be contacted prior to making any commitment to purchase cash registers.
University Bank Account: Any account (checking, savings, depository, money market, etc.) opened by the Treasury Operations at a financial institution that has any one of the following:
- Uses the name Trustees of Indiana University, Indiana University, Indiana University Purdue University at Indianapolis or any abbreviation thereof, or
- Uses the university’s tax identification number, or
- Receives the deposit of or disburses university funds.
Note: Only the Indiana University, Office of the Treasurer can open or close bank accounts. See FIN-TRE-52.
This policy was established on November 1, 2003.
This policy was revised to add scope in November 2016.
This policy was fully reviewed, and non-substantive updates were made on December 22, 2021.