Accepting Electronic Payments

Scope

All Indiana University units and employees.

Electronic payments covered under this policy include, but are not limited to:

• Payments received via an ACH credit. Examples of payments that are typically received via an ACH credit are:
  • Contract and Grant awards
  • Financial aid funds
  • Web-initiated payments (e.g., tuition and student loan payments)
  • State appropriations
• Payments received via Fedwire
• Payments received via point of purchase terminals
• Payments received via Payment Cards
• Payments received via Mobile Payment

Back to top

Policy Statement

Funds received electronically fall under numerous Federal Regulations, NACHA operating guidelines, the Payment Card Industry Data Security Standards (PCI DSS), as well as the terms of any contracts that are in place regarding processing these types of payments. Electronic payments present unique challenges in integrating the receipt of funds into unit accounts receivable systems and the university’s general ledger and banking systems. This policy provides the necessary guidance to ensure that the university takes advantage of the opportunities electronic payments present while meeting the regulatory requirements, operational challenges, internal controls, and security responsibilities associated with accepting payments electronically.

Back to top

Reason for Policy

To establish guidelines for ensuring payments received electronically are processed in an efficient, consistent, secure, and controlled manner in compliance with all applicable rules, regulations, university contracts, and university policies.

Back to top

Procedures

1. All university units that receive or expect to receive payments electronically must comply with the guidelines and procedures issued by the Office of the Treasurer, Treasury Operations.
   1. Campus units that wish to take payments via payment cards must be approved by campus administration, which entails successful completion of the process identified in Establishing and Modifying Revenue Producing Activities (RPA). Once approved, the request should be forwarded to Treasury Operations for final approval and implementation.
   2. University administration units should submit their requests for approval to the appropriate Vice President and then forward to Treasury Operations.
2. Units accepting payment cards will sign an agreement with Treasury Operations that details their responsibilities as well as the security requirements (Payment Card Industry Data Security Standards (PCI DSS) and IU data security policies that must be followed. This agreement may be updated from time to time as requirements change. Failure to follow the requirements of the agreement may result in Treasury Operations revoking the unit’s ability to process payments.
3. Units must accept only payment cards authorized by Treasury Operations and must agree to operate in accordance with the contract(s) the university holds with its Service Provider(s) and Card Brands. This is to ensure that all transactions are in compliance with all Payment Card Industry Data Security Standards (PCI DSS), federal regulations, NACHA rules, service provider contracts and Indiana University policies regarding security and privacy that pertain to electronic transactions 
4. No complete payment card account numbers are to be maintained in any university databases or files without written approval of Treasury Operations. The storage of truncated numbers, in approved formats, is permissible.
5. All Processing Equipment is to be obtained via Treasury Operations .
6. Exceptions to this policy will be limited and will require a business plan, including reason why the available central processing systems will not work for the unit. The business plan must be submitted and approved by Treasury Operations in advance of any equipment or system purchase.
7. All payments received must be directed into a University Bank Account. The type and nature of the electronic transaction (e.g., ACH, Credit Card,  wire, etc.) will dictate which bank within the University’s banking network the transaction will be deposited.
8. Accounting entries to record the receipt of the payment will be linked directly into the university’s Kuali Financial System (KFS), whenever possible, to ensure timely recording of transactions and to expedite the prompt reconcilement of general ledger and bank accounts.

Back to top

Definitions

ACH (Automated Clearing House): A funds transfer system that was developed as an electronic payment alternative to checks. While Fedwire is real-time transfer system, ACH uses a batch settlement process which typically provides for next day settlement making it much less expensive than Fedwire. An example of an ACH transaction is a pre-authorized debit to a checking or saving account or direct deposit of payroll.

Campus Administration: Campus chief officer for administration and financial affairs (or designee).

Card Brands: Visa, MasterCard, Discover, American Express, and JCB are examples of Card Brands.

Debit/ATM Cards: A type of payment card that deducts purchases directly from an individual’s checking account.

Federal Regulations: Electronic payments fall under numerous banking and disclosure regulations. Examples include Reg E, Reg J, Electronic Funds Transfer act (1978) USA Patriot Act and Fair and Accurate Credit Transactions Act.

Fedwire: A funds transfer system administered by the Federal Reserve. It is a real-time method of transferring funds between parties.

Financial Institution: A bank, credit union, brokerage house or financial services provider.

Mobile Payments: Electronic transactions that are transacted with a mobile phone.

NACHA: National Automated Clearing House Association. NACHA is the regulatory body for the ACH payment network.

Payment Card: Credit cards (e.g., VISA, MasterCard and Discover), American Express, Diners Club, Debit and Smart cards.

Payment Card Industry Data Security Standard PCI DSS): An industry standard that sets technical and compliance standards for protecting cardholder data. PCI DSS is supported by VISA, MasterCard, Discover and American Express and applies to everyone that stores, processes or transmits cardholder data.

Processing Equipment: Credit card readers/ printers, point of purchase terminals/printers. Additionally, cash registers that process Payment Cards may require special configurations to process via the Indiana University systems, so it is very important that the Office of the Treasurer be contacted prior to making any commitment to purchase cash registers.

Service Provider: The entity or entities selected by the Office of the Treasurer, Treasury Operations that process Payment Card, Fedwire, ACH transactions.

Smart Cards: A type of payment card that stores information and value on a computer chip embedded in the card.

Tax Identification Number (TIN): The number used to identify Indiana University for federal and state tax matters.

University Bank Account: Any account (checking, savings, depository, money market, etc.) opened by the Treasury Operations at a financial institution that has any one of the following:

1. Uses the name Trustees of Indiana University, Indiana University, Indiana University Purdue University at Indianapolis or any abbreviation thereof, or
2. Uses the university’s tax identification number, or
3. Receives the deposit of or disburses university funds.

Note: Only the Indiana University, Office of the Treasurer can open or close bank accounts. See FIN-TRE-52.

Back to top

History

This policy was established on November 1, 2003.

This policy was revised to add scope in November 2016.

This policy was fully reviewed, and non-substantive updates were made on December 22, 2021.

Back to top