Cash Collection and E-commerce Policy and Procedures

9120.1 Purpose

Realizing the collection of cash is decentralized at Wright State University, the purpose of this policy is to provide guidelines to the university community with respect to the handling, receiving, transporting, depositing and reconciliation of University funds.  For purposes of this policy, “cash” includes coins, currency, paper checks, money orders, traveler’s checks, and credit and debit cards, electronic transfers including e-checks, wire and Automated Clearing House (ACH) transactions.  Acceptable forms of payment include currency, checks, money orders, charge cards, (MasterCard, Discover and VISA [except for current student account fees]), debit cards, and electronic transfers.  Charge card payments for student account fees (MasterCard, Discover, and AMEX) are accepted online only through a third party vendor.  A 2.85% convenience fee is assessed by the vendor.

University funds are monies received from tuition, room, board, fees, contracts, grants, revenues from University services, state and federal appropriations, gifts, deposits and all other sources of revenue or expense reimbursements.  All checks made payable to the University or any subdivisions of the University are considered University funds.  Monies received by the university must comply with this policy.

The policy also provides guidelines for Colleges/Departments who engage in e-commerce activities including the acceptance of electronic checks, credit cards or bank debit cards through a university developed or third party vendor website.  Departments desiring to establish a Cash Collection Center to engage in E-commerce activities must first complete and submit an application (see APPENDIX A) to the Office of the Bursar.  If approved, departments are responsible for complying with the procedures outlined in this policy.

9120.2 Background

The collection and control of University funds at Wright State University are very important functions.  As the University’s primary cash handling agent, the Office of the Bursar provides guidance to the University community who need to engage in Cash Collections, and/or, E-commerce activities.  The responsibilities for operating a Cash Collection center and/or engaging in E-commerce activities are explained in this policy.

Historical practices shall not constitute justification for deviation from the following guidelines.  The material contained in this document superseded any previous policies and procedures followed within the University and/or within departments regarding the handling of University funds.  The University Director of Bursar Services/Director of Treasury Services reserves the right to make interpretations and exceptions to the policies contained in this document.

Changes in the Cash Collection and E-commerce Policy and Procedures may be made from time to time, and will be communicated through the Business and Fiscal Officers meetings and the listserv. Updates to this policy will be available electronically through Wright State University’s Website and will be effective upon issuance.

9120.3 Prior Approval Required To Collect University Funds

Departments/units interested in engaging in either Cash Collection or E-commerce activities (whether in person, by mail, or electronically) must first obtain prior approval.  Approval is obtained by:

  1. Completing the Application to Establish a Cash Collection Center and/or E-commerce Website (see APPENDIX A) to include the following information:

    1. Department/unit Name
    2. Department/unit Address
    3. Primary Contact Name, Phone Number and E-mail address
    4. Indicate whether website currently exists or needs created
    5. Describe why the Cash Collection Center and/or E-commerce Website are needed, what products or services will be offered and when you would like to begin accepting online payments.
    6. Signature of the Department Head, Fiscal/Business Manager and Dean or Division Vice President;
  2. Submitting completed application to the Office of the Bursar;

  3. Agreeing to comply with all provisions of the Cash Collection and E-commerce Policy & Procedures;

  4. Agreeing to utilize the standard E-commerce platform provided by the university to secure online payment information.

  5. Agreeing to comply with all online banking and merchant credit card regulations including Payment Card Industry Data Security Standards (PCI DSS). (Refer to APPENDIX D for specific requirements).

  6. Displaying the University Privacy Statement (see APPENDIX B) on your department/unit’s web page (if applicable).

  7. Engaging Computing and Telecommunications Services (CaTS) and Communication and Marketing (if needed) in the creation or refinement of the department/unit website.

  8. Contacting the Office of the Controller to establish account numbers to record the revenue (if needed);

  9. Developing written procedures to document appropriate internal controls for the collection of university funds and annual training of staff engaged in Cash Collection and/or E-commerce activities (see section of Internal Controls);

  10. Assuming responsibility and liability for the security of all sensitive data, including any monetary loss suffered by the University due to theft or improper use of customers’ credit card or bank account information.

Departments should forward the completed Application to Establish a Cash Collection Center and/or E-commerce Website (see APPENDIX A) to the Office of the Bursar for review. The Office of the Bursar will schedule a time to meet with the applicable department representatives and business manager to review their request and, determine the best solution for the application.  If the request can be met using either the MarketPlace U-Store or U-Pay product, the Office of the Bursar will take the lead in assisting departments in developing their application.  If the request requires a more custom solution, CaTS will need to be consulted to develop the application.

The Offices of the Bursar and Controller are also available for consultation and review of departmental procedures.  Departments are responsible for training designated employees in cash handling policies and procedures.

9120.4 Internal Controls

Departments/units interested in engaging in either Cash Collection or E-commerce activities (whether in person, by mail, or electronically) must first obtain prior approval.  Approval is obtained by:

  1. Written Procedures

    1. Each department that handles cash must have its own written procedures tailored to its specific operation.  The departmental procedures should include, but are not limited to, the following:

      1. A description of your department and what activities generate cash receipts.
      2. Type of receipts collected (i.e., currency, checks, credit cards, etc.).
      3. A description of how payments are received-in person, by mail, online, etc.
      4. Type of receipt issued to customer paying in person (manual or cash register).
      5. A description of how mail is opened and logged.
      6. Check endorsement-each check must be restrictively endorsed with “For Deposit only, Wright State University.
      7. Identification of positions assigned to each step in the procedures to verify proper segregation of duties.
      8. A description of how deposits are made including method and frequency.
      9. Forms control-the process used to reconcile actual receipts to departmental records and to prepare the Cash Remittance Voucher (CRV).
      10. Reconciliations-the process used to compare departmental copies of CRV’s with monthly or daily online accounting reports to verify accurate posting in Banner.
      11. A description of how funds are secured between collection and deposit.
      12. A description of how cash receipts are transported to the Office of the Bursar.
    2. For assistance in developing departmental procedures contact the Office of the Bursar.  The department/unit’s Fiscal/Business Manager should approve the written procedures.

    3. Departmental procedures should be reviewed annually by the Departmental Chair/Director and the fiscal/business manager to ensure compliance with the University’s Cash Collection and E-commerce Policy and Procedures (see item k) In-House Audits).

  2. Segregation of Duties

    1. Departments handling cash should separate, to the extent possible, all duties relating to cash handling.  A system of checks and balances should be implemented in which tasks are performed by different individuals in order to assure adequate controls.  For example, the same person should not collect cash from students or other payers, post receivables or credit other accounting records, prepare and make the deposit, and perform the departmental reconciliation.

    2. It is the Chair/Department Director’s responsibility to ensure that any amount deposited with the Office of the Bursar includes all monies received.

    3. The Chair/Department Director will contact the Office of the Bursar with any questions regarding the development of or adequacy of mitigating controls. The Department of University Audit and Consulting Services is also available to review the adequacy of controls.

    4. The Chair/Department Director or her/his designee should be an independent person who does not handle or have access to cash.  S/he will verify that the original supporting detail records (Cash Remittance Vouchers) agree with the Departmental Transaction Detail report available in WINGS Express.

  3. Safekeeping of Funds

    1. All forms of Cash (currency, checks, money orders, negotiable instruments and charge card transactions) should be physically protected through the use of vaults, locked cash drawers, cash registers, locked metal boxes or bags, etc.

    2. It is the responsibility of each department to make whatever provisions are necessary to properly safeguard cash in their area.  Generally, any amount of cash on hand that exceeds $1,000 must be maintained in a vault or safe.  In the event that a safe or vault is not available, cash in excess of $1,000 along with a CRV must be dropped off at the Drop Box located on the second floor of the Student Union for safekeeping until retrieved by the Office of the Bursar.  Amounts under $1,000 should be maintained in a file safe or reinforced lockable file cabinet.  Cash should not be retained in desk drawers or standard file cabinets since they are easily accessible and provide no security or safeguarding of funds.

  4. Frequency of Deposit

    1. To maximize cash flow and safeguard assets, deposits need to be made in a timely manner.  Section 9.38 of the Ohio Revised Code requires that all deposits exceeding $1,000 be made by the next business day following day of receipt provided the funds are stored in a safe or vault.  If the total does not exceed $1,000 the lag may be up to two business days to make the deposit, if the funds are safeguarded.

    2. Unless prior arrangements have been made for directly depositing to the bank, all deposits should be placed in the drop box located on the seond floor of the Student Union.  Deposits that include currency or coin must be personally delivered to the drop box.   Deposits that do not include currency or coin can be sent through campus mail or delivered in person to the drop box located in the Student Union.

    3. Transportation of cash deposits to the Office of the Bursar by University employees should not conform to any regular time or day of the week schedule. Such transfers should be irregular, subject to change without notice, with times know only to a select few.  Consult Wright State University’s Police Department and the Office of the Bursar regarding arrangements for transfers of large cash amounts that occur on a regular basis.

    4. If the deposit is hand delivered, the Office of the Bursar will count/validate the funds in the presence of the departmental representative.  The Office of the Bursar will immediately compare the validated total to the amount on the CRV.  Any discrepancies must be reconciled at once before the deposit can be processed and applied to the departmental account.

    5. If the deposit is transported by Wright State Police or via campus mail, staff within the Office of the Bursar will open the transport bag or envelope and validate/process the deposit in a timely manner.  Any discrepancies will be verified by both the Fee Payment and Deposit Coordinator and Operations Manager.  Any overages or shortages will result in a confirmation call to the originating department.  Upon reconciliation, the deposit will be processed and applied to the departmental account.  The Office of the Bursar will stamp the CRV and send a copy of it back to the department along with the transaction receipt.

  5. The Office of the Bursar will count/validate the funds that have been placed in the drop box in a timely manner.  The Office of the Bursar will open the transport bag or envileope and validate/process the deposit in a timely manner.  Any discrepancies will be verified by both the Fee Payment and Deposit Coordinator and Operations Manager.  Any overages or shortages will result in a confirmation call to the originating department.  Upon reconciliation, the deposit will be processed and applied to the departmental account.  The Office of the Bursar will stamp the CRV and send a copy of it back to the department along with the transaction receipt.

    A Cash Remittance Voucher must be completed for all departmental/unit deposits and submitted to the Office of the Bursar observing the following guidelines:

    1. Check for mathematical accuracy;
    2. Verify check & cash totals are listed properly;
    3. Verify Fund, ORG and Account numbers (or detail codes, if applicable) are properly filled in;
    4. Verify the funds received equal the deposit form;
    5. Have a secondary individual within the department review and sign (above) the CRV.
  6. Money Deposited Intact

    Money should be deposited promptly and intact to the Office of the Bursar.  Cashing checks from University deposits, borrowing cash for personal use, lapping receipts to cover shortages in cash receipts, withholding checks for deposit in order to float checks, commingling of personal and University funds, and modification of cash records are all serious offenses and will result in an immediate referral to the Office of Internal Controls and Audit Services, Wright State University’s Police Department and Human Resources for proper disciplinary action and/or termination.

  7. Counterfeit Currency

    All authorized cash handling personnel are responsible for exercising reasonable care in screening cash transactions for counterfeit currency.  If a questionable bill is received, the department should retain possession of the bill and contact Wright State University’s Police Department immediately.  Do not return the bill to the payer. For more information about recognizing counterfeit currency, please visit www.moneyfactory.gov.

  8. Returned Payment

    1. Any payments returned by Wright State University’s depository bank as uncollected are sent to the Office of the Bursar.  Examples of returned payments include; non-sufficient funds (NSF), account closed, payer’s signature missing, refer to maker and post dated or stale dated checks.

    2. The Office of the Bursar debits the originating department’s account for the amount of the returned payment and sends notification to the originating department for collection.  It is the originating department’s responsibility to notify the payer and use due diligence to collect payment from the payer. Generally, restitution should be in the form of currency, money order, cashier’s check or certified check.

    3. If after proper due diligence is performed and collection problems exist, the Office of the Bursar may be consulted regarding returned items which remain uncollected after 90 days from the date of debit.

  9. Overages and Shortages

    If the total recorded cash receipts (per department logs, receipt books or cash register journals) does not agree with actual counts of cash receipts, the difference must be recorded on a separate line on the CRV, as follows:

    1. Enter the amount of recorded receipts on the first line(s) using the normal fund/org number and account codes for you receipts.

    2. Enter the amount of the overage as a positive amount or the shortage as a negative amount (use brackets) on a separate line, using the same fund/org number with an Account Code of 777200 (Over/Short).  On the CRV, provide an explanation on why there was an overage or shortage.

    3. If the shortage was due to a suspected theft of funds, contact the Office of Internal Controls and Audits Services and Wright State University’s Police Department immediately to file a police report and notify the Chair/Department Director and Fiscal Officer/Business Manager as soon as possible.

  10. Employee Training and Background Checks

    Departments engaging in cash collection services should conduct mandatory training for all employees involved with this activity.  Such training should include a thorough review of the department’s written procedures on cash collections.  Reviews of regulatory issues impacting cash collections include Gramm-Leach-Bliley Act (GLBA), PCI DSS, and Identity Theft should also be covered.  Departments are highly encouraged to provide periodic training, at least on an annual basis, to ensure employees are in compliance with these regulations.  Consult the security website for the latest information: http://www.wright.edu/security/.

    In addition, departments should request background checks on all employees involved with cash collections.  For purposes of this requirement, “employee” refers to full and part-time employees, temporary employees and personnel, and contractors and consultants who are “resident” on the entity’s site.  Applicants/employees must consent to a background check prior to departments initiating the request and the check should include both a criminal and consumer (credit history) review.

  11. In-house audits

    Departments engaged in cash collection services should conduct periodic reviews/audits of their operation to ensure compliance with this policy.  The Fiscal Officer/Business Manager or her/his designee should conduct these audits annually with confirmation of the audit sent to the Department of Internal Controls and Audit Services.

  12. Banks Accounts

    The Chief Operating Officer and their designees are the only officials authorized to open bank accounts on behalf of Wright State University.  The use of Wright State University’s name and/or Federal Tax Identification number to open unauthorized bank accounts is strictly prohibited.  The use of departmental or personal checking and/or other bank accounts by University personnel for the depositing and/or safekeeping of University funds are strictly prohibited.  Any requests to deviate from this policy must be presented to the Vice President for Finance and Operations and University Treasurer or his/her designee for proper authorization.

  13. Record Retention Policy

    Departments should annually review their Record Retention Policy to ensure compliance with Payment Card Industry Data Security Standards.  Sensitive cardholder date from credit card transactions must be stored in a secure environment and then safely destroyed within 18 months from sale date.  Refer to APPENDIX D for further information on PCI DSS.

  14. Tracking and Collecting Outstanding Accounts Receivable

    Department/units billing external organizations for services provided or expense reimbursement are required to utilize the Non-Student Invoice Process through Wings Express.  Prior to extending credit, departments should consider how likely the individual/organization will pay the debt.  Factors to consider include:  scope of work or services to be performed, past experience with the entity, and financial strength of the individual/organization.  Once billing begins, departments are required to:
     
    1. Direct remittance payments to the Office of the Bursar.
    2. Review outstanding receivables on a monthly basis using the NSAR Invoice Detail Report and Invoice Aging Detail Report.  Send monthly notices to entities that are past due.
    3. Contact the Office of the Bursar-Collections for assistance in collecting outstanding invoices greater than or equal to six months in age.  If the Office of the Bursar is unsuccessful in collecting the amount owed within 60 days, the account will be referred to the State of Ohio Attorney General's Office for further action.
    4. Annually by May 15, determine the invoices that are a year old or older
    5. Send a list to the Office of the Bursar of the invoices that you want to write off with signature approval of the Business Manager
    6. Please indicate in department records to disallow charging for this entity until payment is made.

9120.5 Other Payment Methods

  • Incoming Electronic Wire Transfers

    1. Purpose

      This section of the document defines and outlines University procedures regarding incoming Electronic Fund Transfers.  These transactions typically are U.S. Government funding or other special payments.

    2. Requirements

      The Office of the Bursar should be contacted prior to receipt of an incoming wire transfer or ACH deposit to identify/match the Electronic Fund Transfer (EFT) to the appropriate department.  The following information should either be faxed (775-5775) or emailed to the Office of the Bursar (bursar@wright.edu).

      1. Source of the incoming wire or ACH deposit (sender or bank).
      2. Any identifying code numbers (reference & verification).
      3. Date EFT is expected.
      4. Amount of EFT.
      5. Fund, ORG, Account & Program (FOAP) that funds are to be deposited.

      All EFT’s should be directed to Wright State University’s Depository Bank (JPMorgan Chase) with instructions to the sender to include as much pertinent information as possible for identification purposes; i.e., the name of the company remitting payment and the name of the university department expecting payment.

      Unidentified incoming EFT’s will be credited to the University’s general fund account if they are not identified by a department within 30 days of receipt.

  • Foreign Checks

    1. Purpose

      This section of the document defines University policy on the acceptance and handling of foreign checks.

    2. Introduction

      Any check not drawn on a U.S. bank or which does not have a U.S. clearing bank listed on it, is considered a foreign check even if the check is payable in U.S. funds.  The Bank requires that foreign checks must be equal to or greater than One Hundred U.S. Dollars ($100.00), or the equivalent currency, before they will accept them for conversion processing.

    3. Procedures to Record and Collect

      1. Separate foreign checks from other deposit documents and make a separate Cash Remittance Voucher for each check.  Deliver to the Office of the Bursar for transmittal to the bank.
      2. The Office of the Bursar will submit the check(s) to the bank for collection and will post the amount received to the department’s account when the proceeds (U.S. dollars) are remitted back to the University.  The collection process for foreign checks may take several weeks to complete.
      3. The actual proceeds (U.S. dollars) will be based on any bank collection charge and the exchange rate at the time the check is presented for collection.
    4. Charitable Gifts

      All charitable gifts to Wright State University are processed through the Office of University Advancement.  Gift checks should never be deposited directly to the Office of the Bursar.  Centralized depositing of charitable gifts ensures proper receipting and acknowledgement of donors.  Without an official University receipt, the donor may not be able to take an IRS tax deduction for the gift amount.  Donor information is recorded in the Banner Advancement Module for historical tracking of the donor’s relationship to Wright State University.  University Advancement uses this database in generation of reports and acknowledgements.

9120.6 Credit Card Transactions

  1. Purpose

    This section defines and outlines University policy with regard to the acceptance, handling and processing of credit card transactions.  Due to the increased risks associated with accepting credit card transactions, the Cardholder Associations (VISA, MasterCard, Discover and AMEX) formed a Payment Card Industry Security Standards Council to develop operating standards for merchants engaged in credit card activity.  As an institution who accepts credit card transactions, Wright State University must comply with the current Payment Card Industry Data Security Standards (PCI DSS).  See APPENDIX D for detailed information on these standards.

  2. Introduction

    The Office of the Bursar is responsible for overseeing merchant credit card accounts for the University.  Departments interested in accepting credit card payments must complete and submit a Cash Collection Center and/or E-commerce Website Application to the Office of the Bursar (see APPENDIX A).  Once approved, each department must develop the necessary procedures and provide training to staff who are involved in this activity in order to comply with this policy as well as the applicable provisions of the Payment Card Industry Data Security Standards.

  3. General Responsibilities for Units Accepting Credit Card transactions

    1. Obtain approval by the Office of the Bursar and, if applicable, CaTS before entering into any merchant credit card contract, acquisition, or replacement of equipment, software, internet provider or wireless device.
    2. Comply with applicable sections of the Payment Card Industry Data Security Standards.
    3. Maintain an Information Security Agreement for employees processing credit cards (see APPENDIX E-for an example).
    4. Establish procedures to prevent access to cardholder data in physical or electronic form including, but not limited to, the following: hard copy or media containing credit card information must be stored in a locked drawer or office; department should establish password protection on computers; visitor sign-in logs, escorts and other means must be used to restrict access to documents, servers, computers, and storage media.
    5. Supervisors including Deans, fiscal officers/business managers and system managers must communicate this Cash Collection Policy to their staff and maintain an Information Security Agreement.  (see APPENDIX E) for all personnel engaged in credit card transactions.
    6. Access to physical or electronic cardholder data must be restricted to individuals whose job requires access.
    7. A unique ID must be assigned to each person with computer access to credit card information.  User names and passwords may not be shared.
    8. Full or partial credit card numbers and three or four digit validation codes (usually on the back of cards) may not be faxed or e-mailed.
    9. Do not store the three or four digit CVV or CVV2 validation code from the credit card, the Personal Identification Number (PIN) or the magnetic stripe information.
    10. Establish appropriate segregation of duties between personnel handling credit card processing, the processing of refunds, and the reconciliation function.
    11. Perform background checks on potential employees who have access to systems, networks, or cardholder data with the limits of Wright State University policy.
    12. Terminals and computers must truncate the credit card number ideally so only the last four digits of the account number are displayed.
    13. The use of imprint machines to process credit card payments is prohibited as they display the full 16 digit credit card number on the customer copy.
    14. If you know or suspect that credit card information has been exposed, stolen, or misused, this incident must be reported immediately to the following departments:
      1. CaTS-complete and send online incident response form at:*
        https://www.wright.edu/cgi-bin/incidentresponse.cgi
      2. Bursar-send fax (937-775-5775) detailing the incident.*

      *(This report must not disclose any credit card numbers, three or four digit validation codes or PIN numbers. It must include a department name and contact number.)

  4. Procedures to Deposit and Report Credit Card Sales

    Charge card transactions are monetary transactions and therefore are subject to the same control and reconciliation policies as cash transactions.  A daily accounting of receipts, from sales or deposits, should be balanced against these electronic transactions.  Charge card sales should be deposited along with any currency, coins, and checks at the Office of the Bursar.  Automatically, the actual funds for charge card transactions are electronically deposited into the University’s bank account and reconciled by the Office of the Bursar.  All personnel authorized to process credit card payments must exercise reasonable care in accepting credit card transactions to reduce card misuse and loss of funds.  Departments should follow the applicable guidelines shown below to deposit and report credit card sales:

    1. Departments using credit card terminals (such as First Data) must print out a Batch Settlement report prior to closing each business day.  After balancing, departments must close and settle the batch on a daily basis.  The Batch Settlement report along with a completed Cash Remittance Voucher will be sent via campus mail or brought to the Office of the Bursar for deposit within two business days.
    2. Departments using TouchNet Payment Gateway for approval of individual credit card transactions must print a Batch Detail Report for that business day. The Batch Detail report along with a completed CRV will be sent via campus mail or brought to the Office of the Bursar for deposit within two business days.
    3. Departments using TouchNet Marketplace U-Pay or U-Store applications are responsible for reconciling payments accepted online to ensure revenue fed correctly to Banner Finance (general ledger).
    4. Charge-backs and rejects of card transactions will be charged to the departmental account.
    5. Bank reports reflecting rejects and charge-backs will be sent to the originating department from the Office of the Bursar.

 

9120.7 Appendices