What are our current initiatives?
Payment Card Operations
- DSO Onboarding: The focus in 2019 will be to develop an onboarding process for Direct Support Organizations (DSO) in regards to a possibly central management of credit card merchant accounts as well as PCI compliance. The first such onboarding and pilot project will be done in collaboration with the UF Foundation. Thereafter, we will continue to socialize the onboarding process with the other DSOs to explain what the university provides and to understand their compliance needs.
- Payment Card Security Awareness Training: The current online training courses TRM100 and TRM150 for payment card security and PCI compliance will be consolidated into one training TRM125, which will need to be taken annually to satisfy a requirement of the Payment Card Industry Data Security Standard (PCI DSS). The rollout of this training is anticipated in late August, 2019.
Human Subject Payments (HSP)
- Expanding HSP Activity: We are working to expand an HSP related activity pilot to utilize the HSP module to provide Visa Prepaid Bank Debit Cards to researchers in the field, allowing them to pay for business expenses where traditional payment methods (cash advance, P-Card, direct payment) do not work.
- myUFL Bank Reconciliation Module: Evaluation of proposals in progress of an Invitation to Negotiate (ITN) for PeopleSoft consulting firm to upgrade the bank reconciliation module.
Petty Cash/Change Funds
- Unannounced Counts/Reviews: Treasury Management will be conducting unannounced counts and reviews of Human Subject Payments (HSP) stipend funds (i.e. cash, gift cards, bank debit cards).
Payment Card Operations
- We would like to start accepting credit cards in our department. What do we need to do to get set up?
- Contact Payment Card Operations at (352) 392-9057 to establish your exact needs (i.e. swiping machine or eCommerce) and request an application form to create a merchant ID or eCommerce account.
- We have a technical issue with our credit card machine. Can you help us?
- For technical, hardware and troubleshooting support concerning PAX terminals contact:
firstname.lastname@example.org or 1-(800) 675-6573
If they should determine that your unit needs to be replaced call Payment Card Operations at (352) 392-9057 to get a quote and to order a replacement machine.
- What should I do if I am compromised?
- Contact the Privacy Office as well as Treasury Management.
Phone: (352) 294-8720
Fax: (352) 627-9052
PO Box 103175
Gainesville, FL 32610-3175
3007 SW Williston Road
Gainesville, FL 32608
Phone: (352) 392-9057
Physical Address: Criser Hall, Room S-113
- Is it OK to process credit card payments on behalf of a customer on my work computer?
Agents of the University are no longer allowed to process credit card transactions on University-owned devices on behalf of customers. The customer must make the online payment using his or her own device.
- Who should I contact to learn more about PCI Compliance at UF?
- Contact Treasury Management, Payment Card Operations:
- Phone: (352) 392-9057
- Email: email@example.com
- Who is required to complete annual credit card security training?
- Annual training is required for personnel processing credit cards in one of the following categories:
- Has access to cardholder data
- Fiscal officer of account in which credit card payments are credited and/or their delegate
- Handles credit card payments as part of their regular job duties.
- How do I get approval to begin accepting credit card payments or to begin using a new credit card processing method?
- Contact Treasury Management, Payment Card Operations:
- Phone: (352) 392-9057
- Email: firstname.lastname@example.org
- How do I process a refund to an eCommerce transaction (IPAY)?
- Download the eCommerce Credit Card Refund, complete, sign, and send to Treasury Management Payment Card Operations for processing.
- What is the Payment Card Industry Data Security Standard (PCI DSS) and to whom does it apply?
- PCI DSS is the result of a collaboration of the major credit card associations to establish a single data security standard designed to protect sensitive cardholder information. Any entity that stores, processes or transmits cardholder data (including credit and debit cards) must comply with PCI DSS requirements.
- Where can I find the PCI Data Security Standards (PCI DSS)?
- PCI DSS requirements are defined by the Payment Card Industry Security Standards Council (PCI SSC). Visit the PSCI SSC website for more information.
- What is meant by ‘cardholder data’? What credit card information can I store?
- Cardholder data is any personally identifiable data associated with a cardholder. This could be an account number, expiration date, name, address, social security number, etc. When required for business purposes, the following information may be stored:
- Primary Account Number (PAN)
- Cardholder Name*
- Service Code*
- Expiration Date*
*Any of these elements being stored in conjunction with the primary account number must be protected in accordance with PCI DSS requirements. The following information may never be stored subsequent to authorization:
- Full Magnetic Stripe
- Card Validation Code (CVC2/CVV2)
- PIN/PIN Block
- Do departments or units using third-party processors have to be PCI compliant?
- Yes. Merely using a third-party company does not exclude a company from PCI compliance. It may cut down on risk exposure and consequently reduce the effort to validate compliance. However, it does not mean the company can ignore PCI.
- What are the penalties for noncompliance?
- The payment brands may fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream until it eventually hits the merchant. Furthermore,
- Non-compliance can result in fines and remedial efforts that could easily exceed $1 million. Costs include fines, forensic exams, cardholder notifications, setup of a call center, credit monitoring and more costly compliance requirements. The costs would be the responsibility of the merchant.
- Fraud and identity theft are a risk to customers (students, faculty/staff and general public) if a department is non-compliant.
- Breach of cardholder information can result in negative publicity and damage to UF’s reputation.
- The bank will also most likely either terminate your relationship or increase transaction fees.
- What is vulnerability scanning and do I need it to validate compliance?
- If you electronically store cardholder data post authorization or if your processing systems have any internet connectivity, a quarterly scan by a PCI SSC Approved Scanning Vendor (ASV) is required.
- Who can help me make corrections to my deposit?
- Anyone on the Deposit Control team. Contact us through email@example.com or call (352) 392-9057.
- Who can delete a deposit?
- ONLY Treasury Management-Deposit Control can delete a deposit. Please contact our office at (352) 392-9057 or firstname.lastname@example.org and request us to delete the deposit. Include the Deposit Unit and ID.
- When entering a deposit in PeopleSoft, how do I change the accounting date on my deposit?
- Navigate in my UFL to: Main Menu>Accounts Receivable>Payment>Direct Journal Payment> Modify Accounting Entries
- Enter the Deposit Unit and ID
- Click on Search.
- Deselect the Complete box
- Click OK when the warning box is prompted
- Click Save
Navigate to Accounts Receivable>Payment>Direct Journal Payment>Create Accounting Entries
- Select the Deposit control tab
- Change the Accounting Date to the desired date.
- Select the Accounting entries tab
- Select the Complete box
- Click Save
- Why is it important to have the support documentation for the cash and check deposit?
- The support documentation is not required to be attached to the departmental deposit when it is submitted to the University Cashier. However, it provides data necessary for audit and proper identification to the department’s records. Support documentation should provide support for the Cash/Check receipted with a Uniform Cash Receipts (UCR) or a cash register tape. It also includes receipted log information for incoming checks.
- What accounting date should be used for my deposits?
- Cash and Check deposits accounting date is determined by the day the deposits is verified by the TM Cashiers.
- Credit Card accounting date is determined by the settlement date.
- ACH/Wires accounting is determined by the date on the addendum.
- When will my funds be available?
- We budget check all deposits daily, which updates your available balance in Commitment Control.
- Cash and Checks are budget checked after they have been counted and ChartField information validated.
- Credit Cards and ACH/Wires are budget checked daily after they have been verified and logged.
- Why is a voucher number important to include in my deposit of a cash expense refund?
- Refunds related to expenses should always be deposited to the same ChartField from which the original expense was paid. Enter the original voucher number, expense report number, or journal ID number in the reference field of the Journal Reference Information Tab when making the deposit. Treasury Management must verify the ChartField information on the original expense against the ChartFields in the deposit.
- How do I order a locked bag?
- Orders should be sent via email to the University Cashier’s Office and should include the chart field string. The order will be placed by the University Cashier Office and then followed up with an email once the bag is available for pickup and what the current charges will be for the bag.
ACH, EFT and Wires
- How do I send a bank wire?
- The bank wire form is located on the Treasury Management website. This must be completed in full. There must be an approved voucher in the AP system for a wire to be released. Fax the wire form and backup to 846-3576 as well as to AP imaging. If you are sending funds to a foreign vendor for the first time you must contact Tax Services for approval.
- Can I send a wire in a foreign currency?
- Yes. The amount on the bank wire form should be the amount of the foreign currency you wish to send. Your voucher will be in the equivalent amount of USD. You can do a currency exchange calculation at XE.com. Keep it mind that this site is a wholesale site and the final amount of the wire in USD will usually be greater than the voucher. We will have the voucher amount corrected at the time of the wire being issued.
Human Subject Payment (HSP) System
- What is the Human Subject Payment (HSP) system?
- The Human Subject Payment system is a myUFL module that allows researchers or their study team members to request payments for research participants (such as prepaid Visa cards, gift cards, cash), and provides a secure method of recording those payments.
- Who’s affected?
- Anyone who pays research participants (other than in-kind payments, or Mechanical Turk payments) will need to use the HSP system.
- Is this required?
- Yes, anyone who pays research participants is required to use the HSP system.
- When will it be required?
- All payments to research participants should go through the new HSP system beginning July 14, 2014.
- What security role(s) will I need?
- That depends on what tasks you will perform. Please see the Security section for more information.
- What types of payments are authorized to pay research participants?
- Prepaid Visa cards, gift cards and cash are available through the HSP system. Checks are not an authorized form of payment.
- Are prepaid Visa cards and gift cards the same as cash?
- Yes. Prepaid Visa cards are initially unloaded and the study custodian will load the card(s) with funds. Gift cards are fully funded.
- What authorized suppliers can I use if I want gift cards?
- The university has corporate accounts with Walmart, Publix, Target, Amazon, and Starbucks. Treasury Management will make these purchases for you. Electronic gift cards (eGift cards that can be emailed) are available through Amazon, Starbucks, and Walmart as well; however, please keep in mind that eGift cards cannot be returned to Treasury for credit to the study if not used. Other suppliers may be considered based on study requirements.
- How long will it take to receive prepaid Visa cards or supplier gift cards?
- Prepaid Visa cards require 1-2 days for processing by Treasury before the study custodian will be able to pick the cards up. Treasury will notify the custodian when cards are available for pickup. Prepaid Visa cards are unloaded and it may take up to 48 hours for any funds to appear on the card. Vendor gift cards (i.e. Walmart, Publix, and Amazon) must be ordered from the supplier and delivery can take 1-2 weeks from the date ordered, depending on shipping.
- Where should I pick-up the gift cards?
- The custodian will need to come to Treasury Management in Criser Hall to pick-up the cards.
- Can I still purchase gift cards with personal funds and be reimbursed?
- No, all gift cards (and prepaid Visa cards) are purchased through the HSP system. You should not continue to purchase gift cards and expect to be reimbursed.
- What if I have a study that was opened prior to HSP and have leftover gift cards? Will Treasury Management buy back the gift cards?
- No. Treasury will not buy back any gift cards from studies prior to HSP. Treasury will only buy back gift cards that Treasury purchased for a study in HSP.
- When will the funding source get charged?
- Cost centers will be charged on a regular basis, generally once a week, by Treasury Management using journal entries. Please be sure there is adequate budget to cover purchases as billings are processed in batches for entire university research population.
- What if I’m just requesting a check?
- Check are not an authorized payment method and should not be used to pay research study participants.
- Do I need to go through the system if I’m paying in-kind?
- No. The system is only for cash and cash-equivalent type payments (i.e. prepaid Visa cards and gift cards). In-kind payments of goods (i.e. diapers, toothbrushes, tote bags) do not qualify.
- Whom can I contact?
- Contact Treasury Managements HSP team either by email, Treasury-HSP@admin.ufl.edu or by phone at 352-392-9057.
- Do payment types (gift cards, cash, etc.) purchased prior to July 14, 2013 need to be recorded in the HSP module?
- No. Payment types purchased by the department or investigator before July 14, 2013, should not be entered into the HSP system. Only new payments obtained through HSP will be captured.
- Which number do I use on a receipt or log to record Prepaid Visa Card distribution?
- There is a Proxy ID number located in the top of section the envelope window. This is not the 16-digit card number the participant sees.
- Should the participant activate their prepaid Visa cards?
- Yes. When the card is given to the participant the card holder must activate their prepaid card by contacting Bank of America customer service team.
- What should I do if a participant loses a card?
- The answer depends on whether the lost/misplaced card is a prepaid Visa card or a gift card (i.e. Walmart, Publix, etc). If the lost card is a prepaid Visa card, then the participant can report the card lost to Bank of America and request a replacement card for a fee. If the lost card is a gift card, then the card is essentially “gone” and the study custodian will need to determine whether or not to replace the gift card.
- If the study payments are logged in the HSP system, do I still need to obtain a participant’s signature?
- Yes. The study custodian will need to keep a record, either by receipt or a log, which includes the name of the participant, the payment identification number (e.g. gift card number, proxy ID number, receipt number, etc.), and the participant’s signature.