What are our current initiatives?
Payment Card Operations
- DSO Onboarding: The focus in 2019 will be to develop an onboarding process for Direct Support Organizations (DSO) in regards to a possibly central management of credit card merchant accounts as well as PCI compliance. The first such onboarding and pilot project will be done in collaboration with the UF Foundation. Thereafter, we will continue to socialize the onboarding process with the other DSOs to explain what the university provides and to understand their compliance needs.
- Payment Card Security Awareness Training: The current online training courses TRM100 and TRM150 for payment card security and PCI compliance will be consolidated into one training TRM125, which will need to be taken annually to satisfy a requirement of the Payment Card Industry Data Security Standard (PCI DSS). The rollout of this training is anticipated in late August, 2019.
Human Subject Payments (HSP)
- Expanding HSP Activity: We are working to expand an HSP related activity pilot to utilize the HSP module to provide Visa Prepaid Bank Debit Cards to researchers in the field, allowing them to pay for business expenses where traditional payment methods (cash advance, P-Card, direct payment) do not work.
- myUFL Bank Reconciliation Module: Evaluation of proposals in progress of an Invitation to Negotiate (ITN) for PeopleSoft consulting firm to upgrade the bank reconciliation module.
Petty Cash/Change Funds
- Unannounced Counts/Reviews: Treasury Management will be conducting unannounced counts and reviews of Human Subject Payments (HSP) stipend funds (i.e. cash, gift cards, bank debit cards).
Payment Card Operations
- We would like to start accepting credit cards in our department. What do we need to do to get set up?
- Contact Payment Card Operations at (352) 392-9057 to establish your exact needs (i.e. swiping machine or eCommerce) and request an application form to create a merchant ID or eCommerce account.
- We have a technical issue with our credit card machine. Can you help us?
- For technical, hardware and troubleshooting support concerning PAX terminals contact:
email@example.com or 1-(800) 675-6573
If they should determine that your unit needs to be replaced call Payment Card Operations at (352) 392-9057 to get a quote and to order a replacement machine.
- What should I do if I am compromised?
- Contact the Privacy Office as well as Treasury Management.
Phone: (352) 294-8720
Fax: (352) 627-9052
PO Box 103175
Gainesville, FL 32610-3175
3007 SW Williston Road
Gainesville, FL 32608
Phone: (352) 392-9057
Physical Address: Criser Hall, Room S-113
- Is it OK to process credit card payments on behalf of a customer on my work computer?
Agents of the University are no longer allowed to process credit card transactions on University-owned devices on behalf of customers. The customer must make the online payment using his or her own device.
- Who should I contact to learn more about PCI Compliance at UF?
- Contact Treasury Management, Payment Card Operations:
- Phone: (352) 392-9057
- Email: firstname.lastname@example.org
- Who is required to complete annual credit card security training?
- Annual training is required for personnel processing credit cards in one of the following categories:
- Has access to cardholder data
- Fiscal officer of account in which credit card payments are credited and/or their delegate
- Handles credit card payments as part of their regular job duties.
- How do I get approval to begin accepting credit card payments or to begin using a new credit card processing method?
- Contact Treasury Management, Payment Card Operations:
- Phone: (352) 392-9057
- Email: email@example.com
- How do I process a refund to an eCommerce transaction (IPAY)?
- Download the eCommerce Credit Card Refund, complete, sign, and send to Treasury Management Payment Card Operations for processing.
- What is the Payment Card Industry Data Security Standard (PCI DSS) and to whom does it apply?
- PCI DSS is the result of a collaboration of the major credit card associations to establish a single data security standard designed to protect sensitive cardholder information. Any entity that stores, processes or transmits cardholder data (including credit and debit cards) must comply with PCI DSS requirements.
- Where can I find the PCI Data Security Standards (PCI DSS)?
- PCI DSS requirements are defined by the Payment Card Industry Security Standards Council (PCI SSC). Visit the PSCI SSC website for more information.
- What is meant by ‘cardholder data’? What credit card information can I store?
- Cardholder data is any personally identifiable data associated with a cardholder. This could be an account number, expiration date, name, address, social security number, etc. When required for business purposes, the following information may be stored:
- Primary Account Number (PAN)
- Cardholder Name*
- Service Code*
- Expiration Date*
*Any of these elements being stored in conjunction with the primary account number must be protected in accordance with PCI DSS requirements. The following information may never be stored subsequent to authorization:
- Full Magnetic Stripe
- Card Validation Code (CVC2/CVV2)
- PIN/PIN Block
- Do departments or units using third-party processors have to be PCI compliant?
- Yes. Merely using a third-party company does not exclude a company from PCI compliance. It may cut down on risk exposure and consequently reduce the effort to validate compliance. However, it does not mean the company can ignore PCI.
- What are the penalties for noncompliance?
- The payment brands may fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream until it eventually hits the merchant. Furthermore,
- Non-compliance can result in fines and remedial efforts that could easily exceed $1 million. Costs include fines, forensic exams, cardholder notifications, setup of a call center, credit monitoring and more costly compliance requirements. The costs would be the responsibility of the merchant.
- Fraud and identity theft are a risk to customers (students, faculty/staff and general public) if a department is non-compliant.
- Breach of cardholder information can result in negative publicity and damage to UF’s reputation.
- The bank will also most likely either terminate your relationship or increase transaction fees.
- What is vulnerability scanning and do I need it to validate compliance?
- If you electronically store cardholder data post authorization or if your processing systems have any internet connectivity, a quarterly scan by a PCI SSC Approved Scanning Vendor (ASV) is required.
- Who can help me make corrections to my deposit?
- Anyone on the Deposit Control team. Contact us through firstname.lastname@example.org or call (352) 392-9057.
- Who can delete a deposit?
- ONLY Treasury Management-Deposit Control can delete a deposit. Please contact our office at (352) 392-9057 or email@example.com and request us to delete the deposit. Include the Deposit Unit and ID.
- When entering a deposit in PeopleSoft, how do I change the accounting date on my deposit?
- Navigate in my UFL to: Main Menu>Accounts Receivable>Payment>Direct Journal Payment> Modify Accounting Entries
- Enter the Deposit Unit and ID
- Click on Search.
- Deselect the Complete box
- Click OK when the warning box is prompted
- Click Save
Navigate to Accounts Receivable>Payment>Direct Journal Payment>Create Accounting Entries
- Click the Delete button (“X” next to the lightning bolt icon)
- Click Save
Navigate to Accounts Receivable>Payments>Online Payments>Regular Deposit
- Select the Totals control tab
- Change the Accounting Date to the desired date.
- Click the Payments tab
- Click the Save button
- Click the Apply Payments link
- Click the Create button (lightning bolt)
- Click the Complete box
- Click the Save button
- Why is it important to have the support documentation for the cash and check deposit?
- Support documentation is now required to be attached to the departmental deposit when it is submitted to the University Cashier. Documents should support the purpose of the deposit and the fund and account code used in the Chartfield string. A good rule of thumb is to ask “What would help someone else understand this deposit?” Examples of uploaded documents would be an invoice, sales receipt, statement, cash expense refund form, check log, remittance advice, EFT addendum, etc.
- What accounting date should be used for my deposits?
- Cash and Check deposits accounting date is determined by the day the deposits is verified by the TM Cashiers.
- Credit Card accounting date is determined by the settlement date.
- ACH/Wires accounting is determined by the date on the addendum.
- When will my funds be available?
- We budget check all deposits daily, which updates your available balance in Commitment Control.
- Cash and Checks are budget checked after they have been counted and ChartField information validated.
- Credit Cards and ACH/Wires are budget checked daily after they have been verified and logged.
- Why is a voucher number important to include in my deposit of a cash expense refund?
- Refunds related to expenses should always be deposited to the same ChartField from which the original expense was paid. Enter the original voucher number, expense report number, or journal ID number in the reference field of the Journal Reference Information Tab when making the deposit. Treasury Management must verify the ChartField information on the original expense against the ChartFields in the deposit.
- How do I order a locked bag?
- Orders should be sent via email to the University Cashier’s Office and should include the chart field string. The order will be placed by the University Cashier Office and then followed up with an email once the bag is available for pickup and what the current charges will be for the bag.
ACH, EFT and Wires
- How do I send a bank wire?
- The bank wire form is located on the Treasury Management website. This must be completed in full. There must be an approved voucher in the AP system for a wire to be released. Fax the wire form and backup to 846-3576 as well as to AP imaging. If you are sending funds to a foreign vendor for the first time you must contact Tax Services for approval.
- Can I send a wire in a foreign currency?
- Yes. The amount on the bank wire form should be the amount of the foreign currency you wish to send. Your voucher will be in the equivalent amount of USD. You can do a currency exchange calculation at XE.com. Keep it mind that this site is a wholesale site and the final amount of the wire in USD will usually be greater than the voucher. We will have the voucher amount corrected at the time of the wire being issued.
Human Subject Payment (HSP) System
- What is the Human Subject Payment (HSP) system?
- The Human Subject Payment system is a myUFL module that allows researchers or their study team members to request payments for research participants (such as prepaid debit cards) and provides a secure method of recording those payments.
- Is this required?
- Yes, anyone who pays research participants (other than in-kind payments, mechanical turk payments, or Prolific Academic payments) is required to use the HSP system.
- Can I purchase gift cards with personal funds to pay human subject participants?
- No, all payment types are purchased through the HSP system.
- What security role(s) will I need to access the HSP system?
- That depends on what tasks you will perform. Please see the Overview, Training & Security Roles section for more information.
- I’ve completed all the required trainings and I still cannot access the HSP Module in myUFL. What do I do?
- Ensure that you have the appropriate HSP security roles assigned to you. Active security roles can be viewed via myUFL > Main Menu > My Account > My Roles. If you do not have the required security roles, they will need to be requested in myUFL by your Department Security Administrator (DSA) and approved before access is granted.
- Can I list myself as the study PI, Department Contact and Custodian?
- We recommend that studies have at least 3 people with active HSP security roles assigned to the study team in case changes need to be made to the study in the absence of the primary point of contact (Custodian).
- I am unable to add my PI/study team member to the HSP Study Fund Request (SFR) page. What do I do?
- Ensure that they have the appropriate HSP security roles assigned to them. Active security roles can be viewed via myUFL > Main Menu > My Account > My Roles. If they do not have the required security roles, they will need to be requested in myUFL by your Department Security Administrator (DSA) and approved before the SFR can be updated.
- I am searching for a Study Fund Request/IRB protocol in HSP and I cannot find it. Why?
- The most common reasons this occurs are:
- The study has not yet been created in the HSP system
- The study has not been approved by Treasury Management
- You are not listed as a member of the study team
- The HSP request is closed
Please contact HSP at Treasury-HSP@admin.ufl.edu for assistance.
- What types of payments are authorized to pay research participants?
- Prepaid debit cards and gift cards (physical and electronic) are available through the HSP system. Prepaid debit cards are not loaded until payments are recorded in the HSP Payment Log, and gift cards are preloaded with a specified value. Please see the HSP Toolkits for more information about requesting these payment types.
- Can I pay a human subject participant with a check?
- No. Checks are not an authorized payment method and should not be used to pay research study participants.
- Are in-kind payments required to be recorded in the HSP system?
- No. The HSP system is only required for cash and cash-equivalent payment types (i.e. prepaid debit cards and gift cards). In-kind payments of goods (i.e. diapers, toothbrushes, tote bags) do not qualify.
- If I want to pay human subject participants with gift cards, what authorized suppliers are available?
- The University’s authorized suppliers are Walmart, Publix, Target, Amazon, and Starbucks. Electronic gift cards (eGift cards that can be emailed) are available through Amazon and Starbucks. Please be aware that electronic gift cards cannot be returned to Treasury Management for credit. Treasury Management will make these purchases for you.
- I cannot submit my SFR because the system says my IRB Protocol Number is expired. What do I do?
- Please send the IRB approval letter indicating the approval status to Treasury Management (Treasury-HSP@admin.ufl.edu) and we will override the expiration date for you so you can submit your request.
- How long will it take to receive prepaid debit cards or gift cards from Treasury Management?
- Prepaid debit cards require 2-3 business days for processing before they are available for pickup.
- Gift cards (i.e. Walmart, Publix, and Amazon) will be ordered from the supplier and delivery can up to 2 weeks from the date Treasury Management places the order.
- Electronic gift cards will be ordered from the supplier and require 3-5 business days for processing.
Treasury Management will notify the custodian when the order is available for pickup.
- Where should I pick up my order?
- Physical cards will need to be picked up from Treasury Management by the study Custodian.
- Electronic gift cards will be provided to the study Custodian via email when processing is completed.
- When will the funding source get charged?
- Cost centers will be charged when prepaid debit cards are loaded, generally in 2-3 business days.
- Charges for gift card orders are generally processed in 2-3 business days from the time the cards are picked up by the Custodian.
Since Treasury Management does not encumber funds, please be sure there is adequate budget to cover purchases as billings are processed in batches for the entire university’s research population.
- Where do I record HSP participant payments?
- Payments are recorded in the HSP Payment Log in myUFL. (Main Menu > Financials > UF Human Subject Payments > Payment Log) Participants must be registered to the study before a payment can be issued. Please be aware that payments to Non-Resident Aliens (NRAS) must be processed through UF Payroll Services. More information about providing payments to Foreign Nationals or NRAS can be found on the Payroll Services website.
- Which number do I use on a receipt or log to record prepaid debit card distribution?
- There is a 19-digit Proxy ID number located in the top section of the envelope window. This is not the 16-digit card number the participant sees. The proxy ID begins with a sequence of nine leading zeros and should be used to identify and record the cards. The 16-digit card number should not be known to anyone except the participant.
- I issued a payment incorrectly in the HSP Payment Log. What should I do?
- Please contact HSP at Treasury-HSP@admin.ufl.edu for assistance.
- Gift card payments can generally be removed from the Payment Log.
- Payments processed to prepaid debit cards are not reversible.
- Does the participant need to activate their prepaid debit card?
- Yes. When the card is funded the participant must activate it before it can be used. Prepaid debit cardholders (participants) will need to call the Bank of America customer service number on the insert within the envelope to complete activation (1-866-213-8564).
- What should I do if a participant loses a card?
- The answer depends on whether it is a prepaid debit card or a gift card (i.e. Walmart, Publix, etc.).
- If the lost card is a prepaid bank card, then the participant can report it to Bank of America and request a replacement card for a fee.
- If the lost card is a gift card, then the card is essentially “gone”, and the study administrators will need to determine whether or not to replace the gift card.
- Do I need to obtain a participant’s signature at the time of payment?
- Yes. In addition to recording the payment on the HSP Payment Log in myUFL, the study team will need to keep a record of cards issued. This can be accomplished with a receipt or log that includes the participant’s name, signature, the payment identification number assigned (gift card number, proxy ID number, or receipt number), and date of issuance.
- What happens when the study ends?
- Study coordinators must reconcile payment activity, return unused payment types to Treasury Management, and request closure of the SFR within 60 days of IRB protocol expiration date or conclusion of the study, whichever comes first. More information on closing a study fund request can be found in the HSP Toolkits.
- Where can I find step by step instructions for common HSP processes?
- The HSP Toolkits are an excellent resource to reference when working in the HSP module. They can be found in the Financial Toolkits section on the UF Learn and Grow HR website.
- Whom can I contact?
- Contact Treasury Management’s HSP team either by email (Treasury-HSP@admin.ufl.edu), or by phone at 352-392-9057 .