Skip to Search Skip to Navigation Skip to Content

Section 11: Cash and Investments

CASH HANDLING AND MANAGEMENT

Effective Date:

02/02/09

Approved By:

Kerry Kennedy, Vice President, Business Affairs

Last Revised On:

11/08/13

For Assistance Contact:

Director of Financial Services and University Bursar: 210-458-4221
Associate Vice President, Financial Affairs

PURPOSE/SCOPE

Under this guideline, cash is defined as currency, checks and credit cards unless otherwise specified.

The proper handling of cash is a necessary control function. Supervisory personnel must monitor constantly to detect any control weaknesses and should obtain explanations for fluctuations.

AUTHORITY

Authority is provided by the University of Texas System Administration Policy – UTS166 – Cash Management and Cash Handling Policy.

When a department receives authorization to accept cash payment for services, the department head is responsible for adhering to this guideline and assuring all employees are properly trained.


UNIVERSITY GUIDELINES

Table of Contents

A. Requesting Approval to Accept Payments on Behalf of UTSA

A department head must request authorization to accept payments — in the form of currency, checks and/or credit cards — on behalf of UTSA by submitting the following forms to the Office of Financial Services and University Bursar:

Any employee authorized to handle or accept currency, checks or credit cards on behalf of UTSA must attend the Cash Handling 101 (AM 560) training class. See TXCLASS for more information, including registration.

If the department head or any authorized cash handlers change, updates must be promptly submitted to the Office of Financial Services and University Bursar. Changes to authorized cash handlers may be submitted via e-mail, but changes to the department head must be evidenced by resubmission of the Department Cash Handling Request and Departmental Cash Handling Security Policy forms.

B. UTSA-Designated Credit Card Processor

Global Payments Direct Inc. is the firm under contract with UT System for processing all credit card transactions on behalf of UTSA, including authorization and settlement.

A department head must request approval from the Office of Financial Services and the University Bursar before accepting credit card payments on behalf of UTSA. See Requesting Approval to Accept Payments on Behalf of UTSA for more information.

After review and approval, the form is forwarded to Accounting Services to obtain merchant ID/account numbers for the requesting department, if applicable.

NOTE: It may take up to several weeks to establish a merchant account.

Departments must use a credit card processing system that is certified by UTSA's credit card processor.

Any exceptions to the use of Global Payments as credit card processor must be approved by the Chief Business Officer (CBO).  A memo detailing the requirement to use another vendor and the benefit to UTSA must be submitted to the Director of Financial Services and University Bursar to be considered.  Exceptions will not be considered unless a significant benefit to UTSA or contractual obligation to use another vendor is shown.

1. Establishing a new credit card merchant account

A merchant ID/account is required for departments requesting to process credit card transactions via dedicated credit card terminals or online with a third-party vendor. Requests must be submitted using the Departmental Cash Handling Request Form.

NOTE: Departments electing to process credit card payments via Fiscal Services are not required to establish a merchant ID/account number. However, this determination is based on recommendations of the Director of Financial Services and the University Bursar.

    Accounting Services coordinates all account and merchant ID/account setup — as well as hardware purchases with UTSA’s designated credit card processor.

C. Departmental Responsibilities

The department head is responsible for assuring that the following internal controls are in place prior to accepting cash, checks and/or credit cards:

  1. Adequate segregation of duties: An employee may not be responsible for more than one of the following cash handling roles:

    • Cash, check and/or credit card collection

    • Deposit preparation

    • Maintaining accounting records

    • Reconciliation

  2. Cash register tapes or logs must be completed and attached to deposits on a routine basis to ensure that all income is being deposited.

  3. Income in the departmental accounting system should be reconciled with the DEFINE Statement of Account.

  4. Income trends must be analyzed to determine whether actual income matches expected income.

  5. Procedures must be implemented to ensure security of credit card numbers and expiration dates, as required for PCI compliance. This sensitive data should be destroyed after successful completion of the credit card transaction and should not be accessible to employees not directly involved in the processing of the transactions.

D. Documentation File

Once a department receives approval to accept payments on behalf of UTSA, a file must be created and maintained that includes:

  • An authorization for each petty cash fund used by the department, if applicable.
    NOTE: Fiscal Services is responsible for approving appropriate petty cash fund requests.

  • A copy of the Departmental Cash Handling Security Policy.
    NOTE: The Internal Audit Office may review this document periodically.

  • Validation that affected employees have read this guideline and have attended Cash Handling training.


E. Identification (checks and credit cards only)

One form of identification must be obtained by departmental personnel when accepting a check or credit card payment in-person. Acceptable ID is as follows:

  • UTSA ID card

  • Valid Texas State ID or driver’s license that contains a photo of the check issuer or credit card holder.

  • Valid out-of-state issued ID or driver’s license that contains a photo of the check issuer or credit card holder.

F. Records Retention

In accordance with the institutional Record Retention schedule, all paper and electronic records must be retained in a secure location for the current fiscal year and the prior three fiscal years. Department heads should shred or destroy such records that are older than we are required to retain.

Departmental procedures for destruction of physical and electronic documents must be documented on the Departmental Cash Handling Security Policy and must be on file with the Office of Financial Services and University Bursar.

    NOTE:

    • Departments may photocopy checks for retention, however, the routing and account number (printed on the bottom of the check) must be removed as it creates a risk of unauthorized use of account information.
    • Under no circumstances should credit card numbers and expiration dates be maintained on any retained documentation. Customer credit card numbers and expiration dates should only be kept until the transaction is successfully completed. Simply concealing the numbers with a marker or by other means is not sufficient and the department must ensure that they are destroyed or removed from any forms retained.

G. Credit Card Payment Processing Methods

Departments can select one of the following credit card payment processing methods depending on their anticipated transaction volume, credit card acceptance method, credit card type and related processing fees. All methods require authorization from the Office of Financial Services and University Bursar prior to setup.

NOTE: Departments may use the Credit Card Processing Methods — Quick Reference Chart to help determine the most appropriate credit card processing method.

1. Fiscal Services

Departments that process up to 50 credit card transactions per event/month may elect to process credit card payment using the Fiscal Services processing method, which involves providing credit card transaction information — using the Credit Card Payment Form — to be processed on Fiscal Services dedicated credit card terminals.

Also, departments may bill the credit card discount charge to the credit card holder or to a departmental M&O account, except for Visa transactions.

NOTE: Visa prohibits the credit card discount charge to be billed to the cardholder. FSO must bill the credit card discount charge to the departmental M&O account.

No merchant ID setup is required for this option, but departments remain responsible for destroying all retained records of the credit card number and expiration date.

2. Dedicated credit card terminal (Point-of-Sale/POS)

A department head may purchase dedicated credit card terminal(s) to process credit card transactions. Credit card terminal purchases are coordinated with Accounting Services and all related fees will be charged to a departmental account.

A department head is responsible for the physical and electronic security of credit card information, costs associated with credit card transactions and following established accounting and cash handling procedures when using this payment processing method.

The department must purchase a terminal and printer. The terminal requires a power source and a dedicated phone line.

A department head is responsible for security of their dedicated credit card terminals and must ensure they are operated and stored in a secure environment. Criminals are actively targeting vulnerable merchant terminals to steal credit card data for fraud purposes. At a minimum, departmental personnel must track and routinely inspect their dedicated credit card terminals, ensuring that unauthorized persons cannot access these machines — both during business hours and when the university is closed. If a dedicated credit card terminal is missing/stolen or if it is suspected of being tampered with, contact the Director of Financial Services and University Bursar immediately.

3. Online with third-party vendor

A department head may request the third-party vendor processing method when accepting credit card payments online — for example, via a department website.

Set up of a third-party vendor for the online payment acceptance method is subject to normal purchasing regulations. Departments are responsible for the physical and electronic security of credit card information, costs associated with credit card transactions and following established accounting and cash handling procedures when using this payment processing method.

All third-party internet processors must be certified with Global Payments Direct Inc. and remittances must be routed to Global Payments Direct Inc., rather than directly to a UTSA bank account.

Any exceptions to the use of Global Payments as credit card processor must be approved by the Chief Business Officer (CBO).  A memo detailing the requirement to use another vendor and the benefit to UTSA must be submitted to the Director of Financial Services and University Bursar to be considered.  Exceptions will not be considered unless a significant benefit to UTSA or contractual obligation to use another vendor is shown.

NOTE: Typically, these vendors will charge a setup fee, monthly or transaction fees, a percentage of sales, or combinations of each.

Third party vendors must also be certified as compliant with Payment Card Industry Data Security Standards (PCI DSS). Departments must ensure that the contract includes language wherein the vendor acknowledges their responsibility for security of UTSA credit card information in compliance with PCI DSS.

Department heads who allow other units within their divisional reporting structure to use their third-party vendor or website are responsible for ensuring that the using department and their cash handlers have attended the Cash Handling 101 (AM560) training class and are familiar with all credit card PCI compliance issues. The department head that "owns" the merchant ID or website is responsible for adherence with all cash handling regulations, including submission of the deposit and settlement information to Fiscal Services.


H. Credit Card Related Fees

Department heads are responsible for all costs associated with credit card processing, including but not limited to, setup fees, monthly maintenance fees, bank fees, credit card discount charges, and per transaction fees. See Credit Card Discount Charges and Fees for more information and a list of current fees.

1. Credit card discount charge

A credit card discount charge is a percentage of total sales that a merchant pays to a credit card company (for example, MasterCard) each time the merchant accepts a credit card payment. Discount charges vary by credit card company (for example, MasterCard, Visa, American Express, Discover) and by classification of merchant department.

NOTE: Card-absent transactions — transactions where the credit card is not physically present — may be charged a slightly higher discount charge.

The credit card discount charge is billed monthly for each credit card type and is based on each department’s selected payment processing method:

Payment Processing Method Credit Card Discount Charge

Dedicated credit card terminal and online with third-party vendor

Credit card discount charges are automatically charged to the department’s M&O account (provided to Accounting Services via Departmental Cash Handling Request Form).

Fiscal Services

Appropriate department personnel determine whether to charge the discount charge to the cardholder or to their M&O account, except for Visa transactions. Visa prohibits the credit card discount charge to be billed to the cardholder. FSO must fill the departmental M&O account.

NOTE: Credit cards must be charged only once for the total sale, including the discount charge.

  • Billed to department M&O account: M&O account must be referenced on the Deposit Transmittal Form.


2. Dedicated credit card terminal fees

Dedicated credit card terminals must be purchased by departments that elect to process credit card payments via a dedicated credit card/Point-of-Sale terminal.


I. Payment Card Industry (PCI) Credit Card Compliance

Departments must keep copies of all credit card information confidential and protected from misuse in compliance with the Payment Card Industry Data Security Standards (PCI DSS). Annually, all departments who accept and process credit card payments must validate that their acceptance processes comply with PCI standards by completing applicable Self-Assessment Questionnaires (SAQ) in conjunction with the Office of Financial Services and University Bursar.

PCI Data Standards are the responsibility of each department that accepts credit card payments. Severe penalties for non-compliance that results in the compromise of UTSA’s customers’ credit card information could result in monetary penalties and costs and/or suspension of UTSA’s authority to accept credit card payments.

The Office of Financial Affairs and University Bursar will periodically review departmental processes related to credit card security, acceptance and processing. Departments who are discovered to be out of compliance with PCI Data Standards may have their ability to accept credit cards removed and any applicable merchant IDs revoked. Revocation of authority to accept credit cards can result from failure to comply with the PCI Data Standards below, or failure to complete the annual Self-Assessment Questionnaire (SAQ).

  • Build and Maintain a Secure Network

    • Install and maintain a firewall configuration to protect cardholder data

    • Do not use vendor-supplied defaults for system passwords and other security parameters

  • Protect Cardholder Data

    • Protect stored cardholder data

    • Encrypt transmission of cardholder data across open, public networks

  • Maintain a Vulnerability Management Program

    • Use and regularly update anti-virus software

    • Develop and maintain secure systems and applications

  • Implement Strong Access Control Measures

    • Restrict access to cardholder data by business need-to-know

    • Assign a unique ID to each person with computer access

    • Restrict physical access to cardholder data

  • Regularly Monitor and Test Networks

    • Track and monitor all access to network resources and cardholder data

    • Regularly test security systems and processes

  • Maintain an Information Security Policy

    • Maintain a policy that addresses information security


DEFINITIONS

Term Definition

Authorization

A request from a merchant to charge a credit card - the credit card is not actually charged until the authorization is settled.

Bank Credit Transactions

Each settlement (closeout) of a credit card batch creates a credit transaction to the bank.  Since batches must be settled daily, there will be a bank credit transaction for any day a credit card payment is received and processed.

Chargeback

A customer-initiated procedure to contest a charge. Merchants are generally given less than 10 days to produce evidence that the charge against the customer's credit card was valid. If this evidence cannot be provided, the funds are taken from the merchant and credited to the customer. Chargeback’s are very difficult to refute for purchases made over the web, because the card holder's signature is never obtained.

Credit

Canceling a credit card transaction that has been authorized and settled.

Credit Card Discount Charge

A fee that is billed by a credit card company to a merchant each time a transaction is processed. The discount charge differs and is based on how the transaction is processed (for example, card swipe, online or via manual entry).
See Credit card discount charge for more information.

Credit Card Security Code (CVC/CVV/CID)

A three or four-digit code printed on the front (or back) of a credit card. It must be obtained to further identify if a credit card is physically present during a transaction that occurs:  

  • Over the Internet

  • By mail

  • By fax

  • Over the phone

Gross Sales

The total dollar amount of all sales.

Merchant

A department that has been authorized to accept credit card payments on behalf of UTSA. For the purposes of the PCI DSS, a merchant is defined as any entity that accepts payment cards bearing the logos of any of the five members of PCI SSC (American Express, Discover, JCB, MasterCard or Visa) as payment for goods and/or services. 

 

Merchant ID/account number

An account used to identify credit card payments that are processed by a specific department.

Merchant ID/accounts are required for departments that elect to process credit card payments using dedicated credit card terminals or a third-party vendor (for online payments).

Privacy Policy

A statement published on a web site that explains what is done with the information provided by the customer. This statement should notify the customer if the information provided is being made available for use beyond the service being sold.

Sales Tax

A tax on the sale of taxable tangible personal property and taxable services within the State of Texas.

For more information see Sales Tax, a section of FMOG - Processing Cash Payments.

Settlement

A procedure in which a merchant requests that some or all authorized transactions be processed by a credit card processor. This processing includes charging the customer's credit card and transferring the money owed to the merchant.

Void

Canceling a credit card transaction that has been authorized, but not settled. See also Credit.

REFERENCES/LINKS

RELATED FORMS/WORKSHEETS

  1. Cash Handling Request Form

  2. Departmental Cash Handling Security Policy

  3. Deposit Transmittal Form

  4. Credit Card Processing Methods — Quick Reference Chart

  5. Credit Card Payment Form

  6. Credit Card Discount Charges and Fees

  1. UTSA Check Register


REVISION HISTORY

Date Description

11/08/2013

Added exception when we started using TicketMaster at UTSA.

05/11/12

Added process for notifying the Office of Financial Services and University Bursar when a department head or any authorized cash handler changes to the Requesting Approval to Accept Payments on Behalf of UTSA section.

09/19/11

Added second certification requirement for all third-party internet processors. Departments must also ensure vendors are certified as compliant with Payment Card Industry Data Security Standards (PCI DSS).

02/21/11

  • Departments should shred documents that no longer need to be retained.

  • Departments cannot retain any documents that contain credit card numbers and expiration dates.

  • Added department head responsibilities for the security of their dedicated credit card terminals.

  • Added departmental responsibilities when allowing other units within their divisional reporting structure to use their online third-party vendor.

  • Departments that accept and process credit card payments must annually validate that their acceptance processes comply with PCI Standards.

  • Departments that are out of compliance with PCI Data Standards may be penalized, or may no longer be authorized to accept credit card payments on behalf of UTSA.

02/26/10

All employees authorized to handle or accept currency, checks or credit cards on behalf of UTSA must attend the Cash Handling 101 (AM 560) training class.

06/11/09

Update to format.

02/02/09

Departments must obtain approval by The Office of Financial Services and University Bursar before accepting cash or checks on behalf of UTSA. If checks are photocopied, the customer account and routing numbers must be removed. Deposit transmittal forms must be countersigned by a supervisor.


In All We Do, We Do With Excellence - Every Person - Every Day - Every Job