Accounting Services Section (ACT)
Effective Date: 08/01/2006
Last Modified Date: 04/19/2007
Related Policies: Credit Card Merchant Services
Responsible University Officers: University Controller and Assistant Vice Chancellor for Enterprise Applications, ITS
Responsible Units: Accounting Services, Cashier's Office, Controller's Office, ITS
In support of the Credit Card Merchant Services policy, the following procedures are included.
1. Application Forms: Application forms necessary for approval to accept credit card payments and to set up a merchant account can be obtained by contacting the Cash Manager in Accounting Services. The Cash Manager will assist the department with the completion of the required application forms.
2. Service Level Agreements: The applicable Service Level Agreement (SLA) for credit card merchant services shall be reviewed, signed by the departmental representative, and forwarded to the Cash Manager in Accounting Services. There are four types of SLA’s as follows:
- Form SLA-1, Internet Common Payment Service
- Form SLA-2, Internet Non-CPS (under development)
- Form SLA-3, Point-of-Sale (under development)
- Form SLA-4, Yahoo Store Front (under development)
Reconciliation, Settlement, and Transaction Posting
1. University Department Functions: University departments accept credit card payment through customized internet applications, Yahoo store fronts or point of sale (POS) terminals, collectively referred to as CP system in this document.
1st Business day: Departments prepare an internal transaction log of the credit card payments received. This transaction log is generally an internally developed tracking tool which may be an Excel spreadsheet or screen print or an extract of the CP system. This transaction log should include transaction number, effective date, payment amount, and contact information of the individual making the credit card payment.
2nd business day: Departments access transaction report (some CP system may refer to it as settlement report), generated by the CP system, listing actual credit card payments posted to the University bank account (Wachovia bank). Departments compare and reconcile the transaction report to the internal transaction log, both individual transactions and in the aggregate; research variances; and make appropriate adjustments to the internal transaction log. This reconciliation process is critical for timely processing and posting transactions to departments’ Financial Records System (FRS) accounts.
Using the above reconciled report, departments prepare and submit a Daily Cash Transmittal (DCT) through the Daily Deposit System. The DCT confirms the amount of the credit card payments received and allocation of the funds to the appropriate FRS accounts and objects.
2. University Cashier's Office Functions:
3rd business day: University Cashier’s Office retrieves the DCT data from the Daily Deposit System and compares it to the Electronic Advice, which is a previous day balances report, received via web from Wachovia Bank. Cashier’s Office contacts respective departments and resolves discrepancies noted between the DCT data and Electronic Advice.
Cashier’s Office sends reconciled DCT data to Accounting Services electronically for the Data Collect (FRS) to post. A hard copy of the DCT data and Electronic Advice is sent via interoffice mail to Accounting Services.
Cashier’s Office certifies with the State Treasurer the credit card payment deposited, State funds only, in the University account at Wachovia Bank. No certification is required for credit card payment deposits applicable to Non-State funds.
3. Accounting Services Functions
3rd business day: Data Collect system performs FRS validation routine on the DCT batch and generates a preliminary report. Accounting Services receives a hard copy of the preliminary report on the morning of the 4th business day.
4th business day: Accounting Services performs the following functions:
- Reviews the preliminary report for any error messages. Error messages may range from invalid account number to incorrect object codes.
- Contacts departments to resolve these error messages.
- To ensure accuracy and completeness, the preliminary report is compared to the hard copy of the DCT data received.
- Approves preliminary report, rerun Data Collect batch after correction, close the batch and release the report for overnight posting to FRS.
5th business day: Accounting Services receives daily diagnostics report which is compared to the DCT data batch for the amount, and reviewed for any rejected transactions. Rejected transactions are investigated and correction posted manually.
Annual Questionnaire and Periodic Scans
To validate compliance with PCI, the Office of the State Controller is requiring merchants at all levels to complete the PCI annual self-assessment questionnaire and to perform the required network scans for all externally-facing IP addresses. The University will provide an approved vendor that is authorized to issue a PCI compliance certificate to a merchant. The initial set up process and communication with the approved vendor will be administrated by the Controller’s Office. The questionnaire and scans will be administrated by ITS-Security. Once a merchant is in production, access to the approved vendor’s compliance tool will be assigned by the Controller’s Office. The merchant will then work with ITS-Security to complete the required questionnaire and scans to certify PCI compliance. The annual questionnaire and periodic scans procedure does not apply to swipe terminal applications. Swipe terminal applications will be required to complete the PCI annual self-assessment questionnaire that will be administered and reviewed by the University Controller’s Office. If an active merchant becomes non-compliant with the PCI Data Security Standard, the ability to accept payments by credit cards will be revoked until a compliant status is attained.
Credit Card Administrator Listserv
Departmental staff members who perform credit card administrative duties may participate in a campus Listserv. To initiate or cease participation in the Credit Card Administrator Listserv, an email should be sent to email@example.com. This restricted Listserv is only available to employees of the University of North Carolina at Chapel Hill who have managerial, administrative, or operational duties as a credit card merchant.
The email list is used to send out information regarding policies and procedures for the administration of credit card transactions and data. The email list is also used to distribute information from the NC Office of the State Controller regarding credit cards.
Return to Accounting Services Section Contents
Return to Business Manual Table of Contents