Section I - Credit Card Operations General Policies - Applicable to all Types of Credit Card Operations
Establishing a University Merchant Services Account
Any department intending to begin the generation of revenue must first receive approval from the Student Receivables Associate Director of Cash Receipting Operations, regardless of the proposed tender types /funds. This request should be made by the business manager of the associated college or operation. Complete a Request to Establish a New Revenue Generating Operation Form and return to Student Receivables. Do not begin the revenue generating operation until approval has been given and training has been completed.
Any department wishing to generate revenue with additional tender types, including bank cards, or make changes in existing revenue generating operations must first receive approval from Student Receivables before any funds are collected. This request should be made by the business manager of the associated college or operation. A form for this purpose can be obtained on the web at http://studentreceivables.ua.edu. Do not expand or implement changes to an existing revenue generating operation until approval has been given and training has been completed.
-
A central merchant services contract is negotiated by the University for all University authorized merchant accounts. By centralizing all merchants, the University of Alabama negotiates a lower rate based on the University’s overall transaction volume. Any questions or problems with a departmental merchant account should be directed to Student Receivables, who will communicate with the merchant services provider if necessary.
-
All merchant accounts for accepting credit cards must be obtained and approved by the Office of Student Receivables. Departments will complete a Request to Establish a Credit Card Operation form and submit it to Student Receivables.
-
Departments cannot negotiate their own contracts with credit card processing companies or contract with companies accepting credit card payments on the department’s behalf.
Costs Associated with Accepting Payment by Credit Card
-
The University is charged a discount fee on all credit card transactions which is passed on to the department (by merchant account). In addition to the per transaction charges, a department may incur other monthly charges, (e.g., insurance, paper statements, charge backs, etc.) and start-up costs such as the cost of a terminal, a phone line, etc.
-
The department is responsible for all expenses associated with credit card merchant accounts. These expenses will be reflected on the department’s monthly credit card statements. At month-end, these expenses will be charged to the Banner FOAP that was provided by the department when the credit card operation was originally established.
-
The price of goods or services cannot be increased because payment is received by credit card rather than another payment method (e.g. check, cash, money order, etc.)
Daily Recording of Credit Card Transactions
-
All University funds received via credit card must be deposited into a University designated bank account. This is accomplished by settling the credit card batch on any UA merchant.
-
All credit card transactions must be settled daily and recorded timely in the University financial records, via a University daily cash transmittal form submitted to Student Receivables.
-
Credit card bank deposit activity is monitored and reconciled monthly by the Office of Student Receivables to ensure that credit card activity is being recorded in UA’s bank account.
-
Departmental personnel must reconcile transactions processed through the terminal/web processor as reflected on the monthly merchant services statement with the sales transactions posted to the department’s Banner Finance records.
Refunding and Disputes of Credit Card Payment
-
When an item or service is purchased using a credit card, and a refund is necessary, the refund must be credited to the same credit card account from which the purchase was made. This is a requirement of the credit card contract. Crediting to the same account used for the charge protects the customer. Processing refunds as a credit back to the card honors the banking agreement and reduces credit card fees incurred by the department.
-
When a customer disputes the validity of a bank card transaction, a notification is sent to Student Receivables and a charge back to the University’s bank account is automatically generated by the University's merchant services provider. If necessary, the Office of Student Receivables will contact the department to obtain information or supporting documentation on the disputed transaction. Departments should not receive such charge back notices directly from UA's merchant services provider. If this should occur, contact Student Receivables. If the dispute is settled in favor of the customer, a refund is automatically issued to the customer by Compass Bank. The department which accepted the payment will be charged for the amount of the transaction plus a $10 charge back fee. The department will be notified that this action has been taken. If applicable, departmental records should be adjusted to reverse the original payment. If the dispute is settled in favor of the University, the department will be charged only the $10 fee (which is charged to UA regardless of the outcome of the dispute).
Reconciliation of Credit Card Records
-
Each merchant account will receive a monthly statement of credit card activity. Visa, Mastercard and Discover transactions will all appear on one monthly statement. If a department is accepting American Express, a separate monthly statement will be issued by AMEX.
-
Departments are responsible for balancing their monthly statements against what has been recorded on UA records. Contact Student Receivables concerning discrepancies or questions.
Protecting and Securing Customers' Personal Information
-
All personal credit card information must be strictly controlled and protected; and securely stored for only as long as there is a business necessity. Failure to maintain strict controls over this information could result in unauthorized use of a credit card number and serious problems for the customer, the department and the University.
-
Personal credit card data should never be moved from the department receiving this data unless a secure delivery method is established and a transfer of custody is in place.
-
Never send or request cardholder information to be sent via unencrypted e-mail, instant messaging, chat, etc.
Possible Loss or Stolen Credit Card Data
-
If a UA customer contacts a department to report suspected fraudulent use of their credit card, the department should contact Student Receivables. Student Receivables will assist and involve other departments as needed.
-
If a department knows or suspects that their credit card receipts or other stored credit card data have been breached, the department should contact the OIT Information Security Officer as quickly as possible.
-
UA has an incident response team which will determine the appropriate course of action needed.
Maintain a Policy that Addresses Information Security
-
Each department that takes payment by credit card must have a written credit card policy and associated procedures to address protection of credit card data. This policy must include data access limitation, data storage, data retention, and data disposal.
-
Each department’s credit card policy and associated procedures must be reviewed annually and updated as appropriate.
-
The department should require all employees (permanent or temporary) who have access to credit card data to acknowledge in writing they have read and understood the department’s security policy and procedures. This written acknowledgement must be reviewed and re-signed annually.
-
The signed acknowledgments should be maintained by the department.
-
You may want to view the policy in force for the Office of Student Receivables, although each department should tailor its policy as appropriate.
-
In addition to the department requirements listed above, UA has Security Policies of a technical nature that apply http://oit.ua.edu/oit/security/.