3031.C PCI Non-compliance Procedure

PCI Non-compliance Procedure

Procedure # 3031.C; Rev.: 1 (Effective September 1, 2020)
Related Policy: UW-3031 Credit Card Merchant Services and PCI Compliance Policy 
Functional Owner: Cash Management, Business Services
Contact: PCI Mailbox: pci-help@bussvc.wisc.edu


Contents

  1. Procedure statement
  2. Who is affected by this procedure
  3. Rationale
  4. Procedure
  5. Supporting tools
  6. Related references
  7. Revisions

I. Procedure statement

The University of Wisconsin-Madison has merchant accounts which accept payment for goods sold and services rendered via payment card transactions. All merchants who accept payments via payment card must comply must comply with Policy UW-3031 and the Payment Card Industry Data Security Standards (PCI DSS). The purpose of this procedure is to provide a framework for the disciplinary steps that will be taken in the event a UW–Madison merchant account is found to be non-compliant with Policy UW-3031 and the PCI DSS. Persistent noncompliance after the enactment of the disciplinary steps described in this procedure may result in the suspension or termination of the non-compliant merchant account.

Back to top


II. Who is affected by this procedure

This procedure applies to all UW–Madison departments that accept payment cards via payment card terminals. This procedure should be understood by all relevant personnel including Divisional Business Representatives (DBRs), Site Managers, and Operators of the merchant accounts.

Back to top


III. Rationale

If a merchant does not appropriately store, process, or transmit cardholder data as defined by Policy UW-3031, deficiencies exist in that merchant account’s standard operating procedures. As a result, these deficiencies deem the merchant account non-compliant with the PCI governance framework. Deficiencies in a merchant’s ability to appropriately secure cardholder data is the foundation of a potential data breach. Acts of PCI noncompliance and data breaches may result in reputational damages, loss of customer confidence and loyalty, and a potential loss of gift and grant donors.

The ability to accept payment card transactions is a convenient and efficient method of collecting revenue owed to the University. This method of payment is a privilege granted to the University by the contracted acquirer, Elavon, and the payment card brands Visa, MasterCard, Discover, and American Express. If a merchant account is not in compliance with the PCI DSS or a data breach occurs, these agencies have the authority to assess fines for noncompliance. These fines begin anywhere between the range of $5,000 to $100,000 per month for violating PCI DSS, depending on the length of noncompliance. These fines would accumulate quickly and could result in hundreds of thousands of dollars in monetary damages.

Further, if Elavon or the payment card brands find the University noncompliant, UW–Madison’s ability to accept payment cards could potentially be revoked. This decision would require departments to find alternative ways to collect revenue and could result in a decline in sales.

Back to top


IV. Procedure

The Division of Business Services Cash Management team and Division of Information Technology (DoIT) Cybersecurity team will jointly conduct a review of campus merchant accounts’ level of compliance on an annual basis and complete a risk assessment. Each risk assessment will document the review team’s opinion of the merchant’s level of compliance with the PCI DSS. A disciplinary step would be implemented if any non-compliant practices are identified.

All risk assessments  which have a level of noncompliance will be presented to the merchant’s Divisional Business Representative for review and signature. Below are examples of possible noncompliance:

Level 0 – No instances of noncompliance identified.

Level 1 – Minor instance(s) of noncompliance identified. Compliant procedures must be implemented as of the next annual review.

  • Incomplete PCI Security Awareness Training
  • Incomplete PCI Operator Training
  • Missing or incomplete device inspection logs
  • Missing merchant standard operating procedures

Level 2 – Significant instance(s) of noncompliance identified. Compliant procedures must be implemented as of a designated deadline which has been agreed upon with the merchant.

  • Working with unsupported technology or non-approved Service Providers
  • Lack of security regarding access to physical devices and technology
  • Inability or neglect to provide documentation indicating appropriate security of e-commerce merchant accounts(s); missing the signed Service Provider’s Attestation of Compliance (AoC)
  • Unauthorized or unsecured storing of cardholder data
  • Inappropriate use of e-commerce merchant accounts or inappropriate use of in-person or over-the-phone transaction processing
  • Failure to implement appropriate procedures to resolve Level 1 noncompliance
  • Failure to complete the annual Self-Assessment Questionnaire (SAQ)

If a deficiency in compliance was identified and agreed upon by the merchant in a previous review, the PCI review team will follow up and evaluate the merchant’s progress towards achieving compliance. If measurable progress has not been made towards achieving compliance, the following disciplinary steps will be executed in this order:

  1. Requirement to attend an in-person PCI Training
  2. Notification from PCI review team of Level 1 noncompliance
  3. Notification from PCI review team of Level 2 noncompliance
  4. Temporary suspension of merchant account for up to 9 months
  5. Permanent termination of merchant account

Back to top


V. Supporting tools

Back to top


VI. Related references

Back to top


VII. Revisions

Procedure Number 3031.C
Date Approved September 1, 2020
Revision Dates Jan. 19, 2021 – Changed Procedure Number to 3031.C from 404.C

Back to top

Refund of Receipts (RoRs) update

This communication is intended for departments that currently submit RoR requests to the Cash Management team for approval.

Cash Management will be granting approval on a case-by-case basis for use of the voucher upload process to facilitate handling and processing of large batches of refund requests. Voucher uploads are intended to expedite processing of repetitive or large quantities of payments. Please email cashmgt@bussvc.wisc.edu for additional information on this process.

Please note that any refunds relating to Covid-19 activities should be coded to the appropriate Covid Account Codes. Please refer to the link below:

Tracking COVID 19 activities in the accounting system (SFS)

Payment Card Industry (PCI) Compliance Guidelines

The COVID-19 pandemic has created many challenges and constraints to the established business processes of many merchants on campus including restricted access to campus and, in many instances, offsite work arrangements. The PCI Compliance Team understands that your established business processes many need to be adjusted to continue conducting business.

If you feel that it is necessary for your merchant account to adjust your business processes to accommodate remote payment card processing, please keep in mind that the PCI Data Security Standards are in effect and must be complied with in carrying out adjusted business processes. While the PCI Compliance Team does not have specific protocols and policies in place to accommodate remote work situations, we are requiring the following at a minimum:

  • Documentation of any changes or modifications to established business processes,
  • Business activity must be conducted on UW-Madison issued work computers and equipment,
  • Global Protect VPN is installed, properly functioning, and connected via a secured internet connection, and
  • Anti-virus and malware software are installed and functioning properly.

With these considerations in mind, the PCI Compliance Team will be reviewing requests for remote processing of payment card transactions on a case-by-case basis. Please send requests for alternative payment card processing to PCI-Help@bussvc.wisc.edu. Any questions or concerns can also be directed to this email address.

Check Deposits – Operational update

For information related to sponsored check payments, please visit RSP’s website at:
https://www.rsp.wisc.edu/COVID-19CheckRoutingGuidance.cfm

For information related to UW Foundation check deposits, please visit the following link:
https://businessservices.wisc.edu/covid-19/update-from-wfaa-regarding-gift-processing/

This communication is intended specifically for UW-Madison related check deposits.

We understand the challenges faced by campus staff for logistics around depositing checks under the current circumstances. Unfortunately, we currently do not have mechanisms in place to facilitate remote handling of check deposits. If this were to change, we will inform as such. Please use your best judgment in carrying out essential business activities, while ensuring employees’ well-being and safety.

We have received numerous questions and hoping to provide some additional guidance through this communication. We have a few options for depositing checks to consider:

  • Deposits made at a US Bank location directly (preferred)
    • Deposits should be secured in a plastic bank bag with deposit ticket and directly dropped off at a US Bank location.
    • Make sure the deposit ticket is included so the bank can process it as a deposit for UW Madison. Each deposit ticket is linked to a specific department and their respective accounting string. If you have any queries, please reach out to us for details at: cashmgt@bussvc.wisc.edu.
    • When making the drop deposits please include a note requesting a receipt. E-mail receipts to cashmgt@bussvc.wisc.edu.
    • For departments without deposit tickets and/or plastic bags, please send requests to cashmgt@bussvc.wisc.edu, and we can request them from for your department.
  • ACH/Wire payments (preferred)
    • As an alternative to check payments, departments may request new and existing customers switch to ACH/wire payments for payment directly deposited into the UW-Madison bank account.
    • It’s a fairly simple process and serves as an opportunity to also improve financial internal controls by shifting from checks to electronic payments. The cash management team strongly encourages this option and is readily available to help set this up.
    • For anyone interested, please forward your requests to us at: cashmgt@bussvc.wisc.edu.
  • Deposit checks dropped off at 21 NPS building
    • Access to the building is currently restricted; however, the building manager, Matt Hanson is onsite (Monday through Friday from 7:30AM- 4:30PM) and will accept check deposits.
    • Please co-ordinate drop off with Matt by email (buildingmanager@bussvc.wisc.edu) or cell phone (608-628-2019) to plan your trip.
  • Interdepartmental mail
    • If interdepartmental mail is still operating for your building, please continue to use per normal process.
    • Please be advised that there have been changes to the mail services scope of operations and schedule. Ensure staff and managers are aware of changes for respective campus locations.
  • Armored car pick up services
    • As campus buildings access has been restricted during the Governor’s stay at home order, many Thillens stops on campus have been cancelled or rescheduled. If you need to cancel or request a pick up please reach out to us at: cashmgt@bussvc.wisc.edu.

If you have any questions or concerns, please do not hesitate to contact us by email at: cashmgt@bussvc.wisc.edu.

Thank you for your help and co-operation.

Cash Management Reminders

Please ensure that effective internal control practices are in place.

    • Checks and cash receipts are stored safely and deposited in a timely manner
    • Stamp or write on back of checks- for UW Madison deposit only
    • If in doubt, please reach out to us in cash management and we are happy to assist
  • State of Wisconsin statute (s 20.906) requires that checks are deposited at least once per week. This requirement is still in effect. Please ensure that your department and teams have made appropriate work arrangements to continue to deliver on this ‘essential’ requirement

Key Contacts:

Cash Management: (cashmgt@bussvc.wisc.edu)
Omar Siddiqi (omar.siddiqi@wisc.edu)
Maria Villaescusa – Deposit Checks (maria.villaescusa@wisc.edu)
Gian Compuesto – Custodian Funds (gian.compuesto@wisc.edu)

Operational Update

Business Services Update and Guidelines for Cash Management and Disbursement Services.

Under the prevailing circumstances arising from the Covid-19 pandemic, with reduced staffing levels onsite and only ‘essential’ activities being performed on campus, we wanted to provide general guidance and updates to address some of the  questions/or concerns you may have.

Please keep the following reminders and considerations in mind:

  • Ensure effective internal control practices are in place. For example:
    • checks and cash receipts are stored safely and deposited in a timely manner
    • stamp or write on back of checks- for UW Madison deposit only
    • if in doubt, please contact cash management with any questions at cashmgt@bussvc.wisc.edu
  • To date there has been no confirmation from Department of Administration that there will be flexibilities to State of Wisconsin statute (s 20.906) requiring checks be deposited at least once a week. The Division is working under the assumption that this requirement remains in effect. In partnership with our UW System colleagues it is mutually recognized that, with limited resources, including mail services, yet anticipating volume may decrease, do the best you can, while having the safety and wellness of employees as the priority.

The Division Cash Management and Disbursement Teams have identified key ‘essential’ activities towards ensuring cash receipts are processed on a regular, periodic basis and properly submitted invoices are paid promptly, to the best of the team’s ability while putting a priority on employee health and wellness. There is currently a small team of essential employees identified to be available at 21 N. Park towards performing the following activities:

  • Interdepartmental mail: Currently, interdepartmental mail will be received on Tuesdays and Fridays and processed as normal.

Cash Management Updates:

  • Deposit Checks: Cash management will deposit checks on a biweekly basis (Tuesdays and Fridays) to align with interdepartmental mail services.
  • Custodian Funds: Custodian fund requests will be processed as usual. Requests may be sent via email to cstdnfnd@bussvc.wisc.edu and will be processed in 1-2 business days. Any requests received via interdepartmental mail will be processed at least weekly.
  • Refund of Receipts (ROR): Requests for approval in cash management can be sent by email (preferred) at cashmgt@bussvc.wisc.edu. Any requests received via interdepartmental mail will be processed at least weekly.

If you have any questions or concerns relating to Cash Management functions, please do not hesitate to contact us by email at: cashmgt@bussvc.wisc.edu.

Disbursement Updates:

  • Outgoing Checks: Outgoing checks will be created on a biweekly basis (Tuesdays and Fridays) to align with interdepartmental mail services. ACH, PPL, and Wires will continue to be processed daily. Please note this includes Emergency Transaction (ET) checks.
  • Email Payment Requests: Direct Payments (DP) and Payments to Individuals (PIR) may be submitted as a PDF attachment to ap-invoices@bussvc.wisc.edu. The subject line of the email must reference “PIR”, “DP”, or “EMERGENCY TRANSACTION”. The email must be sent from an authorized approver or the authorization emails must be included in the PDF of the DP or PIR. All required documents must be combined into a single PDF and only one payment request is permitted per PDF file. Multiple PDFs for multiple requests may be submitted in a single email. Emergency Transactions (ETs) should be emailed to uwmsnap@bussvc.wisc.edu. W-9s including a social security number (SSN) should be sent interoffice mail or faxed to (608) 265-9035.

As you may expect, the future status and availability of courier drop offs or pick ups from 21 N Park is not known at the present time.

Please note that, at the present time, open office hours for 21 N Park suite 5301 will be reduced to 10:00 am to 12:00 pm. If the building is restricted to building card access, call for pick up will not be available and all outgoing checks will be need to be mailed.

If you have any questions or concerns relating to Disbursement Services function, please do not hesitate to contact us by email at: acctg@bussvc.wisc.edu.

Thank you for your help and cooperation.

3031.B Open and Manage a Merchant Account using an EMV Chip or Swipe Machine Procedure

Open a Merchant Account using an EMV Chip or Swipe Machine

Procedure #3031.B; Rev.: 2.12.20 (Effective January 1, 2020)
Related Policy: UW-3031 Credit Card Merchant Services and PCI Compliance Policy
Functional Owner: Cash Management, Business Services
Contact: PCI Mailbox: pci-help@bussvc.wisc.edu


Contents

  1. Procedure statement
  2. Who is affected by this procedure
  3. Procedure
  4. Definitions
  5. Related references
  6. Revisions

I. Procedure statement

The University of Wisconsin–Madison can accept payment card payments from customers to pay for goods and services in person. A payment card terminal is used for processing payments in-person or over-the-phone by a merchant at the point-of-interaction. In some cases, payments can be made via fax communication if proper security is in place and is properly documented.

Back to top


II. Who is affected by this procedure

This procedure applies to all UW–Madison departments that accept payment cards via payment card terminals. This procedure should be understood by all Divisional Business Representatives (DBRs), Site Managers, and Operators of the merchant accounts.

Back to top


III. Procedure

Below are the steps for opening a merchant account that uses an approved PCI P2PE or an approved EMV payment card terminal with no electronic cardholder data storage:

  1. Complete and submit the Card Merchant ID Request Form.
    1. The Divisional Business Representative (DBR) must approve the new merchant account.
      1. The DBR will receive an email upon completion of the Card Merchant ID Request Form. The DBR should then sign into the portal to approve the request.
    2. The DBR should determine which card brands the new merchant will accept.
      1. The standard set up for a new merchant account includes MasterCard, Visa, and Discover. Should the department decide to choose to accept American Express cards, an additional reconciliation and an additional connection is required.
  2. Cash Management will review and approve the submitted Card Merchant ID Request Form and contact the Site Manager to facilitate setting up Payments Insider access.
    1. Cash Management will provide information on payment card machines, including pricing information. Standalone payment card machines will ship directly from Elavon to the campus department. The cost of the new payment card machine will be charged directly to the merchant account.
    2. Each person who logs into Payments Insider for settlements and monthly statements is required to have a unique operator ID.
    3. Complex Point of Sale Systems will require additional PCI review and approval, signed contracts, and annual AoC documentation. Please contact pci-help@bussvc.wisc.edu for additional information.
  3. The PCI Site Manager is required to establish card handling procedures and a contingency plan for processing transactions should the primary system be unavailable. Once complete, these policies and procedures shall be submitted to Cash Management via email (pci-help@bussvc.wisc.edu).
  4. Cash Management will schedule a PCI site visit with the Site Manager once a Merchant ID (MID) is assigned by Elavon. During the PCI site visit, Cash Management will review the department business policies and procedures and assist with completing the Self-Assessment Questionnaire (SAQ).
  5. When the equipment is received, verify the machine has the correct address, merchant name, and MID on the machine.
  6. The PCI Site Manager is responsible to document:
    1. Make and model of the device(s)
    2. Physical location of the device(s)
    3. Device Serial number(s) or other methods of unique identification
    4. Physical inspection of each device periodically to detect tempering, skimming devices, and unauthorized substitution; Record your device information and inspection dates (charge.wisc.edu/users)
  7. Call Elavon Training at (866) 451-4007 to schedule a training on how to use the payment card terminal; training includes daily transactions and settlements. Note: the payment card terminal will not auto settle unless the terminal is turned on.
  8. Elavon terminals are factory shipped and contain incorrect information on each terminal. The merchant is required to add the correct information directly on the terminal containing this information:
    1. Equipment problems – Relationship Premier Services: (800) 725-1245
    2. Supplies such as thermal paper – Customer Service Center: (800) 725-1243
    3. Elavon Training: (866) 451-4007

Merchant account fees

Any fees associated with the acceptance of payment cards in a campus department will be charged to the related merchant on a monthly basis. These fees will post to WISER on the first of the month for the prior month’s transactions. Expenses include a monthly account maintenance fee of $5.00, Elavon processing fees of approximately 2.5% of each transaction, and in some cases $7.50 for chargeback fees (rare). American Express charges a fee of 2.1% of each transaction.

Requirements to manage a Merchant Account

  1. Annual completion of a Self-Assessment Questionnaire every calendar year.
  2. Participation in assessments of your environment by the designated PCI Compliance Analyst and/or Internal Security Assessor.
  3. Completion of mandatory annual payment card industry (PCI) merchant training.
  4. Maintaining documentation of employees who have participated in the annual training, with the ability to produce to the PCI Compliance Analyst upon request.
  5. In some instances, maintaining relationships with third party vendors for departmental specific payment applications, to receive compliance documentation from the vendors (AOCs, ASV Scans, etc.).
  6. Review annually the University Policies and Procedures related to the PCI compliance environment. UW-3031 Credit Card Merchant Services and PCI Compliance Policy
  7. Maintain accurate lists of individuals within your organization directly involved in the credit card processing environment.
  8. Reconcile the transactions from the merchant account to WISER, at a minimum, monthly.

Back to top


IV. Definitions

  • Campus Merchant Department – Manage the daily operations of the merchant account(s) and maintain PCI compliance.
  • Divisional Business Representative (DBR) – An individual within the divisional or dean’s office. This individual has the highest level of PCI responsibility, including approving the initial merchant account request and annually reviewing the SAQ as the executive officer.
  • Payments Insider – An online tool from Elavon, the credit card processor, which displays transaction activity and monthly statements.
  • Site Manager – This individual is the point of contact for the campus department merchant account(s) and should have influence to establish procedures for the day-to-day handling of payment cards to ensure compliance.

Back to top


V. Related references

Back to top


VI. Revisions

Procedure Number 3031.B
Date Approved January 1, 2020
Revision Dates Jan. 19, 2021 – Changed Procedure Number to 3031.B from 404.B
Sept. 14, 2023 – Small tweaks related to language change (terminal vs. machine) and added a section with what is needed to manage a merchant account.

Back to top

3031.A Open and Manage an Internet Storefront Merchant Account Procedure

Open an Internet Storefront Merchant Account Procedure

Procedure # 3031.A; Rev.: 2.12.20 (Effective January 1, 2020)
Related Policy: UW-3031 Payment Card Merchant Services and PCI Compliance Policy 
Functional Owner: Cash Management, Business Services
Contact: PCI Mailbox: pci-help@bussvc.wisc.edu


Contents

  1. Procedure statement
  2. Who is affected by this procedure
  3. Procedure
  4. Definitions
  5. Related references
  6. Revisions

I. Procedure statement

The University of Wisconsin–Madison can accept payment cards from customers to pay for goods and services. An Internet storefront is a method of accepting e-commerce payment transactions via a website.

Back to top


II. Who is affected by this procedure

This procedure applies to all UW–Madison departments that accept payment cards online. This procedure should be understood by all Divisional Business Representatives (DBRs), Site Managers, and Operators of the merchant accounts.

Back to top


III. Procedure

Below are the steps for opening an internet storefront merchant account:

  1. Complete and submit the Card Merchant ID Request Form.
    1. The DBR must approve the new merchant account.
      1. The DBR will receive an email upon completion of the Card Merchant ID Request Form. The DBR should then sign into the portal to approve the request.
    2. The DBR should determine which card brands the new merchant will accept.
      1. The standard set up for a new merchant account includes MasterCard, Visa, and Discover. Should the department decide to choose to accept American Express cards, an additional reconciliation and an additional connection is required.
  2. Cash Management will review the submitted Card Merchant ID Request Form and contact the Site Manager to facilitate setting up CASHNet and Merchant Connect.
    1. Each person that will log into CASHNet and Merchant Connect must have a unique operator ID.
    2. The department should provide a logo for the checkout page.
  3. The PCI Site Manager must establish card handling procedures and a contingency plan for processing transactions should the primary system be unavailable. Once complete, these policies and procedures shall be emailed to Cash Management (pci-help@bussvc.wisc.edu).
  4. The PCI Compliance Assistance Team and Elavon will review the website that is being used and ensure that it directs customers to CASHNet for payment. The hosting location must be determined and approved before the Merchant ID (MID) goes into production.
  5. Cash Management will schedule a PCI site visit with the Site Manager once a MID is assigned by Elavon. During the PCI site visit, Cash Management will review the department business policies and procedures and assist with completing the Self-Assessment Questionnaire (SAQ).
  6. Cash Management, or a specific DoIT staff, will activate the MID within CASHNet after the PCI site visit. Once the MID is in production in CASHNet, the storefront website may be used by customers.
  7. The PCI Site Manager must track all live websites in use that redirect to the payment page. Contact pci-help@bussvc.wisc.edu to close the websites that are no longer used for payment.

Merchant account fees

Any fees associated with the acceptance of payment cards in a campus department will be charged to the related merchant on a monthly basis. These fees can be seen in WISER/WISDM once they have been posted. Expenses may include a monthly account maintenance fee of $5.00, Elavon processing fees of approximately 2% of each transaction, and $7.50 for chargeback fees. American Express charges a fee of 2.1% of each transaction.

Back to top


IV. Definitions

  • Campus Merchant Department – Manage the daily operations of the merchant account(s) and maintain PCI compliance.
  • CASHNet – A third-party, e-commerce service provider contracted by the University of Wisconsin that is used to process credit card payments.
  • Divisional Business Representative (DBR) – An individual within the dean or divisional office. This individual has the highest level of PCI responsibility including approving the initial merchant account request and annually reviewing the SAQ as the executive officer.
  • Merchant Connect (MCP) – An online tool from Elavon, the credit card processor, which displays transaction activity and monthly statements.
  • Site Manager – This individual is the point of contact for the campus department merchant account(s) and should have influence to establish procedures for the day-to-day handling of payment cards to ensure compliance.

Back to top


V. Related references

Back to top


VI. Revisions

Procedure Number 3031.A
Date Approved January 1, 2020
Revision Dates Jan. 19, 2021 – Changed Procedure Number to 3031.A from 404.A

Back to top

Cash Only Deposit Form

This form is used for cash deposits only. These deposits are hand delivered to the Bursars Office in a sealed envelope at 333 East Campus Mall # 10501. Cash deposits cannot be mailed or delivered through campus mail. These cash deposits relate to customer payments for the sale of goods/services, vendor payments for rebates, duplicated payments, reimbursement of travel, over payments, and/or returned merchandise.

This form is used for cash deposits only.


Download Cash Only Deposit Form (Excel)

Per Wisconsin State Statutes, (Chap. 20.906 Wis. Statutes), all payments/receipts collected or received are to be deposited within 5 business days.

The Bursar’s Office is cashless and does not accept cash deposits. Departments are responsible for depositing all cash collected or received with US Bank directly within the time frame established by Wisconsin State Statute 20.906.

All moneys collected or received from customers or vendors of the University of Wisconsin–Madison (the University) belong to the University. These moneys may not be deposited with the University of Wisconsin Foundation or to an individual’s private bank account. Moneys collected or received may not be deposited into the University’s replenishable/contingent bank accounts, including petty cash accounts and custodian fund checking accounts, or be used to purchase supplies or services.

To avoid theft or loss, it is recommended departments deposit cash at a US Bank branch multiple times a week; however, collected or received cash must be deposited weekly at a minimum. Cash deposits must be hand delivered to a US Bank branch; they cannot be mailed to US Bank. Departments are expected to ensure appropriate cash handling procedures, management oversight and internal controls (for example separation of duties) are in place over cash deposits. 

Deposit procedures

Follow the deposit procedures below to ensure funds are deposited appropriately and are timely posted to your department’s funding string:

Recurring cash deposits

Order US Bank deposit tickets and plastic bank bags from UW Cash Management to make these deposits directly at a US Bank branch. These deposits will be coded to your department clearing account. 

One-off cash deposit

  • Deposit cash at a US Bank branch with a generic deposit ticket containing UW–Madison banking details. (Please request banking details from UW Cash Management at cashmgt@bussvc.wisc.edu, as these are not published.) Email a completed Cash Only Deposit Form to cashmgt@bussvc.wisc.edu, which will ensure cash is coded to the appropriate accounting string.

Completing the Cash Only Deposit Form

Reminders:

  • If the receipt relates to a refund of an expenditure, use the same funding string used for the original expenditure.
  • For deposits relating to prior year Fund 101 expenditures, use the following funding string: Fund 131, Project 131A006, account code 9209.
  • Any revenue deposits related to Funds 233 must be submitted with a gift routing form and donor intent documentation.
  • Any revenue deposits related to Fund 161 must be submitted to UW System for deposit at 780 Regent St, Suite 305, Attn: Trust Fund Office
  • All deposits using account code 9050 and 9051 require a program code to be 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 or F.
  • The Tax Code field is used to calculate sales tax and can only be selected for account codes beginning with 9XXX.

Note: After filling in each field, use the tab key to move to the next field.

Contact Information (person completing form)
Prepared By: Enter full name of person preparing form.
Department Name: Enter full name of the department making deposit.
Dept ID: Enter 6-digit department identification code.
Date: Enter date the form is completed.
Phone No.: Enter the preparer’s telephone number (xxx) xxx-xxxx.
Email: Enter the preparer’s e-mail address.
Receipt Box: Check the box if the deposits relate to customer payments for the sale of goods/services
Refund of Expense Box: Check the box if the deposit relates to vendor payments for rebates, duplicated payments, reimbursement of travel, over payments, and/or returned merchandise.
Reason for Deposit: Enter reason for the deposit.
Funding, Amount, and Description Fields: Funding Fields: Codes
Dept: Enter 6-digit Division/Department ID.
Fund: Enter 3-digit Fund ID.
Prog: Enter 1-digit Activity Code either 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, F, R.
Project: Enter 7-digit Project ID which will start with “PRJ” followed by a sequence of 4 alphanumeric characters or start with the 3-digit Fund Code.
Act ID: Leave blank
Account: Enter 4-digit SFS account code (numeric numbers).
County Tax Code Name: The Tax Code field is used to calculate sales tax and can only be selected for account codes beginning with 9XXX. If sales tax applies to sale, pick the county name which relates to the sale from drop down list.
Amount: Enter gross amount of deposit relating to the funding line as a negative amount (credit).  Remember to enter the amount as a number, no commas, followed by a decimal point for the cents.
Description: Enter the customer/vendor name followed by brief describe which will help you identify this deposit (max 30 alpha numeric characters).
PO No. or Journal No.: When applicable, enter the PO or Journal ID related to this deposit (max 10 alpha numeric characters). For vendor refunds, enter PO number.
Voucher No.: For vendor refunds, enter the Voucher ID in WISER which relates to this refund (max 10 alpha numeric characters).
Invoice No.: When applicable, enter the Invoice No. related to this deposit (max 12 alpha numeric characters).
Total Deposit: Leave as is; will auto fill based on amounts entered above.
Currency section: Enter the number of coins/dollars per each currency type. Total currency must equal total deposit.
Preparer’s Signature: All forms must be signed by the preparer.
Department Approvals: All forms must have the department’s supervisor signature, date, printed name and phone number.
Received by Cash Management: Leave as is; Cash Management will put initials and date when received.

Email questions about this form to cashmgt@bussvc.wisc.edu.