Click to show/hide contact information.

Cash Handling Guide

The information provided in this guide is intended to assist UCSC staff members in properly accepting payments, handling cash, making deposits, and recording cash transactions in campus accounting records. Special requirements and restrictions may apply in certain situations.

In these cases, the UC Cash Handling Policy should be consulted for a complete explanation of cash handling policy and requirements.

Type
  
Writable
  
Name
  
Annual_PCI_Certification.pdfWritable PDFAnnual_PCI_Certification
Change_Fund_Custodian.pdfWritable PDFChange_Fund_Custodian
Change_Fund_Verification.pdfWritable PDFChange_Fund_Verification
Close_Cash_Fund.pdfWritable PDFClose_Cash_Fund
Establish_PettyCash_ChangeFund.pdfEstablish_PettyCash_ChangeFund
Increase_Decrease_Fund_Amount.pdfIncrease_Decrease_Fund_Amount
Petty_Cash_Fund_Reconciliation.pdfWritable PDFPetty_Cash_Fund_Reconciliation
PettyCash_BankAccount_Reconciliation.pdfPDFPettyCash_BankAccount_Reconciliation
PettyCash_Voucher.pdfPDFPettyCash_Voucher
Reissue_Vendor_Check.pdfWritable PDFReissue_Vendor_Check
Expand or contract all step headings
printer
printer
increase font size Decrease Font Size
 
 
 
 magnifying glassDelete Circle
Cash Handling
What is Cash?
Before you Start
Cashiering Basics
Cash Handling and Payment Processing
Preparing a Cash Deposit
Depositing Cash
Managing a Change Fund
Before you Start
Change Fund Custodian Responsibilities
Establishing the Fund
Increasing or Decreasing the Fund Amount
Maintaining, Reconciling and Reporting Requirements
Special Situations and Common Oversights
Managing a Petty Cash Fund
Before you Start
Petty Cash Custodian Responsibilities
Establishing and Maintaining the Fund
Increasing or Decreasing the Amount of the Fund
Allowable and Unallowable Petty Cash Fund Uses
Disbursing from a Petty Cash Fund
Documentation Requirements and Obtaining a Reimbursement
Special Situations and Common Oversights
PCI-DSS: Payment Card Industry
Navigation and Accessing the Glossary
Welcome to Credit Card Transaction Guide
Overview PCI-DSS and About the Program
The Importance of Training, the Benefits and who it Applies to
Overview and Accepted Forms of Payment
Accountability, Applicability and Employee Commitment
Employee and Volunteer Requirements/Procedures
Merchant Requirements/Procedures
PCI-DSS: Card Present
Objectives and Overview
What to Look for on all Cards (using Visa as an Example)
Transactions Overview
Card Transaction Procedures
Authorization Responses and Approval
Signature and Identification
Minimize Key Entered Transactions
Code 10 Calls
PCI-DSS: Card Not Present
Objectives and Overview
Merchant Web Site Requirements
Best Practices for the Web
Suspicious Behavior/Transactions
Fraud Prevention
PCI-DSS: Security
Objectives
Security Standards
Security Breach
UCSC Merchant Preparedness
Security Rules
Security Penalties
Potential Cost of a Security Breach
Glossary
Glossary
Policy References
Cash Controls, Cash Funds and Petty Cash Policy References
Where to get Help
Where to get Help
Contacts
Cash Handling Contacts
Training and Certification
Introduction Cashier Training
Cash Control Training
Overview
Background
Terminology
Cash Handling Roles
Critical Policy Activities
Petty Cash/Change Funds
Principles and Practices
Audit
Resources
  • What is Cash?

    For purposes of this guide, "cash" means checks, coin, and currency.
    The University cash handling policy definition of "cash" also includes e-commerce/ACH, money orders, securities, traveler's checks, or other property easily converted to currency.


    Back to Top
  • Before you Start

    Staffing

    • Only competent, qualified staff may handle cash. Refer to Cash Handler Proficiency at the bottom of the section for more information.
    • Ensure personal safety. Refer to Safe Cash Handling at the bottom of the section for more information.
    • Ensure that a cash handling duty does not conflict with other duties. Refer to Separation of Duties at the bottom of the section for more information.
    • Maintain accountability by ensuring identity of the cashier handling each transaction can always be determined.
      • A receipt that excludes a cashier’s identity must be validated with the cashier’s initials, signature or validation stamp.
      • Cash register receipts must identify the cashier
      • Each cashier is required to use a check endorsement stamp that includes the cashier’s unique identity code.

    Asset Protection

    • Safeguard cash.
    • Keep the cash register drawer closed except when processing a transaction.
    • Never exchange cash between cash registers, cash boxes, cash bags, etc.
    • Store undeposited cash in a locked, secure place when vacating the cash handling work area.
    • Excess amounts of cash accumulated during the day should be removed, counted, and placed in a secure location by a supervisor. Refer to Securing Currency, Coin, and Checks at the bottom of the section for more information about securing cash.

    Risk Management

    • Failure to follow the cash handling procedures described in this guide will result in the affected department being fully responsible for any lost revenue and any banking-related fees incurred
    • Continued failure to comply with the procedures will result in the revocation of the department's authority to handle cash.
      • Some campus units have unit-specific cash handling practices. Refer to Unit Specific Cash Handling Practices at the bottom of the section for more information.

    Cash Handler Proficiency
    Any individual involved in handling cash at any point in the process, including a cashier’s supervisor, deposit preparer, or deposit handler, must be competent and qualified. In general, a cash handler must possess the following attributes:

    1. Bondable: The University requires that anyone performing a “critical function,” such as handling more than $500 in cash per week, must be bondable, which involves all of the following:
      • The hiring department verifying the employment history of the prospective employee, and
      • The prospective employee undergoing a criminal background check. Contact Staff Human Resources to obtain the information needed to arrange for a background check.
      • If the prospective employee has access to large amounts of cash, a hiring department may conduct other procedures, such as a credit history check, to ensure the bondability of the cash handler.
      • If a prospective employee's employment history or background check reveals felonies, misdemeanours, or judgements due to a fraud related to cash, stocks, bonds, or any other financial transaction, the hiring unit must obtain a satisfactory explanation before hiring the employee
    2. No Conflicting Duties: An individual involved in the cash handling process must not be assigned conflicting duties. Refer to Cash Handling Separation of Duties below for more information on this topic.
    3. Proper Training: The individual involved in cash handling must receive the support and training necessary to successfully perform their job duties. Cash handling training is required when an employee begins employment. Additionally, cash handlers are required to have cash handling training on an annual basis. If a unit does not have a training program, Financial Affairs provides a self-paced training guide here. Also, the quiz is available here.

    Safe Cash Handling

    Personal Safety

    Ensure your personal safety when handling cash by doing the following things:

    • A designated supervisor should remove excess cash from a cash register drawer or cash box and store it in a secure location or vault during the day to minimize the amount of cash visible to customers
    • If you count cash, do so in a secure location where you cannot be observed by non-coworkers
    • If you make deposits at the Cashier’s Office, vary the time of day and the path/route you take when transporting cash to the main cashier’s office and hide the ‘cash bag’ inside a notebook, box or carrying bag, etc.
    • If a large amount of cash is being transported or it appears to be unsafe to transport cash to the Cashier’s Office, call the Campus Police for an escort
    • The Campus Cash Handling Coordinator and Campus Police must review the physical setup of any operation that routinely handles more than $7,500 on a daily basis.

    Alarm System
    Depending on the amount of cash regularly on hand, an alarm system must be in place.

    • If more than $2,500 in cash and securities is regularly on hand, a manual robbery alarm system must be in place for use during business hours.
    • If more than $25,000 in cash and securities is stored, in addition to a manual robbery alarm system, an automated alarm system must be in place that will alert campus police if the cash storage area is entered after business hours

    Cash Handling Separation of Duties
    Maintaining good separation of duties in the cash handling process means making sure no one person has responsibility for more than one of the following categories of duties listed below:

    • Asset handling and disposition. This category of duties includes the physical handling of cash at any point in the process.
    • Booking transactions to the general ledger, subledgers, and journals. This category of duties involves recording financial transactions associated with the collection and depositing of cash.
    • Comparison/Reconciliation. This category of duties involves reviewing transactions appearing in the general ledger for validity and reasonableness, including comparing cash deposits recorded in the general ledger to deposit amounts appearing on copies of the Departmental / Sub Cashier Cash Collections Deposit Form.

    Different, qualified employees are expected to handle each of the following key responsibilities associated with cash handling and change fund management:

    • Cash receiving or cashiering and counting cash as part of the cash drawer closing process. (Asset handling)
    • Secondary counting of cash, comparison to initial cash count, deposit preparation, and the recording of cash by completing and submitting a Departmental / Sub Cashier Cash Collections Deposit Form. (Booking transaction)
    • Making the cash deposit at the Campus Cashier’s Office. (Asset handling)
    • Comparing cash deposits recorded in the general ledger to deposit amounts appearing on copies of the Departmental / Sub Cashier Cash Collections Deposit Form. (Comparison/Reconciliation).

    Here are some examples of how duties may be divided under three different business environments:

    Responsibility Ideal: 4-person Business Environment Good: 3-person Business Environment Minimal: 2-person Business Environment
    Cash receiving and cash drawer closeout count Coworker 1 Coworker 1 Joint - Coworkers 1 & 2*
    Deposit preparation, Miscellaneous Cash Receipt Form completion Coworker 2 Coworker 2 Joint - Coworkers 1 & 2*
    Making cash deposit Coworker 3 Coworker 1 Coworker 1
    Ledger transaction review Coworker 4 Coworker 3 Coworker 2

    * Closing of cash drawer is performed jointly with both coworkers witnessing count and certifying deposit amount appearing on the Departmental / Sub Cashier Cash Collections Deposit Form. Coworker 2 retains and secures the copy of Miscellaneous Receipts Form for ledger review purposes.

    Securing Currency, Coin, and Checks
    Undeposited cash is to be kept in a locked receptacle. The type of receptacle to be used depends on the total amount of currency, coin and checks from all sources maintained by the department.

    Total amount of Currency, Coin, and Checks Appropriate Receptacle
    Up to $1,000 A locked desk, filing cabinet or other similar locked location. Ensure that the lock is not of the S-100 type, which is commonly found throughout the campus. The campus locksmith can install a different, less common lock.
    $1,001 to $2,500 A safe
    $2,501 to $25,000 A steel door safe with a door thickness of not less than 1 inch and a wall thickness of not less than 1/2 inch
    $25,001 to $250,000 A Class TL-15 composite safe
    More than $250,000 A Class TL-30 steel or better safe

    Safes and receptacles with combination locks – combinations must be promptly changed whenever a employee with access to the safe combination no longer has cash handling responsibilities or leaves the employment of the department.

    Unit Specific Cash Handling Practices
    Some campus departments may use special cash handling practices. Make sure you are aware of how your department handles the following things:

    • How payor information, if any, should be written on a check, such as payee phone number, student ID, college name, or driver’s license number
    • Requirement to check a payee’s photo ID when accepting checks
    • Procedure for handling situations where the name or signature on the payer’s ID does not match the name or signature on the check
    • Acceptance of 2nd party checks
    • Acceptance of large-dollar currency (e.g.$50 or $100 bills)
    • Acceptance of traveler’s checks
    • Acceptance of “temporary” checks that do not have the payor’s name and address imprinted
    • Procedure for handling counterfeit currency
    • Procedure for handling voids and refunds
    • Who to go to for help

    Back to Top
  • Cashiering Basics

    Beginning of the Day Checklist

    • Ensure a sufficient amount of change in the appropriate denominations is readily available. Change may be obtained from the campus Cashier’s Office.
    • Count the amount of currency and coin in the cash drawer or fund, noting the amount for use in balancing cash at the end of the day.
    • Arrange currency in the cash drawer so that the top of each bill faces left.

    During the Day Checklist

    • Remove the band or wrapper from a bundle of strapped currency before issuing bills from it.
      • Strapped currency is counted at full value when balancing the drawer/fund at the end of the day. Removing any bills without removing the rubber band or wrapper will result in an incorrect count and will prevent you from balancing your cash at day's end.
    • Provide the customer with one of the following types of receipts for each transaction:
      • Cash register receipt
      • Handwritten receipt issued from a prenumbered receipt book.
        • UCSC receipt books may be purchased from Bay Tree bookstore.
        • Each receipt book contains duplicate prenumbered receipts allowing for the retention of a copy of each receipt issued. The amounts indicated on receipts are added up at the end of the day and used to reconcile the beginning of the day cash balance in cash drawer or receptacle to the end of the day cash balance.
      • Consecutively numbered ticket from a roll of tickets or a series of permits.
        • For control purposes, keep track of beginning and ending ticket numbers or use a double ticket roll, which enables retention of a copy of each ticket issued.
    • Your supervisor must approve all voids and refunds at the time of occurrence if practical, but no later than the end of the day; attach all relevant documentation.
    • Contact the Campus Cash Handling Coordinator for reporting instructions if a single payment of $2,000 or more is made in currency and coin and your unit suspects or has reason to suspect that one or more of the following apply:
      • The funds were derived from an illegal activity
      • The payment is being made to evade a law or regulation
      • The payment has no business or apparent lawful purpose
      • The payment is being made to facilitate criminal activity

    End of the Day Checklist
    1. Obtain approval of all voids and refunds from your supervisor if this has not already been done at the time of occurrence.
    2. Close out the cash drawer
      • The cashier is responsible for counting cash.
    3. Balance cash collected
      • The total cash received during the day must equal the amount appearing on one of the following :
        • Cash register “Z” tape total,
        • An adding machine tape total based on receipts issued from a receipt book, and/or
        • A calculation of total receipts based on the number of tickets issued and the issuing price.
      • If the cash collected does not agree to the recorded total, perform the following steps:
        • Re-count the cash.
        • If the cash collected still does not balance, if possible, have a second cashier count the cash.
        • If the cash collected still does not balance, if possible, have a third cashier count the cash.
        • If the cash still does not balance, the supervisor should discuss with the cashier responsible for the cash drawer any unusual transactions that may be the cause of the imbalance.
        • If no reason for the imbalance can be identified, an over or short must be recorded on the Departmental/Sub Cashier Cash Collections Deposit Form by the deposit preparer.
    4. After counting and balancing cash, a supervisor is responsible for securing the cash drawer in a secure location, such as a safe.

    Back to Top
  • Cash Handling and Payment Processing

    Currency and Coin
    Practice good cash handling habits.

    • Minimize disputes over the amount being paid by a customer by leaving currency on the cash register ledge or other secure area visible to the customer until the transaction is completed.
    • Check for large-denomination counterfeit bills.
      • Use a counterfeit bill detector pen, which may be purchased at most office supply stores.
      • Check for the security features incorporated into bills of $20 or more. This information is available from http://www.moneyfactory.gov.
    • Count change back to the customer.
    • Make sure the currency, coin, or check from a transaction is placed in the cash drawer or other secure container or location before handling the next transaction.
    • Payments made in non-US currency cannot be accepted.
    Checks

    Follow these steps to handle a transaction involving a check:

    • Ensure the check meets all of the following criteria:
      • Properly filled-out and all information provided is legible
      • Payable in U.S. dollars
      • Payable to “UC Regents” or “The Regents of the University of California”
      • Dated within "Must be cashed by" date or 180 days, whichever is less, and no later than the acceptance date
      • Numerical and written-out amounts match
      • Amount paid does not exceed the amount due
        • Only the Main Cashier’s Office and Bay Tree Bookstore may accept checks for more than the amount due
      • Contains no markings or notations below the “memo” or signature line
      • Does not contain the notation "Payable/Paid in Full" or similar reference
        • If it does, check must be returned to the presenter
      • Signed by the check account holder
    • For a check presented in-person by a UCSC student, do the following
      • Examine campus ID card, matching appearance of the presenter to ID photo
      • Write the ID number on the face of the check
    • For a check presented in-person by anyone other than a UCSC student, do the following:
      • Examine driver's license or other valid identification verifying the following
        • Presenter's appearance matches ID photo
        • Name and signature on ID match that on check
      • Confirm with presenter that the printed address on check is current
      • Write the following information on the face of the check:
        • Full name of presenter, if not provided on check
        • ID card number and expiration date
        • Phone number
        • Date of birth
    • Endorse the check immediately upon acceptance, using either a cash register or an endorsement stamp.

    An endorsement stamp should look like the following. It can be ordered from most office supply stores (including on-line). It should also include a unique code that identifies each cash handler.

    1233 Pay to the order of 1233
    BANK OF AMERICA
    NATIONAL TRUST AND SAVINGS ASSOCIATION
    FOR DEPOSIT ONLY
    THE REGENTS OF THE UNIVERSITY OF
    CALIFORNIA – UC SANTA CRUZ
    [Insert department name and cashier identification code here]
    12335-18190

    Failure to perform all the applicable steps described above will substantially increase the risk of non-payment

    • The department will be responsible for all losses incurred and for the payment of any bank-related fees associated with returned checks
    • The Student Business Services Office will not attempt collection efforts on a returned check if the department fails to follow any of the applicable steps described above.

    Handling Checks Drawn on a 2nd Party Bank Account
    Due to the significant risk of non-payment associated with accepting checks drawn on a 2nd-party bank account, departments are advised to not accept these checks.

    • The department bears all risks and costs associated with accepting this kind of check.
    • If a department chooses to accept 2nd-party checks, the student’s name, ID number, and driver’s license number should be written at the top of check.

    Handling Checks Drawn on a Foreign Bank
    Follow this step in addition to those described in the sections above:

    • Ensure the check is acceptable at face value by UC's bank
      • Contact the campus cashier's office for further guidance before processing the check
    Credit Card Transactions

    Important information to know:

    • Be aware of the types of credit cards your department accepts.
    • Determine that the signature on a credit card sales draft is the same as the authorized signature provided on the back of the card
    • Customers should be made aware that only credit cards with the customer’s signature will be accepted. If the back of the credit card is not signed, ask to see the customer’s identification
    • After confirming the cardholder’s identity, request the customer sign the back of the credit card in your presence.
    Money Orders and Traveler's Checks

    Follow these steps in addition to those described in the sections above:

    • Ensure the money order includes a date of purchase and is less than two-years old
    • Verify security features, such as watermarks and security strips

    Follow these steps in addition to those described in the sections above:

    • Ensure the traveler's check is less than two years old
    • Have the presenter sign the traveler’s check, comparing that signature to the one provided when it was purchased.
      • Do not accept a traveler's check that does not have the signature that is supposed to be provided at the time of its purchase

    Back to Top
  • Preparing a Cash Deposit

    Cash deposits are made on a weekly basis or on the day the total cash receipts exceed $500, whichever occurs first.
    The deposit preparer completes a Departmental/Sub Cashier Cash Collections Deposit Form, verifying the amount of cash collected equals the supporting cash register tape total or similar documentation, plus any over or short amounts.
    Refer to Completing a Cash Deposit Form at the bottom of the section for information on how to complete this form:

    • The blue and white copies accompany the cash deposit.
    • The yellow copy is retained by the department for reference and ledger transaction review purposes.
    • The pink copy of the Departmental/Sub Cashier Cash Collections Deposit Form, along with related cash register or adding machine tape(are), is submitted to the Accounting Office mailstop.

    Place the cash deposit in a secure, sealed cash bag:

    • Transport the deposit to the Campus Cashier’s Office.
    • Deliver the cash deposit with the Departmental/Sub Cashier Cash Collections Deposit Form to the Main Cashier’s Office.
      • If it is too late in the day to make a deposit, store the deposit in a secure location, such as a safe.

    Cash overages and shortages
    If a deposit is over or short by more than $10, write a letter of discrepancy explaining the overage/shortage. Attach this letter to the pink copy of the Departmental/Sub Cashier Cash Collections Deposit Form before submitting the form to the Accounting Office.

    Handling checks with unknown FOAPALs
    Send the check to the campus cashier's office indicating that it is to be deposited into "Cash Undistributed":

    • Do not route the check to another office to obtain FOAPAL or any other information
    • The campus cashier's office will work with campus offices to obtain the correct FOAPAL

    Preparing the UCSC Departmental/Sub Cashier Cash Collections Deposit Form.

    This multi-part form may be purchased from the Baytree Bookstore.

    1. Provide the following information in the specified sections:
      • Record sales tax collected to the left of 'Sales Tax Payable.'
      • Report a single amount for combined Visa and Mastercard receipts.
      • Report a separate amount for American Express (AMEX) and another for Discover Card receipts.
      Collecting Office Enter name of campus unit.
      Cash Collection Dates Enter beginning and ending dates on which these funds were collected. (For Sections A through D, enter dollar amounts in the far right column)
      Section A If your unit uses a cash register(s), complete this section. Register Tape Totals record beginning and ending transaction numbers from the “Z” tape for each cash register. The corresponding “Z” reset number, and total sales.
      Section B If your unit issues manual receipts, complete this section. Manual Receipt Totals (issued in sequential order), and dollar total.
      Section C If you had any voids, overrings or credit card collections, complete this section. 1st line is the total of all overrings/voids and the second line is the total for any credit card collections.
      Section D Record total cash collections.
      Section E Distribute the total cash collections, excluding sales tax amounts, to appropriate FOAPALs. Report dollar amounts with a minus sign under the ‘AMOUNT’ column
      Section F Total amount distributed in Section E is usually the same as Section D. Cash over or short is the difference between cash collected and the amount actually deposited to the Main Cashier. Provide a FOAPAL to be debited if there is a shortage or credited if there is an overage.
      Section G Record the amount of currency, coin, checks, and total amount (cash and checks only) deposited to the Main Cashier. Do not include credit card amounts.

    2. The deposit preparer certifies the information provided is true and correct by signing on the line provided for the “Subcashiering Station / Department preparer” signature.
    3. Retain the yellow copy of the form for departmental use; this copy may be used by the general ledger transaction reviewer.
    4. Retain the pink copy of the form, attach supporting documentation, such as cash register or adding machine tapes and send this material to: Accounting Office, Attention: General Accounting.
    5. Take the cash to be deposited and the deposit form to the Main Cashier’s office. The cashier’s office will return the blue copy of the form, which will provide confirmation of the deposit amount and date. In addition, a reference number will be provided.
    6. Retain the blue and yellow copies of the deposit form for two (2) years from the date of the deposit

    Back to Top
  • Depositing Cash

    Follow these steps to make a cash deposit at the Campus Cashier’s Office:

    • Transport the cash being deposited, along with the blue and white copies of the completed Departmental/Sub Cashier Cash Collections Deposit Form.
    • Obtain confirmation of the deposit total and deposit date on the blue copy of the Departmental/Sub Cashier Cash Collections Deposit Form received from the Main Cashier’s Office. The blue copy is used by your department's budget analyst when reconciling the unit's general ledger.
    • Use the night depository drop for cash deposits made when the Cashier’s Office is closed
      • The Cashier’s Office will confirm receipt of the deposit by sending the blue copy of the Departmental/Sub Cashier Cash Collections Deposit Form to your department. The blue copy is used by your department's budget analyst when reconciling the unit's general ledger.

    Back to Top
  • Before you Start

    Important things to know:

    1. A change fund is used only to make change; the balance in the fund never changes unless increased or reduced.
      • A change fund cannot be used to make purchases or reimburse out-of-pocket expenses; use a petty cash fund for these purposes.
      • To minimize the risk of theft and to maximize University investment income, the amount of a change fund is to be kept to a minimum.
    2. A change fund may be temporary or permanent.
      • Departments with on-going cash sales activities need a permanent change fund.
      • Departments with one-time or seasonal sales events need a temporary change fund.
        • Examples include conferences, special events, festivals, and seasonal operations, such as college coffee shops.
    3. A prospective change fund custodian must possess the following qualifications:
      • Basic knowledge of University cash handling policies and procedures.
      • Pass a fingerprint/background check to ensure bondability if the fund contains more than $500. Information on background checks is available from the Staff Human Resources Office.
    4. A departmental change fund is subject to unannounced cash counts conducted by either Financial Affairs or the Office of Internal Audit.

    Back to Top
  • Change Fund Custodian Responsibilities

    The change fund custodian is responsible for the following:

    1. Maintaining the quantities of currency and coin needed to maintain an effective cash handling operation.
    2. Storing the change fund in an appropriate, secure receptacle when not in use. Refer to Securing Currency, Coin, and Checks for more information about securing change funds.
    3. Keeping the change fund physically separate from a petty cash fund, if one exists.
    4. Regularly reconciling the change fund and certifying the wholeness of the fund.
    5. Reporting the loss or theft of change funds to the appropriate authorities.
      • The change fund custodian may be held personally liable for losses caused by negligence or malfeasance.

    The change fund custodian’s supervisor, or designee, is responsible for the following:

    1. Approving a request to establish a change fund.
    2. Periodically verifying that the change fund is in the fund custodian’s possession. As an example, prior to signing (i.e. approving) a Verification of Change Fund form.

    Back to Top
  • Establishing the Fund

    Follow these steps to establish a change fund:

    1. Complete an Establish Petty Cash or Change Fund form. Obtain the approval (i.e. signature) of the change fund custodian’s supervisor, or other designated department or division official.
    2. Submit the form to the Accounting Office.
    3. After the request is approved, a check, payable to the fund custodian, will be issued. Make permanent note of your fund custodian reference number which is provided on the accompanying transmittal memo.
    4. The check may be cashed at any bank or at the Campus Cashier's Office.
      • Arrangements must be made in advance with the Campus Cashier's Office to cash checks greater than $500 to ensure that currency and coin in the desired denominations are available.

    Back to Top
  • Increasing or Decreasing the Fund Amount

    Follow these steps to permanently or temporarily increase or reduce the amount of a fund.

    1. Complete Increase Decrease Fund Amount.
    2. Submit the completed form to the Accounting Office Cash Fund Coordinator.
      • For increases: Once the request is reviewed and approved, a check, payable to the fund custodian, will be issued.
      • For reductions: Prepare the unneeded amount of cash for deposit at the Campus Cashier’s Office and complete a Departmental / Sub Cashier Cash Collections Deposit Form, which are available for purchase from the Bay Tree Bookstore, paying particular attention to the following:
        • For Description, enter "Reduce change fund" (without quotation marks)
        • For Index, enter "110200”
        • For Document/Ref #, enter the fund custodian reference number. The reference number can be found on the transmittal memo provided by the Accounting Office with the check establishing the fund or on the check stub. Further assistance is available from the Accounting Office.

    Back to Top
  • Maintaining, Reconciling and Reporting Requirements

    Important things to know:

    1. Always maintain the combination of currency and coin needed for effective operations.
      • Exchange change fund currency and coin for different denominations at the Campus Cashier’s Office.
        • Contact the Campus Cashier’s Office in advance if you require large quantities of a particular denomination of currency or coin to ensure availability.
      • Make regular deposits of cash receipts at the Campus Cashier’s office, retaining an amount equal to the change fund balance.
        • Refer to the Guide to Cash Handling for more information about making deposits to the Campus Cashier’s Office.
    2. The balance in the change fund is to remain constant.
      • Record cash receipt overages or shortages on the UCSC Department / Sub Cashier Cash Collections Deposit Form.

    Change funds must be reconciled on a regular schedule by the change fund custodian and their supervisor.

    1. Frequency of the change fund reconciliation process is as follows:
      • Monthly reconciliation is required as of the last day of each month for a fund of $500 or more.
      • Quarterly reconciliation is required as of March 31, June 30, September 30, and December 31 for a fund of less than $500.
    2. The change fund custodian's supervisor must conduct surprise cash counts of the fund each quarter/month.
    3. The custodian must complete a Change Fund Verification within 30 days of the required reporting date and have their supervisor sign that a surprise cash count was completed.
      • Change Fund Verification The supervisor's (or designee's) signature on the form provides verification that the change fund is in the possession of the change fund custodian and that the amount of the fund is correct.
    4. The completed verification form is to be maintained in the unit / department files for a period of two years.

    Back to Top
  • Special Situations and Common Oversights

    Change in Fund Custodian
    Follow these steps to change a fund custodian:

    1. Complete the Change Fund Custodian form.
    2. Submit the completed form and supporting documentation to the Accounting Office.

    Closing a Fund and Terminating Custodianship
    Follow these steps to close a change fund:

    1. Prepare the currency and coin in the full amount of the change fund for deposit at the Campus Cashier’s Office, and complete a Departmental / Sub Cashier Cash Collections Deposit Form, which is available for purchase from the BayTree Bookstore, paying particular attention to the following:
      • For Description, enter "Close change fund" (without quotation marks)
      • For Index, enter ”110200”
      • For Document/Ref #, enter your fund custodian reference number.The reference number can be found on the transmittal memo provided by the Accounting Office with the check establishing the fund or on the check stub. Further assistance is available from the Accounting Office.
      • Complete a Close Cash Fund form.
    2. Deposit the cash at the Campus Cashier’s Office.
    3. Submit the completed form along with the pink copy of the deposit form and the receipt obtained from the Campus Cashier's Office to the Accounting Office.

    Theft of a Change Fund
    Follow these steps if a change fund is stolen:

    1. Notify the University Police and file a theft report.
    2. Notify the Office of Internal Audit and Accounting Office Cash Fund Coordinator.
    3. Submit the following information to the Accounting Office Cash Fund Coordinator:
      • Type of fund involved, i.e. change fund
      • Date and approximate time (or range of hours)of theft
      • Amount of missing cash
      • Description of circumstances
      • Case number assigned by the campus police
      • Description of preventative measures to be implemented
      • A completed Direct Payment form requesting replenishment of the change fund
        • The departmental expense FOAPAL provided on the Form will be charged in the amount of the replenishment.

    Ensure a trouble-free experience by avoiding these common oversights:

    • Forgetting to obtain the supervisor’s (or designee’s) signature on a change fund form.
    • Commingling change fund currency and coin with petty cash currency and coin.

    Back to Top
  • Before you Start

    Important things to know:

    1. A petty cash fund is used to make low-value purchases.
      • CruzBuy and the UCSC Pro-Card may be used for purchases in lieu of establishing a petty cash fund.
    2. A petty cash fund may be temporary or permanent.
      • Departments with an on-going need may establish a permanent petty cash fund.
      • Departments with a one-time or infrequent need may establish a temporary petty cash fund.
    3. A prospective petty cash fund custodian must possess the following qualifications:
      • Basic knowledge of University cash handling policies and procedures.
      • Pass a fingerprint/background check to ensure bondability if the fund contains more than $500.
    4. A departmental petty cash fund is subject to unannounced audits conducted by either Financial Affairs or the Office of Internal Audit.

    Back to Top
  • Petty Cash Custodian Responsibilities

    Responsibilities include the following:

    • Maintaining an appropriate level of cash in the fund, usually equivalent to one month’s expected petty cash expenditures.
    • Safeguarding cash, including storing petty cash in an appropriate, secure receptacle when not in use. Refer to Securing Currency, Coin, and Checks for more information about securing petty cash funds.
    • Keeping the petty cash fund physically separate from a change fund, if one exists.
    • Regularly reconciling the petty cash fund and verifying the complete amount of the fund.
    • Reporting the loss or theft of the petty cash fund to the appropriate authorities.
      • The petty cash fund custodian may be held personally liable for losses caused by negligence or malfeasance.

    The petty cash fund custodian’s supervisor, or designee, is responsible for the following:

    • Approving the request to establish a petty cash fund.
    • Periodically verifying that the petty cash fund is in the fund custodian’s possession. As an example, prior to signing (i.e. approving) a Reconciliation of Petty Cash Fund form.
    • Ensuring the closure of a petty cash fund upon a change in custodian.

    Back to Top
  • Establishing and Maintaining the Fund

    Follow these steps to establish a petty cash fund:

    1. If the fund amount will be more than $500, contact Staff Human Resources to arrange a fingerprint/background check of the prospective fund custodian.
    2. Complete the Establish Petty Cash or Change Fund form.
    3. Obtain the approval signature of the petty cash fund custodian’s supervisor or other designated department or division official.
    4. Submit the form to the Accounting Office.
      • After the request is approved, a check, payable to the fund custodian, will be issued. Make permanent note of your fund custodian reference number which is provided on the accompanying transmittal memo.
      • The check may be cashed at any bank or at the Campus Cashier's Office.
        • Arrangements must be made in advance with the Campus Cashier's Office to cash checks greater than $500 to ensure that currency and coin in the desired denominations are available.

    Petty cash may be maintained as currency and coin in a secure location, or in a bank account.

    • The check establishing the fund and replenishment checks may be cashed at any bank or at the Campus Cashier's Office.
      • Arrangements must be made in advance with the Campus Cashier's Office to cash checks greater than $500 to ensure that currency and coin in the desired denominations are available.
    • The fund custodian may establish a bank account in his or her name to administer the fund.
      • The bank account must be opened in the name of the fund custodian; it may not be opened in any name that indicates an affiliation with the University, such as UC, UCSC, the Regents, or the department or program name.
      • The bank account must be non-interest bearing.

    Back to Top
  • Increasing or Decreasing the Amount of the Fund

    Follow these steps to permanently or temporarily increase or decrease the amount of a fund.

    1. Complete Increase Decrease Fund Amount.
    2. Submit the completed form to the Accounting Office.
      • For increases: Once the request is reviewed and approved, a check, payable to the fund custodian, will be issued.
      • For decreases: Prepare the excess cash for deposit at the Campus Cashier’s Office and complete a Departmental / Sub Cashier Cash Collections Deposit Form, available for purchase from the Bay Tree Bookstore. Pay particular attention to the following:
        • For Description, enter "Decrease petty cash fund" (without quotation marks)
        • For Index, enter ”110200”
        • For Document/Ref #, enter the fund custodian reference number. The reference number can be found on transmittal memo provided by the Accounting Office with the check establishing the fund or on the check stub. Further assistance is available from the Accounting Office Cash Fund Coordinator.

    Back to Top
  • Allowable and Unallowable Petty Cash Fund Uses

    Here are some examples of low-value supplies and services that can be purchased with petty cash funds, when circumstances do not allow for using standard campus purchasing methods:

    • Meeting supplies
    • Student event-related expenditures
    • Local parking, bus, or taxi expenses as part of a day trip on official UCSC business
    • Stamps and postage (Express mail, Federal Express, UPS)
    • A parking charge in a travel situation where it is the only travel cost being claimed

    Petty cash funds may not be used to pay for the following:

    • Restricted goods and services, including firearms, explosives, tobacco products, ethyl alcohol, controlled substances, hazardous materials, and lease or rental of vehicles or equipment
    • Awards and gifts
    • Inventorial equipment
    • Travel expenses, except as allowed, stated above.
    • Entertainment event expenses, including catering services
    • Business meeting meal and refreshment expenses
    • Alcoholic beverages
    • Payroll payments or payroll advances
    • Independent contractor or consultant charges and expenses
    • Parking / driving citations
    • Subscriptions or membership dues
    • Personal obligations

    Back to Top
  • Disbursing from a Petty Cash Fund

    Here are the two methods used for disbursing petty cash funds:

    Cash Advance.
    Petty cash funds may be provided to a person making a purchase of goods for University business purposes when other purchasing options are not available.

    • Petty cash custodian completes a Petty Cash Voucher Form.
    • Purchaser signs the Form indicating intent to comply with the following:
      • The time-frame under which the original purchase sales receipt must be submitted to the custodian.
      • The documentation, such as an original receipt, that must be obtained to substantiate the purchase.
      • The consequences of failing to comply with UCSC purchasing policies.
    • After the purchase is made, the purchaser submits original receipts and other supporting documentation to the Petty Cash Custodian, along with any change remaining from the transaction.
    • The petty cash custodian notes on the Petty Cash Voucher Form the date, amount of change received and his or her initials.

    Reimbursement.
    Petty cash funds may be used to reimburse an individual who used personal funds to make a purchase of goods for University business purposes.

    • Petty cash custodian receives from the purchaser a signed original receipt supporting the purchase, gives the purchaser cash in the amount of the purchase(s) and stores the receipt(s) with the fund until a request for reimbursement is processed.

    Back to Top
  • Documentation Requirements and Obtaining a Reimbursement

    Follow these steps to properly document each petty cash transaction:

    1. Obtain an original cash register receipt or a detailed manual receipt marked "paid" that includes the following information:
      • Transaction date
      • Vendor name
      • Item(s) purchased
      • Unit price and quantity (if applicable)
      • Total amount paid
      • The signature of the person who purchased the items indicating receipt of the goods or services
    2. Retain the receipt(s). If the purchase was made using a cash advance, complete the Petty Cash Voucher Form.
    3. Attach receipt(s) to the Petty Cash Voucher (if applicable). Store the documentation in the cash fund until a petty cash fund reimbursement request is processed.

    Reimbursement of a petty cash fund occurs as often as is necessary, but at least on a monthly basis to ensure the timely recording of expenses, and at June 30 for fiscal year-end closing purposes. Follow these steps to obtain reimbursement for expenditures made from a petty cash fund.

    1. Compile all receipts
    2. Complete a Direct Payment paying particular attention to the following:
      • For Payment Amount, enter the total amount of the petty cash receipts
      • In the payment category table, enter an “X” in the box on the “Reimbursements” line
      • For Explanation of Payment, enter 'Reimbursement for Petty Cash expenditures'
      • For FOAPAL and related amount information enter the information appropriate for each of the various expenditures – the total of the entries must equal the reimbursement amount being requested.
    3. Sign the form and attach signed receipts
    4. Forward the form and supporting documents to the individual authorized in the department to approve the reimbursement and related accounting information.
      • The reviewer examines each expenditure transaction and supporting documentation for validity, appropriateness, and proper accounting coding; and verifies the accuracy of the requested reimbursement amount.
    5. Submit the form and supporting documents to the Accounting Office.
    6. A check will be issued, payable to the fund custodian.
      • The check may be cashed at any bank or at the Campus Cashier's Office.

    Back to Top
  • Special Situations and Common Oversights

    Changing the Fund Custodian
    Follow these steps to change a fund custodian:

    1. Complete form: Change Fund Custodian.
    2. Submit the completed form and supporting documentation to the Accounting Office.

    Closing a Fund or Terminating Custodianship
    Follow these steps to close a petty cash fund:

    1. Prepare the currency and coin in the full amount of the petty cash fund for deposit at the Campus Cashier’s Office, and complete a Departmental / Sub Cashier Cash Collections Deposit Form, which is available for purchase from the BayTree Bookstore paying particular attention to the following:
      • For Description, enter "Close petty cash fund" (without quotation marks)
      • For Index, enter ”110200”
      • For Document/Ref #, enter your fund custodian reference number.The reference number can be found on transmittal memo provided by the Accounting Office with the check establishing the fund or on the check stub. Further assistance is available from the Accounting Office Cash Fund Coordinator.
    2. Complete a Close Cash Fund form and submit a cash deposit receipt obtained from the Campus Cashier’s Office
      • All unreimbursed petty cash vouchers with supporting receipts.
    3. Deposit the cash at the Campus Cashier’s Office.
    4. Submit the completed Close Cash Fund form and supporting documentation to the Accounting Office.

    Theft of a Petty Cash Fund
    Follow these steps if a petty cash fund is stolen:

    1. Notify the University Police and file a theft report.
    2. Notify the Office of Internal Audit and Accounting Office Cash Fund Coordinator.
    3. Submit the following information to the Accounting Office:
      • Type of fund involved, i.e. petty cash fund
      • Date and approximate time of theft
      • Amount of missing cash
      • Description of circumstances
      • Case number assigned by the campus police
      • Description of preventative measures to be implemented
      • A completed Direct Payment requesting replenishment of petty cash fund
        • The departmental expense FOAPAL provided on the form will be charged in the amount of the replenishment.

    Ensure a trouble-free experience by avoiding these common errors:

    • Forgetting to obtain the supervisor (or designees) signature on the Change Fund Verification.
    • Forgetting to notify the Accounting Office of a change in petty cash fund custodian.

    Back to Top
  • Navigation and Accessing the Glossary

    There are two ways to navigate between topics in this guide:

    • click on the topic in the navigation bar on the left side of each page
    • move backward or forward to the next topic by clicking the "Back to _" or the "On to _" title at the bottom of the page

    Glossary words are highlighted in blue text. Simply click on the highlighted word to be directed to the glossary window.

    Note: The glossary will open on the first term that begins with the same letter as the word you clicked on. Scroll down to locate the specific term you are seeking.


    Back to Top
  • Welcome to Credit Card Transaction Guide

    This guide material is for campus personnel who will have access to credit card information either when:

    • processing a credit card transaction or
    • reviewing reports containing personal credit card information

    The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements developed by credit card companies to ensure consistent security measures for sensitive credit card holder data. All UCSC merchants, i.e. units and departments that accept credit card payments, must comply with PCI DSS requirements. Those standards require completion of this training on data security standards (DSS) by each individual prior to his/her involvement with a credit card transaction or review of a report containing credit card data.

    The information in this guide was current as of its publishing date of September 2008. However, card acceptance, processing and chargeback procedures are subject to change due to the ever changing demands of the Payment Card Industry. This guide contains information based on the current University of California Santa Cruz (UCSC) Procedure and Payment Card Industry (PCI) Security Standards. If there are any technical differences between the PCI Operating Regulations and this guide, the PCI Operating Regulations will prevail. The merchant agreement and the PCI Operating Regulations take precedence over this guide or any updates to its information.

    Some segments of this guide have been adapted from the Rules for Visa Merchants — Card Acceptance and Chargeback Management Guidelines © 2005 Visa U.S.A. Inc.


    Back to Top
  • Overview PCI-DSS and About the Program

    Almost daily, thefts of identities and personal information are reported in the news. When our customers offer their bankcard at the point of sale, over the internet, on the phone, or through the mail, they need assurance that their account information is safe. In response to this need, the Payment Card Industry Data Security Standards (PCI-DSS) were developed and adopted here at UCSC. Since June 2001, PCI has served to ensure that industry members, merchants, and service providers maintain the highest information security standards.

    WHAT
    PCI-DSS is a critical component for minimizing risk and maximizing protection. Mandated since June 2001, this robust program is intended to protect cardholder data—wherever it resides.

    WHO
    UCSC Merchants must be PCI-DSS compliant and are responsible for ensuring their compliance. The program applies to all payment channels, including: in person, mail/telephone order, and e-commerce.

    HOW
    To achieve PCI compliance, UCSC Merchants and service providers must adhere to the Payment Card Industry Data Security Standards (PCI-DSS), which offer a single approach to safeguarding sensitive data for all card brands. PCI-DSS compliance validation identifies and corrects vulnerabilities by ensuring appropriate levels of cardholder data security are maintained.

    WHY
    By complying with PCI-DSS requirements, UCSC Merchants and service providers not only meet their obligations to the Payment Card Industry, but also build a culture of security that benefits all parties.


    Back to Top
  • The Importance of Training, the Benefits and who it Applies to

    Above all else, this training serves to provide you with the knowledge and skills necessary to ensure credit card security. It is important to recognize that everyone, not just the credit card companies, benefits from the effective application of credit card security measures:

    Your customers

    • Appreciate your ability to reduce the threat of identity theft
    • Trust you to complete transactions without creating duplicate or invalid charges
    • Enjoy peace of mind, knowing that their credit card information is in good hands

    The university

    • Takes pride in a skilled workforce
    • Values your ability to build customer confidence
    • Needs your help in limiting potential losses, fines & penalties

    ... and you!

    • Will have confidence in your ability to safely and efficiently do your job
    • Will recognize and evaluate key security features on valid cards
    • Will be alert to the warning signs of fraud
    • Will know that you can make informed decisions under pressure

    Throughout the next few sections, you will learn about your role in retail fraud prevention and the appropriate steps to take if you feel that your unit's credit card security has been compromised. It is critical that you read, retain and refer to this information, as needed, so that your customers and the University are served as safely and efficiently as possible. Each section covers a unique and important part of credit card safety. This training is comprised of the following sections:

    • UCSC Procedures outline the general rules and guidelines instituted by UCSC for accepting credit cards and implementing the credit card process.
    • Payment Card Industry (PCI) Data Security Standard (DSS) discusses credit card acceptance, security, and Cardholder Information Security Program (CISP) certification policies required by PCI_DSS.
    • Card-Present Fraud Prevention explores credit card security features and other prevention tactics for Card-Present(in-store) transactions.
    • Card-Not-Present Fraud Prevention explores credit card security features and other prevention tactics for Card-Not-Present (mail, phone & online) transactions.
    • What to do if Security is Compromised explains the steps for reporting a questionable card or customer, while ensuring your personal safety and the safety of other customers and co-workers.

    This training is applicable to all campus personnel who have access to credit card information, either as a processor of credit card transactions or as a reviewer of reports that contain identifying credit card data. Throughout this training, the term “UCSC Employee” is expanded to include anyone who has access to credit card information working in any capacity for the University including:

    • Staff
    • Students
    • Faculty
    • Administrators
    • Temporary employees
    • Volunteers

    Note: The term "merchant" refers to any campus unit or department which accepts credit cards for payment - either in person or via other means, e.g. via the web.


    Back to Top
  • Overview and Accepted Forms of Payment

    Throughout this training you will learn about the credit card acceptance and security guidelines instituted by UCSC.

    Accepted forms of electronic payment

    UCSC Merchants accept the following four major credit cards:

    • Visa
    • MasterCard
    • Discover
    • American Express
    Credit Cards Accepted

    This training focuses on the security features and policies implemented by the Payment Card Industry (PCI) Data Security Standard (DSS).

    The PCI Procedures have been divided into sections by topic. It is critical that you read this information carefully and ask your supervisor for assistance if you require further information or clarification regarding your responsibilities.


    Back to Top
  • Accountability, Applicability and Employee Commitment

    The procedures covered in this training material apply to all individuals who have access to credit card information, in any form, at a University of California Santa Cruz "merchant" location. A merchant is any UCSC unit which accepts credit cards. As stated, if you have access to credit card information as part of your job responsibilities at UCSC, you are accountable for maintaining the security of that information.

    It is the responsibility of all university employees and third parties having access to cardholder data to protect that information at all times as a sacred trust. Cardholder information is to be disclosed only when there is a required business purpose.

    All UCSC merchants, employees, and third parties with access to credit card information are responsible for safeguarding the information and associated cardholder data that is in their care. Credit card and cardholder data can only be shared with others when it is done as part of normal business procedures, such as processing payments or giving transaction receipts to a supervisor at the end of a shift.

    When a university employee (or volunteer) suspects the loss or theft of any materials containing cardholder data, it is vitally important to immediately notify the supervisor and the Campus Police Department. Local police should also be contacted if the theft occurred off campus.

    Designated staff in each department will implement the procedures for security breaches that are available on the PCI Website.

    If you ever believe that there may have been a breach in the security of credit card information, regardless of whether or not you are directly involved, alert your supervisor immediately as well as Information Technology Services (ITS) at 459-HELP or help@ucsc.edu. ITS will assess the breach and contact both the UCSC Police Department and the University Controller’s Office as needed.

    Examples of lost or stolen materials containing cardholder data include, but are not limited to:

    • A credit card
    • Daily credit card terminal tapes
    • Computer files containing cardholder data

    Later in this training we will define the exact steps to take if you feel that security has been compromised.


    Back to Top
  • Employee and Volunteer Requirements/Procedures

    UCSC requires a number of standards to protect credit card information held and/or used at the University. Responsibilities and requirements for the employees/volunteers and units are listed below.

    Each full or part time employee, student employee, temporary employee or volunteer with access to more than one credit card account at a time must submit to a background check. Cashiers handling one credit card at a time are excluded from this requirement unless they also process other types of cash transactions totaling $750 or more per week.

    Each employee or volunteer must sign the Annual PCI Certification, stating that he/she has read and understands all of the PCI requirements. It is the unit supervisor's responsibility to maintain a file of these forms and to ensure each employee signs a new form annually.

    Best Practices
    • The supervisor must ensure that each employee:
      • has proper authorization prior to allowing them access to restricted data, and
      • understands that they are never to share or discuss restricted data with an unauthorized individual.
    • Always store the minimum amount of restricted data necessary for completing job functions.
    • Use unique passwords that can’t easily be guessed, and protect those passwords from being compromised.
      • Good, unique passwords use a mixture of upper and lower case letters, numbers, and symbols; are at least 8 characters in length; are easy to remember and difficult to guess.
      • Do not share passwords or private account information with anyone.
      • Use different passwords for accounts that provide access to restricted data than for your less-sensitive accounts.
    • Always physically secure files, and equipment before leaving the work area, i.e. do not leave credit card information unattended.
      • Check doors, drawers, and windows.
      • Lock up any sensitive materials.
      • Never share lock codes, access cards, keys, etc.
      • Question people in the work area whom you don't recognize.
      • Outside of normal business hours, don't hold doors open for unknown people.
    • Secure laptop computers at all times: laptops must be with their assigned employee or locked up if the employee steps away.
      • At all times: in the office, at meetings, conferences, coffee shops, etc.
      • Make sure any laptop is locked to or in something permanent!
    • Make sure the computer is protected with the most recent anti-virus software and that all necessary security "patches" and updates are current.
    • Don't keep sensitive information or your only copy of critical data on portable devices (laptops, CDs/floppies, memory sticks, PDAs, phones, etc.) unless they are properly protected.
      • These items are extra vulnerable to theft or loss.
    • Do not install unknown or unsolicited programs on computers.
      • For example, programs found out about through email.
      • These can harbor behind-the-scenes computer viruses or open a "back door" giving others access to your computer without your knowledge.
      • Ask the ITS Support Center (459-HELP) if you're not sure.
    • Make backup copies of data you are not willing to lose and store the copies very securely
    • Be safe on the internet. Do not provide personal or sensitive information (including passwords) to internet sites, surveys, or forms unless you are using a trusted, secure web page.
      • Look for "https" in the URL and the little locked padlock that appears in the corner of most browser windows to indicate that there is a secure connection.
      • Don't click on unsolicited web links, including in email or pop-ups. Just opening a malicious web page can infect a poorly protected computer, so be aware of where you are going before clicking on a web link.
      • Instead of clicking on an unsolicited web link, look up web pages you are interested in on your own and go there directly using a search engine.
    • Practice safe emailing.
      • Do not open email attachments or click on website addresses in emails unless you really know what you are opening.
      • Delete spam and suspicious emails; don't open, forward or reply to them.
      • Email that contains restricted data must be treated with care and should not be preserved any longer than absolutely necessary.
      • Make sure your email client (Thunderbird, Eudora, Outlook, etc.) is configured for secure authentication and secure sending and receiving of email. More information on this topic is available at the ITS Security Wbsite.
      • Configure your email client to delete attachments when emptying the 'Trash'. Most email programs have this choice in the preferences, settings or options.
      • Contact the ITS Support Center at 459-HELP with email questions or problems.
    • Ensure your computer requires a password to boot up or wake-up.
    • Be sure that automatic login and guest accounts are disabled on your computer.
    • Restricted data must be encrypted when it is transmitted. This includes email, remote access, and workstation/server communications.
      • If you send files or attachments containing restricted data, work with ITS to set up a way to send them securely.
    • Be sure your workstation is set up to prevent unauthorized individuals, e.g. passers-by, from viewing the information on your monitor.
    • Shut down, lock, log off, or put your computer to sleep before leaving it unattended.
      • For additional security, set up your computer to "lock," "sleep," or "auto log-off" when it is inactive.
      • To log off on a PC press <ctrl><alt><delete> simultaneously
      • To log off on an Apple go to the drop down menu under the Apple logo.

    Back to Top
  • Merchant Requirements/Procedures

    Merchant location requirements

    • Protect cardholder information so that only the last four digits of the credit card number are displayed or printed. Never send unencrypted Primary Account Numbers (PAN) by e-mail.
    • Store only credit card information that is critical to the business: name, account number, and expiration date.
    • Store only cardholder data that is encrypted or truncated.
    • Ensure that all transmissions of sensitive credit card data are encrypted.
    • Never store the three or four-digit Card Verification Value (CVV2) code in any form.
    • Do not release credit card information in any form unless there is a legitimate business purpose and then only after the request for information is reviewed and approved by the unit’s management.
    • Store and secure cardholder data in locked containers, in secured areas with limited access. Examples include electronic data, customer receipts, merchant duplicate receipts, reports, etc. Limit the amount of data stored and retention time to that which is required for business, legal, and/or regulatory purposes as documented by the department.
    • Perform an annual review of critical data storage to ensure that all security requirements are met.
    • Dispose of cardholder data according to a schedule based on business, legal and/or regulatory requirements as documented by the department. Cardholder data must be disposed of by overwriting or degaussing magnetic media; paper must be cross- shredded.
    • Provide all third party vendors with the University's credit card procedures.
    • Maintain written proof that all third party vendors are certified as PCI compliant.
    • Give any third party vendors access to credit card data only after a formal contract is signed that outlines the security requirements and requires adherence to the Payment Card Industry Security requirements.
    • Use appropriate facility entry controls to limit and monitor physical access to systems that store, process, or transmit cardholder data.
    • Have procedures to help all personnel distinguish between employees and visitors, in areas where cardholder data is accessible.
    • Destroy or completely and securely remove all restricted data from computers and electronic media (including back-ups) before disposal, re-use, or re-assignment.

    Back to Top
  • Objectives and Overview

    Completing the reading in this section will enable you to:

    • Practice the process of safe and effective Card-Present processing.
    • Identify the key security features on credit cards.
    • Locate additional security verification information.
    • Understand the importance and application of Code 10 calls.

    Some UCSC merchants process only in-store transactions in which the purchaser and the card are physically present in the campus unit/store. This type of transaction is called a 'Card Present' transaction. Other UCSC merchants may be involved in online, mail and telephone shopping options as well. Those transactions are referred to as 'Card-Not-Present' transactions which are covered later in this training material.

    If your unit will be processing both Card-Present (in-store) and Card-Not-Present (online, mail and telephone) transactions, it is important to learn the steps needed to prevent fraud in both situations.

    In this section you will learn about the key steps applicable to preventing retail fraud when processing Card-Present transactions. It is critical that you take the time to read, retain, and put these techniques into action, so that your in-store customers receive the best possible service and security.


    Back to Top
  • What to Look for on all Cards (using Visa as an Example)

    Note: Always keep payment cards in your possession during transaction processing. Holding onto the card gives you time to check card features and security elements and to compare the cardholder signature on the card with the signature on the transaction receipt.

    Visa

    Compare the printed and embossed numbers.

    A four-digit number is printed below the first four digits of the embossed account number on all valid Visa and MasterCards. These numbers should be identical. If the numbers are not identical or the printed number is missing, the card is not valid and should not be accepted.

    Look closely at the embossed account number for any signs that the card has been flattened and re-embossed. On valid cards, the numbers will be crisp and even; on altered cards, they may have fuzzy edges, or you may be able to see “ghost images” of the original numbers. The last grouping of numbers is embossed into the hologram. Pay special attention to that area, where ghost images are easiest to spot.

    Make sure the date of the transaction is no later than the date on the card. If the transaction date is after the “Good Thru date", the card has expired. In such instances, an authorization request can be called in to your authorization center, or you can ask the customer for a card that is currently valid.

    Note:

    • Always request an authorization on an expired card.
    • If the Issuer approves the transaction, proceed with the sale.
    • Never accept a transaction that has been declined.

    Each credit card company has their own unique character embossed on the front of their cards. Visa cards display a stylized embossed “V” located to the right of the “Good Thru” date on all valid Visa cards. If this character is missing or is not a “flying V”, the card should not be accepted. Master Cards issued before June 1, 2006 have a scripted “MC” in this area, and Discover Cards have a stylized “D” in between the “Member Since” and “Valid Thru” dates.

    Note: MasterCards issued after June 1, 2006 will not have the “MC” Security Character. Cards issued before June 1, 2006 will continue to be valid until their expiration date or June 2010, which ever comes first.

    Visa, MasterCard, and Discover all employ a holographic security design on their cards. The key for all holograms is that they should reflect light, appear three-dimensional, and the image in the hologram should appear to move or shift when the card is tilted back and forth. If the image looks flat or doesn’t move, the card may be counterfeit.

    On Visa cards, a dove should appear in the hologram and it should seem to “fly” when the card is tilted back and forth. MasterCards have interlocking globes showing the continents with the word “MasterCard” in the background. The Discover card hologram shows a celestial sphere made of interlocking rings and an arrow pointer. The word “DISCOVER” appears in very small letters on the shaft of this arrow. The background of the image consists of a repetitive wave pattern with stars scattered throughout.

    Note: On MasterCards, the hologram may appear on the back of the card.

    The signature panel is similar for all card types. It should be white with the brand name of the card written repeatedly at an angle across the length of the panel. For example, Visa card signature panels display the word “VISA” reprinted in a diagonal pattern in blue, or blue and gold. On MasterCards, the word “MasterCard” is repeated at an angle in red, yellow, and blue, while “Discover Network” appears diagonally on the signature panel of Discover Cards.

    In addition, the words “Authorized Signature” and “Not Valid Unless Signed” appears either above, below, or beside the signature panel of most credit cards.

    If someone has tried to erase the signature panel, you may see the word “VOID” where the brand name should be displayed. Other signs of tampering include white tape or correction fluid, or “ghost images,” indicating that a criminal has written over or altered the original signature. An altered signature panel means the card is invalid.

    On the back of the card, the account number, followed by a three- or four-digit code, may be printed on the signature panel in inverse italics (leaning left). The 3- or 4-digit code is a security and validation code, also referred to as the Card Verification Value2 (CVV2). The CVV2 is used primarily in Card-Not-Present transactions to verify that the customer is in possession of a valid credit or debit card at the time of the sale.

    If any card security features are missing or look altered, notify your supervisor so that they can decide whether or not it will be necessary to place a Code 10 call to your authorization center.


    Back to Top
  • Transactions Overview

    Card Present transactions are those in which both the card and cardholder are present at the point of sale.

    UCSC Merchants are required to take all reasonable steps to assure that the card, cardholder, and transaction are legitimate. Proper card acceptance begins and ends with sales staff and is critical to customer satisfaction and profitability.

    Doing it right at the point of sale

    Whether you are experienced or new to the job, following these few basic card acceptance procedures will help you to do it right, the first time and every time. The illustration below provides an overview of the card acceptance steps that are to be followed at the point of sale. Each step is explained in greater detail in this section.

    Accepted

    Back to Top
  • Card Transaction Procedures

    On the back of every credit and debit card, is a magnetic stripe. The stripe contains the cardholder name, card account number, and expiration date, as well as special security information designed to help detect counterfeit cards. When the stripe is swiped through the terminal, this information is electronically read and relayed to the card issuer, who then uses it as crucial input for the authorization decision.
    Note:

    • Swipe the card to request transaction authorization.
    • Hold the card throughout the entire transaction.

    Most Point of Sale terminals (POS) also allow merchants to verify that the account number embossed on the front of the card is the same as the account number encoded on the card’s magnetic stripe. How you check the numbers depends on your POS terminal. In some cases, the magnetic stripe number is displayed on the terminal or printed on the sales receipt. In others, the terminal may be programmed to check the numbers electronically. In such instances, you may be prompted to enter the last four digits of the embossed account number, which will then be matched against the last four digits of the account number on the magnetic stripe.

    Only the last four digits of the account or credit card number should be printed on a transaction receipt. If the numbers don’t match, you will receive a “No Match” message. In such instances, discreetly notify your supervisor who will decide whether or not it is necessary to make a Code 10 call

    In some instances, when a card is swiped, the terminal will not be able to read the magnetic stripe or perform an authorization. When this occurs, it usually results from one of three causes:

    • The terminal’s magnetic-stripe reader is dirty or out-of-order.
    • The card is not being swiped through the reader correctly.
    • The magnetic stripe on the card has been damaged or demagnetized.

    Note: Damage to the card may happen accidentally, but it may also be a sign that the card is counterfeit or has been altered.

    • Check the terminal to make sure that it is working properly and ensure that you are swiping the card correctly.
    • If the terminal is okay, take a look at the card’s security features to make sure the card is not counterfeit or has not been altered in any way (See: Card Features and Security Elements).
    • If the problem appears to be with the magnetic stripe, follow store procedures. You may be allowed to use the terminal’s manual override feature to key-enter transaction data for authorization, or you may need to make a call to your voice-authorization center.

    Key-entered transactions are fully acceptable, but they are associated with higher fraud chargeback rates. In addition, when transactions are key-entered, the benefits associated with special security features—such as the expiration date and Card Verification Value 2 (CVV2)—are not available.


    Back to Top
  • Authorization Responses and Approval

    The authorization process allows the card issuer to approve or decline a transaction. In most cases, authorizations are processed electronically in a matter of moments. However, to protect against fraud, the card issuer may request additional information about the transaction. If done properly, authorizing a transaction is quick and easy, and protects merchants against fraud and chargebacks.

    Authorization should be seen as an indication that account funds are available and the card has not been reported as lost or stolen. It is not proof that the true cardholder or a valid credit card is involved in a transaction.

    During the authorization process, you should receive one of the responses listed in the following table, or one that is similarly worded.

    Response Meaning
    Approved Card issuer approves the transaction. This is the most common response—about 95% of all authorization requests are approved.
    Declined or Card Not Accepted Card issuer does not approve the transaction. The transaction should not be completed. Return the card and instruct the cardholder to call the card issuer for more information on the status of the account.
    Call, Call Center, or Referrals Card issuer needs more information before approving the sale. Most of these transactions are approved, but you should call your authorization center and follow whatever instructions you are given. In most cases, an authorization agent will ask to speak directly with the cardholder or will instruct you to check the cardholder’s identification.
    (See: Signature unsigned cards for acceptable forms of ID.
    Pick-Up This response indicates that the card issuer would like the card to be confiscated from the customer. However, UCSC Employees should not attempt to pick up credit cards, even when the card issuer requests this action, as this could potentially cause confrontation and safety issues.
    No Match The embossed account number on the front of the card does not match the account number encoded on the magnetic stripe. Swipe the card again and re-key the last four digits at the prompt. If a “No Match” response appears again, it means the card is counterfeit. Discreetly notify your supervisor that it is necessary to make a Code 10 call.

    When a transaction is approved, the Point of Sale (POS) terminal automatically prints a sales receipt. When a negative or alert message is received, the response is displayed on the POS terminal, and no sales receipt is printed. Whatever the message, continue to treat the customer courteously so as not to arouse alarm or suspicion.


    Back to Top
  • Signature and Identification

    The final step in the card acceptance process is to ensure that the customer signs the sales receipt and to compare that signature with the signature on the back of the card. When signing the receipt, the customer should be within your full view, and you should check the two signatures closely for any obvious inconsistencies in spelling or handwriting.

    While checking the signature, you should also compare the name, account number, and signature on the card to those on the transaction receipt.

    1. Match the name and last four digits of the account number on the card to those printed on the receipt.
    2. Match the signature on the back of the card to the signature on the receipt. The first initial and spelling of the surname must match.

    Note: The embossed name and signature do not need to be the same.

    Visa

    For suspicious or non-matching signature, notify your supervisor discreetly that it is necessary to make a Code 10 call.
    Note: If the transaction is accepted with a non-matching signature and it turns out to be fraudulent, your business may be liable, even if all other procedures were followed.

    While checking card security features, also make sure that the card is signed. An unsigned card is considered invalid and should not be accepted. If a customer gives you an unsigned card, the following steps must be taken:

    1. Check the cardholder’s ID. Ask the cardholder for some form of official government identification containing their photograph, such as a driver’s license or passport. Social Security Cards are not acceptable forms of identification. The ID serial number and expiration date should be written on the sales receipt before you complete the transaction.
    2. Ask the customer to sign the card. The card should be signed within your full view, and the signature checked against the customer’s signature on the ID. A refusal to sign means the card is still invalid and cannot be accepted. Ask the customer for another signed credit card.
    3. Compare the signature on the card to the signature on the ID. If the cardholder refuses to sign the card, and you accept it, you may end up with financial liability for the transaction should the cardholder later dispute the charge.

    Note: The words “Not Valid Without Signature” appear above, below, or beside the signature panel on most credit cards.

    Some customers write “See ID” or “Ask for ID” in the signature panel, thinking that this is a deterrent against fraud or forgery; that is, if their signature is not on the card, a fraudster will not be able to forge it. In reality, criminals don’t take the time to practice signatures: they use cards as quickly as possible after a theft and prior to the accounts being blocked. They are actually counting on you not to look at the back of the card and compare signatures—they may even have access to counterfeit identification with a signature in their own handwriting.
    “See ID” or “Ask for ID” is not a valid substitute for a signature. The customer must sign the card in your presence, as stated above.

    Note: A refusal to sign means the card is still invalid and cannot be accepted. Ask the customer for another signed credit card.

    In addition to following all standard card acceptance procedures, be on the lookout for any customer behavior that appears suspicious or out of the ordinary.

    At the point of sale

    • Purchasing large amounts of merchandise with seemingly no concern for size, style, color, or price
    • Asking no questions or refusing free delivery on large items (for example, heavy appliances or televisions) or high-dollar purchases
    • Trying to distract or rush sales associates during a transaction
    • Making purchases, leaving the store, and then returning to make more purchases
    • Making purchases either right after the store opens or just before it closes

    Of course, peculiar behavior should not be taken as automatic proof of criminal activity. Use common sense and appropriate caution when evaluating any customer behavior or other irregular situation that may occur during a transaction. You know what kind of behavior is normal for your particular place of business.

    If you feel really uncomfortable or suspicious about a cardholder or transaction, notify your supervisor discreetly that it is necessary to make a Code 10 call. In any situation where making the call with the customer present feels inappropriate or unsafe, complete the transaction, return the card, and make the call immediately after the customer leaves.
    See: Code 10 Calls for additional information.


    Back to Top
  • Minimize Key Entered Transactions

    The best practices listed in this section will help keep key-entered transactions at acceptably low levels and should be incorporated into your daily operations, staff training and review sessions.

    If your key-entered rates are greater than one percent per terminal or sales associate, investigate the situation and try to find out why. The following chart summarizes the most common reasons for high key-entry rates and provides possible solutions.

    Key-Entry Cause Solution
    Damaged Magnetic-Stripe Check magnetic-stripe readers regularly to make sure they are working.
    Dirty Magnetic-Stripe Clean magnetic-stripe reader heads several times a year to ensure continued good use.
    Magnetic-Stripe Reader Obstructions Remove obstructions near the magnetic-stripe reader. Electric cords or other equipment could prevent a card from being swiped straight through the reader in one easy movement.
    Spilled Food or Drink Do not place any food or beverages near the magnetic stripe reader. Falling crumbs or an unexpected spill could soil or damage the machines.
    Anti-Theft Devices that Damage Magnetic Stripes Keep magnetic anti-theft deactivation devices away from any counter area where customers might place their cards. These devices can erase a card's magnetic stripe.
    Improper Card Swiping Swipe the card once in one direction, using a quick, smooth motion. Never swipe a card back and forth. Never swipe a card at an angle; this may cause a faulty reading.

    Back to Top
  • Code 10 Calls

    Code 10 calls allow UCSC merchants to alert card issuers of suspicious activity and to take appropriate action when instructed to do so. You or your supervisor should make a Code 10 call to your voice authorization center whenever you are suspicious about a card, cardholder, or a transaction. The term “Code 10” is used so the call can be made at any time during a transaction without arousing a customer’s suspicions.

    To make a Code 10 call, you or your supervisor will call the credit card company’s voice authorization center, and say, “I have a Code 10 authorization request.”

    It is important to note that Code 10 calls can be time consuming. The call may first be routed to a representation of your merchant bank who may need to ask you for some merchant or transaction details. You will then be transferred to the card issuer and connected to a special operator who will ask you a series of questions that can be answered with a simple yes or no.

    • When connected to the special operator, answer all questions calmly and in a normal tone of voice. Your answers will be used to determine whether the card is valid.
    • Follow all operator instructions.
    • If the operator tells you to pick up the card, do so only if recovery is possible by reasonable and peaceful means. UCSC employees are not obligated or expected to confiscate credit cards.

    Sometimes you may not feel comfortable making a Code 10 call while the cardholder is at the point of sale, or you may become suspicious of a cardholder who has already left the store even if the transaction was not completed.

    It is important to know that Code 10 calls can be made even after a cardholder leaves the store. A Code 10 alert at that time may help stop fraudulent card use at another location, or perhaps during a future transaction at your store.

    Be prepared to provide as much customer information as you can - e.g. name on card, type of card (e.g. MasterCard) and card number.


    Back to Top
  • Objectives and Overview

    Completing the reading in this section will enable you to:

    • Safely and effectively process card-not-present transactions, including international and internet transactions.
    • Identify and successfully react to suspicious transactions.

    Every day, the number of purchases conducted via mail, telephone, and internet increases. These transactions are significantly different from traditional in-store sales, in that neither the customer nor the credit card are present at the merchant location during the transaction, making it especially difficult to detect fraud.

    Of necessity, card acceptance procedures for these “card-not-present” transactions are different from in-store, i.e. "card present" purchases. UCSC employees who conduct card-not-present transactions must exercise extreme caution and follow procedures precisely in order to verify — to the greatest extent possible — the cardholder’s identity and the validity of the purchase.

    Many credit card processors require card-not-present merchants to ask customers for their Card Verification Value 2 (CVV2) number as an additional security measure. See: Security Rules for additional information on CVV2 requirements.

    This section covers basic card acceptance procedures for mail, telephone, and internet transactions. It also includes resources and best practices that all card-not-present merchants can use to prevent fraud and chargebacks.


    Back to Top
  • Merchant Web Site Requirements

    The Payment Card Industry Standards require that certain content or features be included on your Web site. The following elements are intended to promote ease of use for online shoppers and reduce cardholder disputes and potential chargebacks.

    Complete description of goods and services.
    Remember you have a global market, which increases opportunities for unintended misunderstandings or miscommunications. For example, if you sell electrical goods, be sure to state voltage requirements, which vary around the world.

    Customer service contact information.
    This includes e-mail address and phone number. Online communication may not always be the most time-efficient or user-friendly for some customers. Including a customer service telephone number as well as an e-mail address promotes customer satisfaction.

    Return, refund, and cancellation policy.
    This policy must be clearly posted on the merchant Web site.

    Delivery policy.
    UCSC Merchants set their own policies about delivery of goods, that is, if they have any geographic or other restrictions on where or under what circumstances they provide delivery. Any restrictions on delivery must be clearly stated on the web site.

    Country of origin.
    The permanent address of your establishment must be listed on the web site including the street name, number, city, state, country, and zip code.


    Back to Top
  • Best Practices for the Web

    Suggested best practices for UCSC Merchant Web sites include:

    • Encourage cardholders to retain a copy of the transaction.
    • Indicate when credit cards are charged.
    • Provide order-fulfillment information.
      • State timeframes for order processing and send an e-mail confirmation and order summary within one business day of the original order.
      • Provide up-to-date stock information if an item is back-ordered.
    • Explicitly state customer service timeframes.
      • Ideally customer service e-mails or phone calls should be answered within two business days.
    • State directly on the main Web site which security controls are used to protect customers.
      • For instance, UCSC Merchants should clearly state that UCSC is PCI compliant.

    Back to Top
  • Suspicious Behavior/Transactions

    Card-not-present merchants need to develop in-house policies and procedures for handling irregular or suspicious transactions and provide appropriate training for their sales staff. Being able to recognize suspicious orders may be particularly important for merchants involved in telephone sales, and employees should be given clear instructions on the steps to take to verify these transactions.

    Be on the lookout for any of the following signs of suspicious customer behavior/transactions:

    • Hesitation: Beware of customers who hesitate or seem uncertain when giving you personal information, such as a zip code or the spelling of a street or family name. This is often a sign that the person is using a false identity.
    • Rush orders: Urgent requests for quick or overnight delivery—the customer who “needs it yesterday”—should be another red flag for possible fraud. While often perfectly valid, rush orders are one of the common characteristics of “hit and run” fraud schemes aimed at obtaining merchandise for quick resale.
    • Random orders: Watch out also for customers who don’t seem to care if a particular item is out of stock —”You don’t have it in red? What colors do you have?”—or who order haphazardly—”I’ll take one of everything!” Again, orders of this kind may be intended for resale rather than personal use.
    • Suspicious shipping address: Scrutinize and flag any order with a ship to address that is different from the billing address on the cardholder’s account.
    • Requests to ship merchandise to post office boxes or an office address are often associated with fraud.
    • If you experience fraud on sales that are shipped, consider creating a list of those zip codes to identify possible areas where high fraud rates are common. Verify any order that has a ship-to address in these areas.
    • If your business does not typically service foreign customers, use caution when shipping to addresses outside the United States, particularly if you are dealing with a new customer or a very large order.
    • When examining what appears to be an unusual order, keep in mind that if the sale sounds too good to be true, it probably is.

    Back to Top
  • Fraud Prevention

    Authorization is required on all electronic payment transactions. Authorization should occur before any merchandise is shipped or service performed. The following process is critical for fraud prevention during card-not-present transactions.

    Whenever possible, card-not-present merchants should ask customers for their card expiration, or Good Thru date and include it in their authorization requests.

    Including the date helps to verify that the card and transaction are legitimate. A mail order, telephone order, or internet order containing an invalid or missing expiration date may indicate counterfeit or other unauthorized use.

    Asking for the Card Verification Value 2 (CVV2) helps to ensure the validity of the card being used and the fact that the buyer has the credit card in hand.


    Back to Top
  • Objectives

    Completing the reading in this section will enable you to:

    • Understand the 12 Payment Card Industry Data Security Standards (PCI-DSS)
    • Understand the rules and requirements of PCI
    • Know your responsibilities as a UCSC Merchant and UCSC employee handling credit card information
    • Identify the penalties for PCI non-compliance

    Back to Top
  • Security Standards

    The Payment Card Industry (PCI) Data Security Standards (DSS) Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for credit card data protection. The PCI Security Standards Council’s mission is to enhance credit card data security by fostering broad adoption of the PCI Security Standards.

    The 12 PCI Security Standards

    Build and maintain a secure network

    • Install and maintain a firewall configuration to protect data
    • Do not use vendor-supplied defaults for system passwords and other security parameters

    Protect cardholder data

    • Protect stored cardholder data
    • Encrypt transmission of cardholder data across open, public networks

    Maintain a vulnerability management program

    • Use and regularly update anti-virus software
    • Develop and maintain secure systems and applications

    Implement strong access control measures

    • Restrict access to cardholder data by business need-to-know
    • Assign a unique ID to each person with computer access
    • Restrict physical access to cardholder data

    Regularly monitor and test networks

    • Track and monitor all access to network resources and cardholder data
    • Regularly test security systems and processes

    Maintain an information security policy

    • Maintain a policy that addresses information security

    If you ever feel unsure about the legitimacy of a card or the intentions of a customer, trust your instincts. No one is harmed by a false alarm – but if you ignore the warning signs of fraud, it could cost you, your store, and your customers a lot of time and money. If a sale seems too good to be true, it probably is. We hear all too often that what a merchant thought to be a great sale, turned out to be fraud. So take the time to check out that huge order from a customer with whom you’ve never done business. That little bit of extra work may well prevent you from being the victim of a fraud scheme.


    Back to Top
  • Security Breach

    This section covers the steps to take if you feel that your store’s security has been compromised. Read these steps carefully, so that you are prepared to implement them in the case of a security emergency.

    If you experience a suspected or confirmed security breach:

    • Immediately contain and limit the exposure. Physically disconnect the computer or device from the network and turn off any wireless connections.
    • To prevent any further loss of data, conduct a thorough investigation as soon as possible. Investigations must be conducted within 24 hours of the compromise.
    • If you suspect a compromise of data:
      • Have your Supervisor contact ITS at help@ucsc.edu with:
        • your contact information including name, phone number and e-mail address and
        • a brief description of the security breach or issue/problem.
    • ITS will determine the extent of the breach and notify the Police Department and the University Controller's Office to take the appropriate action.
    • Do not access or alter compromised systems. Do not log onto the machine or change passwords.
    • Preserve logs and electronic evidence. Log all actions taken.
    • Be on HIGH alert and monitor all credit card systems.

    In the event of a security breach, ITS will contact the University Controller's Office to discuss the compromise situation and review the actions required to demonstrate the ability to prevent future loss or theft of transaction information.

    Merchant banks may be subject to fines of up to $500,000 per incident if a security breach is caused by a merchant or service provider who is not PCI compliant. Merchant banks will not be fined if the compromised merchant or service provider is PCI compliant at the time of the security breach.


    Back to Top
  • UCSC Merchant Preparedness

    Each UCSC Merchant location should maintain written procedures on the processing of credit card, debit card, and electronic payments. Those procedures need to include specific instructions on how and when to conduct Code 10 calls, and how to respond to a security breach. Written procedures should be made available to all employees.


    Back to Top
  • Security Rules

    1. All UCSC Merchants and employees must follow basic card acceptance rules for all electronic transactions. Careful and consistent adherence to the UCSC rules outlined in this section will help enhance customer satisfaction and increase your unit’s profitability. If you have any questions about any of the UCSC rules presented here, ask your supervisor for assistance.
    2. Always honor valid credit cards, regardless of the dollar amount of the purchase. Imposing minimum or maximum purchase amounts is a violation of our Merchant agreement.
    3. Always treat electronic transactions like any other transaction; that is, you may not impose any surcharge on over the counter credit card transactions. You may, however, offer a discount for cash transactions, provided that the offer is clearly disclosed to customers and the cash price is presented as a discount from the standard price charged for all other forms of payment.
    4. Include any required taxes in the total transaction amount. Do not collect taxes separately in cash.
    5. Deposit forms are due to the Main Cashier’s Office on a weekly basis. Your credit card terminal is to be cleared out on a nightly basis.
    6. Merchants should also be aware of the following data security requirements:
      • Magnetic-stripe data. Do not store magnetic-stripe data after receiving authorization. After a transaction is authorized, the full contents of track data, which is read from the magnetic stripe, must not be retained on any system. The account number, expiration date, and name are the only elements of track data that may be retained when held in a CISP compliant manner.
      • Avoid security code storage. The Security Code, also known as the Card Verification Value 2 (CVV2), is the 3- or 4-digit value that is printed on the back of most credit cards. The one exception is American Express who prints the CVV2 on the front of the card, above and to the right of the embossed account number. The CVV2 number must never be retained or stored after a transaction. If the CVV2 number is recorded on a form when collected by phone, that data must be destroyed once the transaction is completed. All UCSC Merchants and employees are prohibited from storing security code data. When asking a cardholder for their security code, merchants must not document this information on any kind of paper order form or store it in any database.
    7. Keep cardholder account numbers and personal information confidential. Cardholders expect you to safeguard any personal or financial information they may give you in the course of a transaction. Keeping that trust is essential to fraud reduction and good customer service. Cardholder account numbers and other personal information should be released only to your merchant bank or processor, or as specifically required by law.

    Back to Top
  • Security Penalties

    The Payment Card Industry has established fines of up to $500,000 per incident for security breaches when merchants are not PCI compliant.

    In addition, it is required that all individuals whose information is believed to have been compromised must be notified in writing to be on alert for fraudulent charges. As such, the potential cost of a security breach can far exceed $500,000 when the cost of customer notification and recovery is calculated.


    Back to Top
  • Potential Cost of a Security Breach

    • Fines of $500,000 per incident for being PCI non-compliant
    • Increased audit requirements
    • Potential for campus wide shut down of credit card activity by our merchant bank
    • Cost of printing and postage for customer notification mailing
    • Cost of staff time (payroll) during security recovery
    • Cost of lost business during register or store closures and processing time
    • Decreased sales due to marred public image and loss of customer confidence

    Back to Top
  • Glossary

    Back to Top
  • Cash Controls, Cash Funds and Petty Cash Policy References

    UC Accounting Manual Section C-173 Cash – Cash Controls

    UC Accounting Manual Section C-173-14 Campus Cash Collection Deposits

    UC Business and Finance Bulletin BUS-49 - Policy for Handling Cash and Cash Equivalents Received

    UC Accounting Manual Section C-173-61 Petty Cash Disbursements


    Back to Top
  • Where to get Help

    Assistance with your cash handling questions can be directed to Emerson Murray, Campus Cash Control Coordinator, Campus Cashier’s Office. Assistance with your cash-related accounting questions can be directed to the Financial Accounting and Reporting Office.

    Assistance is available for your change fund and petty cash related questions from the Accounting Office - Financial Accounting and Reporting Office.


    Back to Top
  • Cash Handling Contacts

    Cash Handling Contacts

    Murray, Emerson
    emersonm@ucsc.edu
    (831) 459-3073     		Receivables and Cash Handling Coordinator

    Fund/Petty Cash Fund Contacts

    Jarvis, Rob
    rsjarvis@ucsc.edu
    (831) 459-5294     		General Accountant
    Moran, Ed
    efmoran@ucsc.edu
    (831) 459-1926     		General Accounting Manager

    Back to Top
  • Introduction Cashier Training

    Cash handling training is required for all UC Cashiers and Cash Handlers on an annual basis. This training and quiz meet that requirement. Each year, cash handlers at UCSC collect and process over $100 million. All of this cash is used to help the campus fulfill its teaching, research and public service mission.

    Because of this, it is critical that cash be handled, secured, and processed properly at all times. As has been demonstrated repeatedly over the years, any instance of mishandling cash can be very damaging to the reputation and credibility of the University.

    This Basic Cash Handling self-paced training guide is intended to provide you with the information you need to know to properly handle, secure, and process University cash.

    As our campus continues to grow, there will, most likely, be an increasing level of cashiering activities, resulting in a corresponding increase in the likelihood of an associated risk occurring.

    Financial Affairs has taken a proactive role by providing education and this on-line training to all cashiers and cash handlers to strengthen controls and reduce the risks.

    You must answer 80% of the Training Quiz questions correctly in order to pass. If you would like an actual certificate emailed to you, please email Campus Controls and Compliance Manager Ivan Ditmars at iditmars@ucsc.edu

    Contents of This Training

    1. What is Cash?
    2. Responsibility
    3. Starting Your Day
    4. Cashier Identification
    5. Receipts
    6. Handling Cash
    7. Counterfeit Notes
    8. Checks, Traveller's Checks, and Money Orders
    9. Credit and Debit Cards
    10. Separation of Duties and Dual Custody

    As you can see there is a lot to get done. Let's get started.


    Back to Top
  • Overview

    Welcome

    As the scale shows, we believe that an ounce of prevention is more important than a pound of cure. This basic cash control information has been divided into eight topic areas to expedite your review and completion of the training material in multiple short sessions if that is your preference.

    Welcome

    In addition, campus resources are listed to answer any questions you may have now or in the future related to cash handling. Completion of the entire training material will take approximately 30-60 minutes.


    • Practice exercises are included in some lessons.
    • The optional exercises are for you to practice applying the information that was just presented. These are not tests and will not be scored or seen by anybody other than you, so don't worry about guessing. To view the exercise(s) click the golden "Take the exercises" button located near the bottom of some topic segments.
    • There are two ways to navigate between topics
      • click on the topic in the navigation bar on the left side of each page.
      • or move forward to the next topic by clicking the "On to ___" image at the bottom of each page.
    • Glossary words are highlighted in blue text. Simply click on the highlighted word to be directed to the glossary window.
      Note: the glossary will open on the first term that begins with the same letter as the word you clicked on. Scroll down to locate the specific term you are seeking.
    • When you are ready to begin, click "On to Goals" below or select a topic from the left navigation bar on this page.

    The foundation for this class is UC Business and Finance Bulletin BUS-49, Cashiering Responsibilities and Guidelines. If you are seeking training on the Payment Card Industry Data Security Standard (PCI-DSS) click here.

    Training Goals

    • Our training goal is to increase every cash handler's knowledge and understanding of the associated risks and controls so that each of you (the cash handlers) are protected and kept above suspicion.
    • What you should get out of this training:
      • An understanding of the UCSC cash handling process
      • An understanding of the key controls in the UCSC cash handling process
    • What the training will cover:
      • The various forms of Cash payments
      • A review of the three types of Cash Handlers as defined by BUS-49
      • A review of BUS-49 policy areas, and cash handling activities
      • General guidelines for Petty Cash and Change Fund custodians
      • Principles of good cash handling and their application in daily cashiering activities
      • A listing of UCSC resources available to assist in the review and evaluation of risks in cash handling activities

    Back to Top
  • Background

    Money Makes the world go 'Round'

    If instruction, research and public service are the engine that make UCSC go, cash is the fuel that makes the engine run.

    Each year, cash handlers at UCSC collect and process over $100 million. All of this cash is used to help the campus fulfill its teaching, research and public service mission. Because of this, it is critical that cash be handled, secured, and processed properly at all times. As has been demonstrated repeatedly over the years, any instance of mishandling cash can be very damaging to the reputation and credibility of the University. This Cash Control Training is intended to provide you with the information you need to know to properly handle, secure, and process University cash receipts.

    Welcome

    As our campus continues to grow, there will, most likely, be an increasing level of cashiering activities, resulting in a corresponding increase in the likelihood of an associated risk occurring.

    Financial Affairs has taken a proactive role by providing education and this on-line training to all cashiers and cash handlers to strengthen controls and reduce the risks.

    A Bit of History

    Handling cash is a very sensitive activity at UCSC - and at any organization. Most of UCSC's funding is either public money (state and federal funds) or donor contributions, making any loss very sensitive. Everyone needs cash, and some people will do anything to get it. Thefts of cash, at each of the UC campuses (except Merced, the newest campus) and even at the Office of the President (UCOP) have made headlines. Such thefts are not unique to UC; the same problem occurs in other colleges and universities as well as all other types of businesses.

    Losses range from minimal to very significant. One of the largest losses within the UC system occurred at UCSF where the head cashier embezzled $4.7 million and used the monies to support her daughter's fledgling retail store and magazine publishing business. The events were reported in the San Francisco Chronicle, the Wall Street Journal and other major newspapers throughout the country.

    Such headlines have an effect on the public's perceptions about UC. Here are some of the entities who have a stake in the reputation of the University of California whose perceptions may be impacted by the headlines.

    • Private citizens and foundations
    • Students and potential students
    • Research organizations
    • The governor, the State legislature, and California taxpayers
    • UC employees

    When proper financial controls are in place, thefts may be prevented or discovered early when the dollars involved are minor. This significantly lessens the chance that the loss will become widely known or result in a banner newspaper headline.

    You can read more about the UCSF embezzlement in the San Francisco Chronicle archives.

    Fiduciary Responsibility

    The University placed a special trust in you when it delegated to you the task of handling University cash and checks. You now have what is called a fiduciary responsibility. This term means that you are now acting in the University's behalf and must do so in a responsible way. And this means using good cash handling practices to:

    • Account for and deposit in a timely way all cash, checks received, and credit card recordings.
    • Protect University cash, checks and credit card recordings from loss or theft.
    • Make sure that funds/monies received are used for University purposes.

    Good cash handling and control practices are the subject of this course. The main point is that as an approved Cash Handler, you must start implementing cash control practices the moment you receive cash until it is accounted for with proper documentation, and deposited appropriately.


    Back to Top
  • Terminology

    Several terms used in the Business and Finance Bulletin BUS-49 need to be defined to help you understand the University's cash handling policy. The basic terms fall into one of the three following categories:

    1. What is considered cash
    2. Defining Cash Handlers and Fund Custodians
    3. Cash Handling Roles

    What is Considered Cash

    When most of us think of cash (and who hasn't), we tend to think of paper money and coins. And that is certainly true.

    Money

    But Business and Finance Bulletin BUS-49, the UC policy related to cash handling, when it refers to cash, it is really talking about a much broader spectrum of financial items. The goal of this page is to clarify the various forms of payment and other items that are included in the University's definition of cash.

    In the USA, our currency is expressed in dollars and cents. Both bills and coins, in all denominations, make up our currency.
    Cash as defined in BFB BUS-49 includes all of the following:

    Cash and cash equivalents

    • Currency
    • Checks
    • Credit card recordings
    • Money orders
    • Bank notes
    • Traveler's checks
    • Cashier's checks

    Securities are items that are easily transferable or converted into currency ($$$)

    • Stamps
    • Tokens
    • Parking permits
    • Tickets - for example for entertainment, meals

    E-Commerce

    • Debit & credit ACH Transactions
    • Other forms of electronic funds transfers (EFTs)

    All of the above items are treated the same and will be referred to as cash. When you are asked how much money does your unit receive or handle, you need to include all of the above items.

    Cash Handler Positions for Policy

    Business and Finance Bulletin BUS-49, the UC policy related to cash handling, defines the following cash handling positions:

    • Cashier
    • Cash Handler
    • Departmental Cash Handler
    • Fund Custodian

    The job duties associated with each of these terms are listed in the next topic segment. Once you know the cash handling title that matches the duties you perform, you will be better able to comply with the applicable BUS-49 policy requirements. Understanding the differences in the job titles will also aid in your understanding of the University's cash handling policies.

    Defining Cash Handlers

    Cashier: A person who works in a main cashiering station. The primary function of this individual is cash handling, payment processing and preparing deposits that go directly to the bank.

    These are the two main cashiering stations at UCSC:

    • Campus Cashier's Office
    • University Extension (UNEX)

    Cash Handler: A person who frequently handles cash, processes payments and prepares deposits to a main cashiering station. A few examples of units at UCSC with this level of cash handling include:

    • Arboretum Gift Shop
    • Bay Tree Bookstore
    • Event Ticket Office
    • Ocean Discovery Shop at Long Marine
    • Office of Physical Education & Recreational Services (OPERS)
    • Transportation and Parking Services (TAPS)

    In BUS-49, a unit with this level of activity is called a sub-cashiering unit. There are approximately 50 sub-cashiering units at UCSC. In general, this type of unit operates cash handling equipment, e.g. a cash register, and routinely deposits to a main cashiering station.

    Departmental Handler: A person who infrequently handles cash or processes deposits. Examples of the types of funds that may be received and processed include gifts, donations, and telephone or photocopy reimbursements.

    In BUS-49 a unit with this level of activity is referred to as a cash handling department/unit. In general, deposits to a main cashiering station occur only occasionally for this type of unit.

    Fund Custodian: A person who has been assigned responsibility for administering either a petty cash or change fund.

    Cash Flow

    Here's a visual representation of how cash flows from cash handling units and sub-cashiering stations to the bank.

    Cash

    NOTE: UCSC cash handling equipment, including cash registers and point of sale systems, must meet minimum requirements. See BUS-49 or contact the Internal Audit or Cashier's Office for additional information.

     

    Back to Top
  • Cash Handling Roles

    There are several processes involved with cash handling. Below is a brief description of each of the Cash Handling Roles. As you look through this list, think of how you would design a process in your unit that recognizes the importance of each function in controlling the risks involved in cash handling. Following the roles, are two charts showing appropriate separation of duties in a two person and a three person office.

    Handling cash
    Individual who accepts cash payments, endorses checks and issues a receipt; this individual has access to cash.

    Preparing deposit
    Individual counting cash and preparing the Departmental / Sub-Cashier Cash Collections Deposit form or the bank deposit form; this individual has access to cash.

    Reconciling receipts to deposit
    Individual comparing amount of cash collected based upon cash register tape totals, manual receipt book total, or receipt or admission number sequences to cash deposit amount.

    Recording deposit to general ledger
    Individual approving the Departmental / Sub- Cashier Cash Collections Deposit form to ensure the individual preparing a deposit is different than the individual handling cash; this individual may not handle or have access to cash.

    Making cash deposit
    Individual making cash deposit to either a main cashiering station or departmental cash handling station; this person has access to cash.

    Comparing deposits to GL entries
    Individual comparing amount of daily cash deposit appearing in monthly general ledger with amount recorded on miscellaneous cash receipt report; this person may not handle or have access to cash.

    Cash Handling Roles Matrix
    The matrices below shows appropriate separation of duties for cash handling roles for three person and two person operations.

    Three person cash handling operation
    Role Handling cash Preparing deposit Reconciling receipts to deposit Recording deposit to GL Making cash deposit Comparing deposits to GL entries
    Individual #1 X X
    Individual #2 X
    Individual #3 X X X
    Two person cash handling operation
    Role Handling cash Preparing deposit Reconciling receipts to deposit Recording deposit to GL Making cash deposit Comparing deposits to GL entries
    Individual #1 X X X
    Individual #2 X X X

    In the next section, Critical Policy Activities, we'll cover the importance of separation of duties involving authorization, record keeping, access to cash and reconciliation functions and tie them back to these roles.


    Back to Top
  • Critical Policy Activities

    Business and Finance Bulletin BUS-49, the UC policy related to cash handling, defines the following four critical policy activities:

    These four policies are the core of what is outlined in BUS-49, therefore it is important that everyone with cash handling responsibilities understand what these are all about and how they relate to your job duties. The interrelation between these key activities is the foundation for a strong control environment that protects both the University and you, as a handler of cash.

    Here's an image of how these policies interact.

    Cash 

    1st Activity - Accountability

    Accountability requires the person to have the authority to carry out the task. An employee receives a delegation of authority to handle cash either through his/her job description that includes cash handling responsibilities. Any person who has delegated a task to someone remains accountable for ensuring the task is properly performed. Tasks can be delegated to someone only if that individual:

    • Possesses the appropriate knowledge and technical skill
    • Is actively involved in the task being performed
    Function Description
    1. Individual Accountability involves delegation of authority Knowing who has access to cash and why they have access to cash
    2. Cash Accountability involves security Knowing where an asset is at all times
    3. Process Accountability requires documentation Knowing what has occurred from the beginning to the end of the process

    Cash handlers' supervisors are accountable for ensuring that:

    • Cash handling staff are trained on what to do in the event of a campus emergency and
    • Cashiering operations are included in unit/dept. campus disaster recovery planning.

    1st Activity - Maintaining Accountability

    Have you ever seen a sign next to a cash register that states if you don't get a receipt, your purchase is free or $10 off?

    Ensuring accountability is the main reason why a business posts this type of sign. Providing a receipt to each customer means that every sale has been recorded. As part of the recording process in issuing the receipt, the individual cashier has been identified, along with the form of payment (cash, check, etc.)

    Accountability is present when:
    Funds remain secure
    Transfers are documented
    Passwords are not shared
    Keys are secured
    All transactions identified to a specific cash handler
    A receipt given to each customer
    Cash drawer for each cashier
    Safe combination not shared
    Background checks are performed

    Individual accountability for cash is to be maintained throughout all cash handling operations. This applies to all transfers of cash. The documentation involved in a transfer, must also document the type of cash (i.e. currency, checks and other forms of payment).

    The two signatures on the transfer form indicate that each person has counted and totaled the amounts of each type of cash being transferred and both parties agree that the amount(s) listed on the form is the amount(s) actually transferred.

    Whenever a handler of cash leaves the work area, however briefly, she/he is responsible for ensuring that the cash is secured by locking it in a drawer, desk, file cabinet, etc.

    2nd Activity - Separation of Duties

    Separation of duties protects you, the employee from allegations of wrong doing. Separation of incompatible duties and/or responsibilites provides assurance that one person is not able to conceal errors and/or irregularities when conducting their normal everyday duties.

    Functions that need to be separated
    The following functions are separated when a different employee performs each of these four major functions. Often these duties are performed by different levels of personnel.

    • Record Keeping - Creating and maintaining department records
      Is performed by individuals assigned the following roles:
      • Preparing deposit
      • Recording deposit to GL (performed by the main cashiering office)
    • Authorization - Review and approve transactions
      Is performed by individuals assigned the following roles:
      • Reviews and approves voids, refunds, beginning and ending receipt numbers
      • Reviews and approves deposits
    • Asset Custody - Access and/or control of physical assets (i.e. cash and checks)
      Is performed by individuals assigned the following roles:
      • Handling cash
      • Preparing deposits
      • Making cash deposits
    • Reconciliation - Assurance that transactions are properly recorded
      Is performed by individuals assigned the following roles:
      • Comparing deposits to GL entries
      • Reconciling receipts to deposits

    The duties and/or responsibilities of staff within a campus unit should be reviewed whenever processes are revised or functions are reassigned due to staff vacancies or departmental restructuring.
    If management has inadequate staff to properly separate all duties, additional procedures can be designed in the system to help reduce the risks associated with inadequate separation of incompatible functions. This is what is known as mitigating controls.

    Take the exercises (3)

    Record Keeping Duties

    Record keeping duties include all duties that result in the creation and maintenance of department records of revenue(s), expenditures and inventories. These may be paper records or records maintained in automated computer systems.
    The following are examples of record keeping functions or duties:

    • Ringing, processing, posting/validating transactions on a cash register
    • Recording sale transactions manually
    • Preparing cash receipt back-ups
    • Posting (ONLY) charges or payments to an Accounts Receivable system
      NOTE: One person should not process both charges and payments

    Incompatible Record Keeping Duties

    Record keeping duties include all duties that result in the creation and maintenance of department records of revenues, expenditures and inventories. These may be paper records or records maintained in automated computer systems.
    The following are examples of record keeping functions or duties:

    • Opening mail, endorsing checks, preparing cash transfers
      • The person performing these duties should not ring, process, post/validate transactions nor record sale transactions.
    • Maintaining inventory records
      • The person maintaining parking permit inventory records should not be responsible for point of sale transactions (i.e. selling parking permits).

    Cash

    Authorization Duties

    Authorization duties are normally performed by a supervisor, office manager, or department head and include the review and approval of transactions.
    The following are examples of authorization functions or duties:

    • Approving voids, refunds, and other correcting entries
    • Approving departmental deposits
    • Approving cash transfers
    • Approving movement of assets such as cash, event tickets, parking passes, etc.
    • Approving anything that is unusual
    • Verifying the reconciliation of cash collections to the daily cash register ('Z') tape or computer generated summary report.

    Asset Custody Duties
    The following are examples of asset custody functions or duties:

    • Access to any funds (i.e., cash)
    • Access to safes, lock boxes, file cabinets, etc. where cash or other assets are stored
    • Custodian of a petty cash or change fund
    • Access to or custody of returned checks

    Reconciliation Duties
    The following are examples of reconciliation functions or duties performed at a supervisory level or by the Accounting Office:

    • Comparing funds collected to Accounts Receivable postings
    • Comparing collections to deposits
    • Comparing surprise count of cash or other asset inventory to appropriate records
    • Comparing departmental records to revenue (sales) to the General Ledger
    • Comparing ticket inventory changes to amounts purchased and sold during special events
    • Comparing (agreeing) cash collections to cash balancing report

    3rd Activity - Physical Security
    Assurance that the safety of people and assets (specifically cash) is maintained and controlled.

    Function Description
    1. Security Monitoring Proper controls to assure safety of staff and transport of cash or other assets
    2. Physical Layout Placement, processing and storage of cash per Risk Management standards as listed in BFB BUS-49
    3. Personnel Pre-Screening Employment history verified and Fingerprint/Background check conducted
    4. Inventory Control Cash (or other asset) security and monitoring
    Physical Security is effective when:
    Assests are properly stored
    Alarm system alerts police department
    Shortages / Overages are reported
    Keys are secured
    Cash counting not visible
    Safe combinations are changed
    2nd employee present
    Background checks are performed
    Armored car or police used

    Peak Periods

    Policy related to safe and alarm requirements uses general and undefined terms such as "on a daily basis" and "regularly on hand". Many campus units have peak periods of 1 to 3 weeks duration up to 3 times per year when the amount of money they take in is substantially higher than the norm at all other times during the year. Managers need to evaluate the risk inherent in these peak periods to determine which of the physical security requirements are cost effective for their unit. One alternative is to minimize the amount of cash stored overnight by making more than one deposit per day to the main cashier's office.

    General Policy

    Alarm system requirements are applicable whenever a unit regularly has more than $2,500 in cash. See BUS-49 (Page 9) for further details.

    It is best to open a safe in a way that prevents others from observing the combination. As much as is practical, a safe is to be locked between deposits. The safe's combination is to be changed whenever someone who knows the combination leaves the employ of the unit. At a minimum, the safe's combination should be changed at least annually. The change should be documented to show the date and reason for the change.

    Especially in a main cashiering or sub-cashiering station, safety for both the employees and the cash is improved by having a second person present when the office is opened and again when it is closed for the day.

    4th Activity - Reconciliation
    Reconciliation requires assurance that:

    • Transactions are properly documented and approved
    • Competent and knowledgeable individuals are involved
    Function Description
    1. Transaction recording, documentation and follow-up Assurance that transactions are correct and that appropriate back-up is maintained
    2. Authorization and approvals Review and approval by a supervisor or manager
    3. Separation of duties Reconciliation process not performed by cash handlers

    4th Activity - Reconciliation Levels
    Reconciliation involves the following three levels of personnel:

    Level 1 - Cashier/Sub-Cashier

    • Reconciles daily receipts by cross balancing the funds collected against the cash register totals, the receipts issued, and deposit documents received.

    Level 2 - Manager/Supervisor

    • Reconciles to ensure that receipts were issued in numerical order. Verifies that register totals and beginning and ending readings are in order. Performs surprise cash counts to ensure the accuracy of staff and compliance with cash control procedures.

    Level 3 - Accounting Office

    • Reconciles deposits by Major Cashiering sites to UC bank accounts. The reconciliation also ensures receipt number control, register transaction/dollar amount control; error/voids/refund control and authorization.

    4th Acitivty - Reconciliation Verification

    A reconciliation is performed to verify the processing and recording of transactions.

    Each of the following areas should be explored:

    • Was the transaction valid?
    • Was the transaction properly authorized?
    • Was the transaction recorded timely?

    Cash

    If the answer to any of these questions is NO, perform additional research. This includes following-up on any differences or discrepancies.


    Back to Top
  • Petty Cash/Change Funds

    Change Funds

    • Used by units who sell goods or services and hence need to be able to provide change when customers pay in cash (currency and coin).
    • Important: Sales overages and shortages are reported on the cash deposit form and are NOT to be cleared through the change fund.

    Petty Cash Funds

    • Used by units who have a need to provide funds to employeees or students to acquire low value goods and services from outside vendors on an immediate or short term basis.
    • Important: The total of cash available and outstanding receipts should ALWAYS EQUAL the amount of the fund.
      NOTE:There are some restrictions regarding what can be purchased with Petty Cash Funds.

    4 Critical Policy Activities
    Custodians of Petty Cash and Change Funds are solely responsible for the funds entrusted to them. Therefore, the four critical policy activities for staff with these responsibilities differ from those of cashiers. The information below highlights the critical control activities related to petty cash and change funds.

    Accountability
    Campus policy requires that individuals who will be the custodian of a fund in excess of $750, successfully pass a fingerprint/ background check.
    The custodian can be held personally liable for losses due to the custodian's negligence.

    Separation of Duties
    Occasionally, the supervisor or someone other than the custodian, performs a surprise count of the fund. The supervisor, unit head, or designee reviews and approves all forms related to the operation of the fund. This includes accepting responsibility for verifying the accuracy and appropriateness of supporting documentation and arithmetic totals, etc. This individual also ensures that the custodian manages the fund in accordance with established policies and procedures.

    Reconciliation
    The custodian should regularly (monthly or quarterly - based upon the amount of the fund) ensure that the amount of the fund (cash and receipts) remains intact. Within 30 days of the ending reporting date, the fund custodian completes a reconciliation or verification (as appropriate) of the fund for General Accounting's review.

    Physical Security
    The fund should be locked up except when in use. For funds up to $1,000, be sure that the lock on the desk, file cabinet, etc. is NOT common on the campus. (Avoid S-100 locks). See Business and Finance BUS-49 for secure storage requirements for funds in excess of $1,000. Each fund is to be maintained and stored separately, for example, in it's own envelope, cash bag or cash box.

    For detailed information on Petty Cash and Change Fund processes refer to the Cash Handling guides.


    Back to Top
  • Principles and Practices

    Pre-Condition 1: Cash Handlers are Authorized

    Three Major Control Tasks

    Unit supervisors and managers must ensure that all cash handlers are properly authorized to handle cash.

    • Verify the employee's employment history (applicable to new hires)
    • Request employee fingerprint/background check - (applicable to all employees who handle cash unless the dollar amount involved qualifies for one of the exceptions allowed by campus policy)
    • File proper documentation (applicable to all employees who handle cash)

    Employment Verification

    • Verifying the validity of statements on an applicant's employment application provides a confirmation of that person's honesty and integrity.

    Background Checks

    • A fingerprint/background check is one way in which the University ensures an employee's trustworthiness and it also lays the basis for follow-up in case of cash loss, misappropriation or outright theft.
    • Therefore, University policy states that a background check is a pre-condition for delegating cash handling responsibilities. Campus policy permits an exception for staff, students and volunteers who routinely handle less than $750 per week. Similarly, fund custodians are exempt if the funds they are responsible for are less than $750.
    • For fingerprint/background check services or information contact your Staff Human Resources team (see Campus resources).

    File Proper Documentation

    • While the University presumes the best ability and intentions of those to whom we delegate this special responsibility, we also know that cash losses do occur. This is why University policy states:

    Individual accountability for cash shall be maintained throughout all cashiering operations.

    All transfers of cash accountability shall be documented on appropriate forms.

    • All departments authorize in writing each individual who will be responsible for handling cash in the unit by attaching a list of that unit's cash handlers to the unit's Verification of Change Fund which is submitted to the General Accounting Office on a monthly or quarterly basis (depending on the amount of the change fund.) As job duties are reassigned, student workers and temporary workers come and go, the monthly/quarterly list should change.

    Control Tasks

    • Verify job applicant's employment history prior to hiring when job duties include cash handling.
    • Conduct background/fingerprinting on everyone to whom cash handling duties are delegated. (Note: campus policy allows an exception for fund custodians when the amount of cash in the fund(s) is less than $750 and for staff, students or volunteers who routinely process less than $750 per week.)

    Pre-Condition 2: Maintain Separation of Duties

    One of the most important steps your unit can take to protect cash -- and you the cash handler -- is to separate cash handling duties among different people. This way, no one person has control over the entire cash handling process. This principle is called Separation or Duties or Segregation of Duties.

    Principle - No one person should have complete control over a transaction.

    Practice - In separation of duties at least two people are involved in any cash handling transaction.

    Control Tasks

    Separate cash handling duties, whenever possible, to different people.

    Next we'll discuss a special application of the Separation of Duties principle, called Dual Custody. Practice dual custody when transporting cash, counting large amounts of cash, and other risk critical actions.

    Dual Custody

    Watch police officers on patrol, Loomis guards transporting cash, or a grocery clerk depositing cash to a safe. When working on high risk tasks, they always work in pairs. One person carries the cash and makes the deposit, the other monitors for safety and keeps the other partner in view.

    Involving two people in a critical cash handling task is a special application of Separation of Duties called Dual Custody. At UCSC, whether you are depositing cash to a drop box, counting cash, or engaging in any such critical task, having two people engaged in that activity together is an important practice.

    Welcome

    Practicing dual custody:

    • Encourages cash handlers to check each other
    • Reduces the opportunity for robbery and theft
    • If loss does occur, protects cash handlers from unwarranted suspicion

    Summary of Pre-Conditions for Effective Cash Handling and Controls

    You have just learned the two key pre-conditions for effective cash handling and control. Let's review them here:

    Pre-condition 1: Cash handlers are properly authorized

    • Control task: Verify job applicants' employment history.
    • Control task: Conduct fingerprint/background checks on everyone to whom cash handling duties are delegated. (Note campus exception for fund custodians, students and volunteers who routinely handle less than $750 per week.)
    • Control task: Specifically authorize an employee to handle cash by filing the appropriate form with the Cashier's or Accounting Office. This will allow the campus to keep track of and communicate with the staff members who are actually handling cash.

    Pre-condition 2: Maintain separation of duties and dual custody

    • Control task: Separate cash handling duties, whenever possible, to different people
    • Control task: Practice dual custody when transporting cash, counting large amounts of cash, and other risk critical actions.

    We will now review the 5 steps of cash handling

    Step 1 - Accept Cash and Endorse Checks

    Principle: Document cash and checks properly

    Thousands of dollars exchange hands daily on campus, usually in the form of cash, checks and credit cards. Cash transactions are not things, but events that begin and end. Unless they're documented, there is no way to track the movement of money. This has big consequences.

    Every time you receive cash, you must engage in three control tasks:

    • Accept the payment. If payment is by check, ensure the check is payable to either "UC Regents" or "The Regents of the University of California."
      Note: A postdated check is to be deposited without regard to the date.
    • Record the transaction with a receipt to the customer.
    • When not in use, place all cash in a designated secure location.

    Special Situations

    A few campus units receive a large volume of payments by mail rather than in person. Processing remittances present special risks, since the payer is not standing in front of you waiting for his/her receipt. Separation of duties requires that at least 3 employees be involved in the processing of remittances.

    • One person opens the mail, endorses and logs the check, including payment amount.
    • Another person processes the check (i.e. records the payment).
    • The third person verifies that all checks received are deposited and account coded correctly.

    In this situation, when a receipt is not mailed to the payer, the payment is recorded to the appropriate account. At the end of the day, the logged remittance amount must balance with the amount processed into either a cash register and/or an accounts receivable system. In a campus unit/department that only occasionally receives a remittance, the individual check is recorded directly onto the cash collections deposit form.

    An unidentified check

    Sometimes a unit/department receives a check and it is not immediately clear why the check has been sent. In this situation the unit should photocopy the check, and proceed to process the check for inclusion in the unit's next deposit to a main cashiering station.

    • The amount of the check is debted to account 116010 - Cash Received Undistributed-Cashier.
    • The photocopy is routed within the unit to identify the purpose of the payment.
    • Once the purpose of the payment is identified, a transfer is processed in FIS/Banner to move the payment to the correct FOAPAL.

    Control Task: Endorsing Checks

    Whenever you receive a check, you must endorse it on the back to prevent it from being negotiated inappropriately before depositing it with the main cashier's office or the bank.

    Applying the principle of individual accountability, either the stamp needs to identify the individual cash handler (with a unique number or letter) or the cash handler can initial next to the endorsement.

    Welcome

    Since all monies become the responsibility of the Regents of the University of California you must stamp endorse all checks payable to: "Regents of the University of California" or to "UC Regents"

    Here's the information that is to be included on an endorsement stamp:

    1233 Pay to the order of 1233
    BANK OF AMERICA
    NATIONAL TRUST AND SAVINGS ASSOCIATION
    FOR DEPOSIT ONLY
    THE REGENTS OF THE UNIVERSITY OF
    CALIFORNIA-UC SANTA CRUZ
    Insert department name and cashier identification code here
    12335-18190

    Step 2 - Prepare Deposit

    So far, you have endorsed the check(s), given a receipt to the customer, and kept your cash in a locked and secure location. The next step is to complete the proper deposit slip.

    Staff working in a main cashiering unit, will complete the bank's deposit slip for Bank of America. Staff working in all other campus units will complete a Departmental / Sub Cashier Cash Collections Deposit Form (sold in packets at the Bay Tree Bookstore).

    Control Task - Use the correct deposit form/slip and document accurately:

    • Campus units run adding machine tape(s) of all checks received and a separate tape for all credit card sales. Attach the tapes to the corresponding checks and/or credit card receipts.
    • Accurately provide all appropriate information on the form. To provide individual accountability, the preparer and reviewer sign or initial the deposit form.
    • Include other supporting documentation (e.g. cash register's "Z" tape, copies of hand written receipts, beginning and ending ticket numbers, etc.)

    When completing deposit slips

    • Include adding machine tapes of the checks and credit card receipts with your deposit to the cashier's office.
    • Practice dual custody by completing the deposit form/slip with another person whenever possible.
    • Make sure you balance cash/receipts to your deposit.
    • Report any losses (including over or short amounts.)
    • Keep a copy for your records.

    Step 3 - Deposit Cash

    Control Task - Control Amount of Cash On-hand

    Snowman Bandit

    What would you do if someone walked in and said, "Stick'em up! Give me all your money!"?

    Of course it's hard to hand over money with your hands still in the air, but the robber won't quibble with you . . . she or he will want the cash! The wise thing, of course, is for you to hand it over.

    But, why give more than you have to? Keep just the minimum amount of cash at your station by making regular cash deposits to a main or sub-cashiering station or the night deposit. If using a cash register, remove extra accumulated cash and store it in a secure location until the deposit can be processed.

    Minimize the Risk

    Count cash in a location where no one outside of the office/unit can see you doing it. If others don't know that you have cash, especially a lot of cash, they are less likely to be barging in demanding the money.

    At the end of the workday, secure all funds and leave the register's cash drawer open so that it is obvious that the register contains no cash.

    When to Deposit Cash, Checks and Credit Card receipts

    Sub-cashiering stations and Cash Handling depts/units To prevent too much cash from accumulating at your in-take point, the University specifies when you are to deposit excess cash at the Main Cashier's office located on the first floor of the Hahn building. Sub-cashiers and cash handlers (unit personnel) must deposit at least weekly or sooner if your collections meet or exceed $500.

    Step 4 - Reconcile Deposits

    Control Task - Ensure cash and receipts balance

    1. With each deposit - Cash = Deposit = Credit to bank account

    • Whenever money changes hands or accounts, make sure you record the exact amount. Then, balance accounts daily and monthly to ensure that:
      • cash received =
        • cash recorded =
          • cash deposited
    • The Accounting Office ensures that the above also
      • = amount credited to our bank account.

    2. On a routine basis

    • Regularly, compare the amounts reported on deposit slips to the amounts recorded in the General Ledger (FIS).
    • All cash amounts recorded on receipts and deposit slips must equal each other.
    • Therefore, if $10 was received,
      • the receipt must record $10,
        • the deposit form must show $10,
          • and our bank records and the FIS report must show that we received credit for $10.

    3. Monthly, balance accounts as follows:

    • Balance to General Ledger (FIS) at month's end
    • Report any discrepancies to General Accounting

    Control Task - Investigate all Cash Differences

    There will be times when your cash and receipt amounts will be different and won't balance the first time. This is very common and most often due to clerical errors.

    As a cash handler, you must investigate the differences to determine its source. You must account even for small cash differences, because over time they add up to large losses for the University.

    Find the Source of Cash Differences

    To investigate cash differences, consider the following possible causes:

    • Was the cash in the till counted incorrectly?
    • Was your arithmetic or keying incorrect?
      • Run a second tape to double check the accuracy of your 1st tape.
      • Running two balance tapes daily is a good habit to get into.
    • Was change counted incorrectly back to a customer?
      • This is a loss and the reason needs to be documented and reported.
    • Were numbers transposed on your receipt/deposit slip?
      • If so, double check your figures and slow down next time.
    • Is cash missing?
      • If so, this is a loss and must be reported.

    Step 5 - Report Losses

    Though most cash differences can be traced to clerical errors, be especially alert to mysterious losses or patterns of loss.

    • You must report any losses to your supervisor.
    • If you feel uncomfortable reporting a suspicious loss to your supervisor, report it directly to the Director of Internal Audit. See: Campus resources for contact information.

    Course Summary

    In this course, we intended to raise your awareness of important cash handling principles and practices to support UCSC's core values of Ethics and Integrity. We discussed your fiduciary responsibility, i.e. your responsibility to protect the University's cash assets. We outlined the Five Cash Handling and Control phases:

    • Accept Cash and Checks
    • Prepare Deposits
    • Deposit Cash
    • Reconcile Deposits
    • Report Losses

    For each phase, we provided simple, but key control tasks for you to accomplish. A list of contacts is available under Campus Resources. These tasks are summarized in the chart on the next page which you can use for reference.

    Request for Exception

    In rare situations, a campus unit is physically/budgetarily unable to provide the appropriate controls, e.g. separation of duties as required by policy. Therefore, the campus has created a process that allows a campus unit to request an exception. Requests should be addressed to the campus' Cash Handling Coordinator, mail stop: Accounting Office. Include the following information in a request for an exception:

    • A brief description of your current procedures
    • A statement regarding the policy requirement to which you are requesting an exception
    • An explanation as to why an exception is needed

    Things to Avoid

    Cash handlers are not to exchange checks for currency to make change for each other. Nor are employees of a cashiering station to cash checks for themselves or for co-workers. Also, it is not appropriate to replace any portion of a deposit with a personal check. If you need cash, you can cash a personal check up to $25 at the main Cashier's Office in Hahn. There are also ATM's available near Bay Tree bookstore for Wells Fargo, Bank of America and Bay Federal.

    Do not take a deposit with you except when you are going directly to the Cashier's Office.

    Prerequisite Conditions

    • Principle
      • Employment history verified, background check and written authorization
    • Practice
      • Cash handlers must be specifically authorized to handle cash after verification of employment, completion of a credit check (optional) and a fingerprint/background check
    • Principle
    • Practice
      • Each cash handler must be assigned separate duties that require coordinating with another cash handler

    Step 1 - Accept cash/checks/credit cards

    • Verify check payee is "UC Regents" or "Regents of the University of California"
    • Endorse check with appropriate stamp (UC Regents)
    • Give the customer a receipt
    • When appropriate, show correct posting campus unit/department

    Step 2 - Prepare deposit

    • Prepare a deposit form as soon as total of cash, checks and credit card slips meet or exceed $500
    • Practice dual custody
    • Balance receipts to cash
    • Keep backups of deposit forms
    • Prepare journal entries as appropriate

    Step 3 - Deposit cash

    • Deposit cash at least weekly or sooner
    • Cashier's Office (102 Hahn) - In-person window hours are 9am - 3pm. A 24-hour depository is located outside the North entrance.
    • Note: Deposits made after 3pm will not be posted until the following day.

    Step 4 - Reconcile deposits

    Step 5 - Report losses

    • Report losses to supervisor
    • If needed, report suspicious losses to the campus internal auditor 9-2241 or e-mail dvlane@ucsc.edu

    Back to Top
  • Audit

    Audits of cash handling processes and controls may periodically be performed by either Internal Audit or staff from Accounting or the Cashier's office.

    Congratulations! You have now completed the Basic Cash Control Training. We hope that as a result of this training you don't feel like this runner looks.

    Cash

    Please send your comments - both positive and negative to controller@ucsc.edu to assist us in providing all cash handlers with the information you need to perform your cash handling duties.


    Back to Top
  • Resources

    Description of Service Department Contact
    Evaluation or review of cashiering area security Campus Police 9-4861
    Police escort for transport of funds Campus Police 9-4861
    Assistance with cash process review Cash Control Specialist Emerson Murray - 9-3073 - emersonm@ucsc.edu
    Report significant losses or discrepancies Campus Police
    Internal Audit
    Cash Handling Coordinator
    Risk Management    		 459-4861
    459-3205 - dvlane@ucsc.edu
    459-3611 - krmanss@ucsc.edu
    459-5154 - jyeager@ucsc.edu
    Cashiering questions/issues Cash Control Specialist Emerson Murray - 459-3073 - emersonm@ucsc.edu
    Background checks and scheduling fingerprinting Staff Human Resources Locate your Staff HR Service Team at http://shr.ucsc.edu/contact/locate_team.html

    Back to Top
There are no results.