Frequently Asked Questions

Deposits and Depositories

• How do I process a foreign check deposit?

  Checks received from the UK and Canada can be treated the same as regular deposits; just be sure to write the RV number on the back of the check. Write the dollar amount on your deposit slip treating it as if it were in US dollars. Create your RV for the same amount. The bank will adjust the rate accordingly and accounting will create a journal to credit or debit the department for the difference.
  Checks from countries other than the UK or Canada can be taken to a Bank of America branch for deposit. Take a copy of a deposit slip with you. The bank will submit for collections. This process takes 4 – 8 weeks to receive credit. Record your RV # on the back of the check and send a copy of the check to Angie Werremeyer at CB 1147. Accounting will create a journal to debit or credit the difference once credit is received.
  If you cannot deposit the check on your own, you may forward to Angie Werremeyer to process. Please provide an RV number when doing so. The same procedures and time frame above will apply.

• How do I order deposit supplies?

  Orders for deposit slips, bank bags and endorsement stamps may be e-mailed to angela.werremeyer@wustl.edu or by calling 935-5797.

• How do I order credit card supplies?

  The phone number for credit card supplies can be found on the side of your credit card terminal. You will be required to give your 12 digit merchant ID number. Supplies are billed directly on monthly statements and sent to the bank liaison to be journaled back to the department.

• Who do I contact for IDX related issues?

  Renee Harris in the PBS department can be reached at 935-0940 or by emailing harrisr@wustl.edu.

• Who do I contact for credit card machine trouble shooting?

  Please call 1-800-876-0026 for problems with transactions or settings to your credit card machine. If a replacement or new terminal is required, please contact the bank liaison at 935-5797 or by emailing angela.werremeyer@wustl.edu.

• What needs to be forwarded to the Bank Liaison in order to get my receipt voucher approved?

  A copy of the credit card settlement report showing the department name and batch number with RV numbers written on the report. Yellow copies of deposit slips are required for bank deposits with the RV number written on the slip.
  PayPal settlement reports should be printed in landscape so the batch numbers are shown; RV numbers should be written on the top of the form.
  Your Pay settlement reports are sent via email screen shots to angela.werremeyer@wustl.edu.
  The department name should be in the subject line and RV numbers should be provided in the body of the message.
  Copies of all of the above may be mailed to CB 1147, faxed to 935-9798, or scanned and emailed to angela.werremeyer@wustl.edu.

  
  

University Card Programs

• What information is required to activate my procurement card?

  The last 4 digits of your employee id number and date of birth are required to activate your procurement card.

• What is the "Bill to" or "Verification" address?

  When purchasing items via the internet, many sites will ask for a billing address in order to authenticate the identity of the person using the card. Your procurement card billing address was established using the campus box and address that you indicated on your Security Access Form.

• Is Washington University sales tax exempt?

  Missouri sales tax should not be paid on purchases made on behalf of the University. The University’s tax identification number is printed on the face of the card and must be brought to the attention of the merchant at the time of the purchase.

• What if Missouri sales tax was charged on my procurement card?

  Contact the merchant as soon as possible to refund sales tax.

• How do I dispute a procurement card charge?

  Your department must attempt to resolve transaction disputes directly with the merchant. If your department is unable to resolve the situation, an electronic dispute form should be completed. You must also ensure that an appropriate credit for the reported disputed item(s) or billing error appears as a subsequent transaction.

• What should I do if my procurement card is declined?

  Contact the University Card Administrator.

• What if I need my procurement card limits increased?

  Requests for changes in spending limits must be sent in writing (preferably e-mail) by your supervisor or approver. Requests should be sent to the University Card Administrator, Box 1147 or Mary.Koenig@wustl.edu.

• What should I do if my University card is lost or stolen?

  If your procurement card is lost or stolen, you must immediately contact JPMorgan Chase at 1-800-270-7760 and the University Card Administrator at 314-935-8640.

• What are the procurement card cycle and sweep dates?

  Monthly procurement card cycles end on the 20th (depending on weekends / holidays) and will be swept to AIS on the 4th business day at 4:00 pm.

• Who do I contact if I can not log into PaymentNet?

  Contact the University Card Administrator at 935-8640 or Mary.Koenig@wustl.edu.

• What if I need a department or fund added to my list in PaymentNet?

  Contact the University Card Administrator at 935-8640 or Mary.Koenig@wustl.edu.

• What should I do if I receive a call from the bank questioning fraudulent activity?

  If you do not feel comfortable about the call, hang up and call the number on the back of your card. The last 4 digits of your employee id number and date of birth are required for verification purposes on your procurement card.

• What is a travel and entertainment Visa card?

  Employees who are expected to travel or incur entertainment expense on behalf of the University may apply for this T&E Card. The card will allow employees to pay for business related travel and entertainment expenses without tying up personal credit cards.

• How do I cancel my travel & entertainment and/or procurement card?

  Contact the University Card Administrator at 935-8640 or Mary.Koenig@wustl.edu.

Campus Commerce

Becoming a campus merchant

• My department wants the ability to accept credit cards as payment from students, donors, customers, etc. What do I need to do to become a campus merchant?

  - Coming Soon — Credit Card Acceptance & Electronic Commerce Policy

  - Your department’s business manager (or equivalent) will be responsible for ensuring compliance with the policy and compliance with PCI DSS requirements

  - The business manager (or equivalent) must sign the acknowledgement at the end of the Credit Card Acceptance and Electronic Commerce Policy indicating their understanding of the requirements

  - Complete the application for merchant ID (PDF) and return to Cash and Credit Operations

  - If you are getting a credit card terminal, you will place that order through Cash and Credit Operations

  - If you want electronic commerce capability, you will work through Cash and Credit Operations to setup your site utilizing the University’s designated electronic commerce vendor

Payment Card Industry Data Security Standard (PCI DSS)

• What is the Payment Card Industry (PCI) Data Security Standard (DSS)?

  The PCI Data Security Standard represents tools and measurements to help ensure the safe handling of sensitive information. Initially created by aligning Visa's Account Information Security (AIS)/Cardholder Information Security (CISP) programs with MasterCard's Site Data Protection (SDP) program, the standard provides a framework for developing a data security process - including preventing, detecting and reacting to security incidents.

• What are the requirements that have to be satisfied to be in compliance with the PCI Data Security Standard?

  The PCI Data Security Standard is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. The PCI Data Security Standard is comprised of 12 general requirements designed to: Build and maintain a secure network; Protect cardholder data; Ensure the maintenance of vulnerability management programs; Implement strong access control measures; regularly monitor and test networks; and ensure the maintenance of information security policies.

• Does PCI DSS apply to paper with cardholder data (receipts, reports, etc.)?

  PCI DSS requirements are applicable if cardholder data is stored, processed, or transmitted by any media, including paper records. PCI DSS requirements 9.6 through 9.10 specifically address the safeguarding of paper records containing cardholder data.

• Does PCI DSS apply to merchants who use payment gateways to process transactions on their behalf, and thus never store, process or transmit cardholder data?

  PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted. If PAN is not stored, processed, or transmitted, PCI DSS requirements do not apply. However, under PCI DSS requirement 12.8, if the merchant shares cardholder data with a third party processor or service provider, the merchant must ensure that there is a contractual obligation for that third party processor/service provider to adhere to the PCI DSS and that the third party processor/service provider is responsible for the security of the cardholder data it possesses.

• How extensive must background checks be on employees who have access to cardholder data?

  PCI DSS requirement 12.7 states, "Screen potential employees to minimize the risk of attacks from internal sources." It further states, "For those employees such as store cashiers who only have access to one card number at a time when facilitating a transaction, this requirement is a recommendation only." In general, it is expected that a company would have a policy and process for background checks, including their own decision process for which background check results would have an impact on their hiring decisions (and what that impact would be). The check should be exhaustive enough (within the constraints of local law) to reduce the risk of fraud from internal resources. Examples of criteria, if permissible by law that could be checked include employment history, criminal records, credit history, and reference checks.

• What is the PCI DSS Self-Assessment Questionnaire?

  The PCI Data Security Standard Self-Assessment Questionnaire is a validation tool intended to assist merchants and service providers who are permitted by the payment brands to self-evaluate their compliance with the Payment Card Industry Data Security Standard (PCI DSS).

• What are the differences between the four Self-Assessment Questionnaires?

  These questionnaires are required to be completed on an annual basis for every merchant ID. There are four different questionnaires ranging from 11 questions (SAQ A) to 236 questions (SAQ D) depending on how your department is storing, processing, or transmitting cardholder data. The following grid illustrates how you determine the correct SAQ for your merchant ID:

  SAQ Validation Type	Description	SAQ: V1.2
  1	Card-not-present (e-commerce or mail/telephone-order) merchants, all cardholder data functions outsourced. This would never apply to face-to-face merchants. (11 questions)	A
  2	Imprint-only merchants with no electronic cardholder data storage (21 questions)	B
  3	Stand-alone terminal merchants, no electronic cardholder data storage (21 questions)	B
  4	Merchants with POS systems connected to the Internet, no electronic cardholder data storage (38 questions)	C
  5	All other merchants (not included in Types 1-4 above) and all service providers defined by a payment brand as eligible to complete an SAQ. (226 questions)	D