COLLECTING FEES AND HANDLING CASH
Effective: August 15, 2024
Purpose: To ensure compliance with state laws regarding the collection, deposit, and handling of tuition, fees, and other charges, as well as to provide guidelines for sales tax collection, payment card industry data security standards, and associated responsibilities and procedures within Emporia State University.
Scope: This policy applies to employees and representatives working for the University that have responsibility for handling critical payment information.
Responsible Office: Business & Finance Office; Controller’s Office
Policy Statement: All tuition, fees, and other charges (e.g., workshop fees, fees collected for performances, charges for materials/items sold) collected by any Emporia State University unit shall be deposited as state funds with the University Cashier’s Office. Receipts in small amounts may be accumulated up to $50 but must be deposited weekly. When sales tax is collected on over-the-counter sales, the amount of the sales tax is to be entered as a separate item on the deposit slip.
Retail sales of goods and services are subject to both state and local sales tax. Only sales to wholesalers or educational institutions are exempt from sales tax. Exempt individuals or organizations must furnish a tax exemption certificate at the time of the sale, if one has not been supplied previously, or pay the sales tax. The University unit must maintain a file of the tax exemption certificates to substantiate sales when sales tax was not collected.
The Controller's Office will provide guidance on the taxability of specific sale items upon request.
Tuition and workshop registration fees are sales tax exempt. Registration fees for a conference are sales tax exempt. However, any items sold at a conference must have sales tax added. Registration fees related to providing services, such as a credential service, are sales tax exempt. Transcript fees are sales tax exempt.
Change funds are established by the University exclusively for the making of change when receiving amounts due. These funds shall not be used for check-cashing, loan purposes, or to make payments of any kind. Monies may not be withheld from deposits to be used as a change or petty cash fund. Money for a change fund must be applied for through the Controller’s Office.
All payment card processing activities and associate technologies must comply with the Payment Card Industry Data Security Standard (PCI-DSS) in its entirety. Card processing activities must be conducted in accordance with the University’s PCI-DSS Standards and Procedures. No activity may be conducted, nor any technology employed that might obstruct compliance with any portion of the PCI-DSS.
Critical payment information is defined as the 16-digit payment card number, the payment card expiration date, the payment card three-digit security code, or the account number of a checking or savings account. Critical payment information must be protected and the handling of this information must follow industry standards. Measures shall be taken to protect payment card information from unauthorized storage, access, and processing. This policy establishes a commitment to following published standards with regards to payment card and banking information.
The Controller’s Office has responsibility to:
- Keep a current copy of the PCI-DSS for reference;
- Develop, implement, and maintain the University PCI-DSS
- Standards and Procedures to be used and referenced by University employees; and
- Educate the campus community regarding PCI-DSS and its impact.
Information Technology (IT) has responsibility to:
- Implement necessary technology-related controls as necessary.
- The Information Security Officer is responsible for assisting the Controller’s Office with the education of the campus community regarding the University’s PCI-DSS Policy.
- University employees reviewing contracts related to handling University payment card data are responsible for ensuring language for vendors, contractors, and business partners to include language which requires a Report on Compliance (ROC).
- University employees handling payment card data must review and follow the University’s PCI- DSS Standards and Procedures.
Definitions: All words and phrases shall be interpreted utilizing their plain meanings unless otherwise defined in University or Board of Regents policy or by statute or regulation.
Procedures: All procedures linked and related to the policies above shall have the full force and effect of policy if said procedures have first been properly approved by the University’s administrator in charge of Business and Finance.
[Business and Finance procedures - coming soon]
Related Policy Information: House Bill No. 2005