Dept. of Education > Administrative Services > Finance, Facilities and Business Strategy Branch > EFTPOS

• Overview
• Coverage
• Policy
  • Introduction
  • Establishment of an EFTPoS Terminal
  • EFTPoS Guidelines and Controls
  • Voiding Transactions
  • Refunding Transactions
  • Closure of an EFTPoS Terminal
  • Electronic Credit Card Facilities
  • Manual Credit Card Machines
• References
• Internal Controls / Responsibilities
• Monitoring of Compliance
• Related Topics

This policy outlines the requirements for the operation and security of Electronic Funds Transfer – Point of Sale (EFTPoS) terminals and transactions.

top

This policy applies to all staff involved in the operation of EFTPoS terminals, and those who authorise EFTPoS refund/void transactions.

top

The Department invoices and collects revenue for a range of services it offers and at a number of sites it uses credit/debit card facilities as a revenue collection payment option.  The Department has a combination of electronic EFTPoS machines through Westpac and Commonwealth Bank as well as some sites operating manual credit card machines.

top

If a school or business unit wishes to establish an EFTPoS terminal, they must first decide whether there is a sound business need to warrant setting up a terminal.

If a legitimate business need to have an EFTPoS terminal exists, the setting up of an EFTPoS terminal must be approved by: the Manager, Finance and Procurement Services (for Corporate Office) or a Principal (for Schools).

Once approved the school/business unit is to contact the appropriate bank (Westpac: 1800 029 749 or Commonwealth: 1800 230 177) to arrange the establishment of a terminal.

top

The following controls are to be in place in regard to EFTPoS transactions:

• Cards that are accepted for processing by the Department are: Visa, MasterCard, Bankcard and American Express (AMEX).
• No staff member is to use any customer credit card details for personal gain or any other dishonest purposes. Such actions are in breach of the Code of Conduct in the State Service Act 2000 as well as being illegal.
• The maximum amount of a credit/debit card transaction is determined by the cardholders limit.
• Operators are not to process multiple transactions on a card, on the same day, as a means to bypass the card transaction limit.
• Payments are to be processed for Departmental invoices/payments only.
• The Department has a NO CASH OUT policy, that is, strictly NO CASH OUT is to be given on EFTPoS transactions.
• Where possible, EFTPoS terminal operators should not be the person responsible for authorising refunds/voids.
• School/Business Unit receipting records and the amount processed through the EFTPoS machine (settlement receipts) should be reconciled daily.
• Monthly statements provided by credit/debit card organisations are to the reconciled with school/business unit records, EFTPoS settlement receipts, and bank account records.
• An EFTPoS User Register is to be maintained outlining, the name of the user, their supervisor, their unique user ID (if one exists) and the EFTPoS functions they are authorised to perform.
• User passwords are to be kept confidential.
• Security is to be maintained over the EFTPoS terminal at all times.
• All merchant copies of EFTPoS transactions are to be retained in accordance with the Archives Act 1983.

top

If a processing error occurs (e.g. a transaction processed for an incorrect amount), a void is the procedure to follow in order to reverse/cancel the transaction. The following controls should be followed when processing a void transaction:

• Voids must be processed on the same day as the original transaction.  Note, the funds will be frozen and not accessible by the cardholder for a period of up to 10 working days.
• If a void is to be processed, all documentation of the original transaction is to be obtained and two officers (one being a senior officer) are to conduct the transaction.  The senior officer is to sign off/authorise the transaction.
• A register of all void transactions is to be maintained which includes details of the original transaction. The register is to be signed off by the senior officer authorising the void.
• Principals and Business Unit Managers should where available, review daily, bank transaction reports, and investigate any suspicious voided transactions.
• Finance and Procurement Services review monthly, master bank statements for all EFTPoS terminals, and investigate any unusual/suspicious voided transactions.

top

A refund transaction occurs when an amount which has already been paid is refunded or credited back onto a customers credit/debit card (i.e. for an overpayment).

• As a general rule, refunds are not to be processed through EFTPoS terminals. It is preferred that they are processed through the accounts payable processes of the Department/School. The refund option for most school/business unit EFTPoS terminals should be disabled or set to a zero limit.
• If a school/business unit urgently needs to perform a refund, a senior officer must phone the bank’s merchant services helpdesk (CBA: 1800 230 177, WBC: 1800 029 749). The bank will require the officer to answer identification questions including the merchant ID number, and user password. The bank will then open a ‘window’ for a limited period of time and assist the officer to complete the refund transaction. After the transaction is completed the ‘window’ will close again.
• If it is a business need of a Business Unit/School (i.e. TASSAB, Adult Education) to have the refund option permanently available, then the Business Unit Manager / Principal should discuss this requirement with the Manager, Finance and Procurement Services (FPS). If deemed appropriate the Manager FPS will ask for a formal request from the Business Unit Manager / Principal, and will then authorise the relevant bank to enable the refund function or raise the refund limit on the appropriate EFTPoS terminals.
• If a refund is to be processed, all documentation of the original transaction is to be obtained and two officers (one being a senior officer) are to conduct the transaction.  The senior officer is to sign off/authorise the transaction.
• A register of all refund transactions is to be maintained which includes details of the original transaction, and why a refund was needed. The register is to be signed off by the senior officer authorising the refund.
• Principals and Business Unit Managers should where available, review daily, bank transaction reports, and question any out of the ordinary or suspicious refunded transactions.
• Finance and Procurement Services review monthly, master bank statements for all EFTPoS terminals, and investigate any suspicious refunded transactions.
• Refunds are not to be processed through manual credit card machines. They should be processed through the accounts payable processes of the Department/School.

top

If a school or business unit wishes to close an existing EFTPoS terminal, approval to do so must be obtained from: the Manager, Finance and Procurement Services (for Corporate Office) or a Principal (for School).

Once approved the school/business unit is to contact the appropriate bank (Westpac: 1800 029 749 or Commonwealth: 1800 230 177) to arrange the closure of a terminal.

top

In Person:

• For all transactions, the full card number and expiry date must be obtained.  (Most card numbers are 16 digits.  The only exception being AMEX, which has 15 digits). 
• If a transaction is conducted in person, always ensure that the signature is obtained on the machine/manual printout and is checked against the signature on the card.
• When the transaction receipt is printed out of a terminal, ensure that the numbers on receipt are the same as the numbers on the card.

Telephone Transactions:

When processing a telephone credit card payment from a customer, the following should take place:

• That the name of the cardholder on the authority is the same as the debtor on the invoice.  If the names are different a query should be raised with the debtor as to the reasons for the difference.
• The card number and expiry date must be obtained.  The card number and expiry date should be read back to the customer to ensure that the correct information has been recorded.
• The 3 digit (4 digits for AMEX) security code on the card should be obtained. This code is the last 3 digits found on the reverse side of the credit card (for AMEX cardholders the 4 digit security code can be found in smaller print on the front of the card).
• Customer numbers (and/or invoice number to be paid), and the amount to be paid must be obtained. 
• Ensure that the person making the call is the person named as the card holder.  The only exception would be if the account is in a business or Department name.
• Advise the customer that an official receipt along with a copy of the credit card receipt will be forwarded through the mail to them.
• The transactions details are then to be manually entered into the EFTPoS terminal.

The Mail and Telephone EFTPoS Transaction Guidelines provide further information on manually entering telephone transaction details into an EFTPoS terminal.

Mail Transactions:

When processing a credit card payment from a customer received in the mail, the following should be checked prior to processing the transaction:

• that the name of the cardholder on the authority is the same as the debtor on the invoice.  If the names are different a query should be raised with the debtor as to the reasons for the difference; and
• ensure that the card number is 16 digits (except AMEX which is 15 digits), before processing the transaction through the EFTPoS terminal.

Once the transaction is processed an official receipt along with a copy of the credit card receipt should be sent to the customer.

The Mail and Telephone EFTPoS Transaction Guidelines provide further information on manually entering telephone transaction details into an EFTPoS terminal.

top

The following should take place when using a manual credit card machine for transactions:

• Card details should be checked against “Warning Bulletins” issued by Westpac or Commonwealth Bank before processing payment. (This lists all cards that have been reported as lost or stolen).
• Payments made by credit card, using a manual machine, can only be processed if the cardholder is present with their card.
• Check that the name of the cardholder on the authority is the same as the debtor on the invoice.  If the names are different a query should be raised with the debtor as to the reasons for the difference.
• There are to be NO REFUNDS through the manual process.
• If an incorrect transaction is processed, the paperwork is to be destroyed in front of the customer and a new transaction processed.
• NO CASH is to be refunded in the case of an incorrect transaction.
• All transactions are to be banked, using the merchant envelope, at least on a weekly basis.

top

• Archives Act 1983
• State Service Act 2000
• Treasurer’s Instruction 615

top

top

The use and operation of EFTPoS terminals will be subject to internal audit, external audit and performance audits

• Revenue Policy

top