Florida International University - Office of the Controller Main Web Page
Florida International University Main Web PageOffice of the Controller Main Web Page
Office of Finance & Administration Home PageOffice of the Controller Home PageAbout UsController's Office Organizational ChartDepartmentsNewsFormsIndex
  Home
  About Us
  Organizational Chart
  Departments
News
 
 
  Forms
  Index
  Contact Us

Controller's Office > News > Panther Post Newsletter

Newsletter 2015-2016 Volume 9

In this Edition...

  • Monthly Closing Calendars
  • myFIUmarket Enablements Update
  • Minimizing Credit Card Risk: Identifying Scams
  • Deadline to Process Departmental Card Transfer of Charges
  • Requirements for Petty Cash and Participant Payment Fund Custodians
  • Card Cancellation Process
  • Reminders and Deadlines
  • Monthly Closing Calendars

    The February 2016 period in the general ledger has closed. When running your reports, please keep in mind that the reporting environment has a 24 hour delay in displaying data. The current and future month-end processing deadline schedules can be found at: Monthly Closing Deadlines.


    myFIUmarket Enablements Update

    We have enabled the B&H catalog in myFIUmarket for A/V Equipment purchases. Please note the quote-to-order functionality is not available and Apple products are not a part of this integration. Any non-catalog items will need to be processed as a Special Request requisitions or paid with the Department Card if the purchase is allowed per the departmental card policies.

    We are currently working with Office Depot to enable their catalog next month. These purchases will no longer be placed on credit card and will need to go through myFIUmarket. You must therefore be a requester in PantherSoft in order to access the catalog. To request access you can send an email to controller@fiu.edu. We're excited to make this catalog available to you with newly negotiated contract pricing and as a plus you will no longer need to reconcile pcard transactions tied to office supplies orders. Training will be available before go-live to address the new ordering process as we transition from the Office Max website to the Office Depot electronic catalog in e-Pro.


    Minimizing Credit Card Risk: Identifying Scams

    Your Credit Card Solution Team has partnered with JP Morgan Chase to bring you a three part series on minimizing credit card risks. Over the next three issues of the Panther Post, we will share with you helpful tips and insights for improving your overall internet and card security awareness. When it comes to minimizing credit card risk, knowledge is power!

    The best way to avoid falling victim to malware attacks is to practice good computer hygiene and to improve your ability to identify potential scams. This month we will explore many of the most common scams in the industry- you might recognize some.

    It is important to remember that J.P. Morgan Chase and your FIU Credit Card Solution Team will NEVER ask you for your password or card number.

    Phishing

    "Phishing" (pronounced "fishing") is when criminals use email to try to lure you to fake websites, where you are asked to disclose confidential, financial, or personal information like passwords, account numbers, or transaction information.

    The most common type of phishing is an email threatening some dire consequence if you do not immediately log in and take action. You should never respond or reply to email that:

  • Requires you to enter organizational or personal information directly into the email or submit that information some other way

  • Threatens to close or suspend your account if you do not take immediate action by providing specific information about you or your company

  • Solicits your participation in a survey where you are asked to enter personal information

  • States that your account has been compromised or that there has been third-party activity on your account and requests you to enter or confirm your account information

  • States that there are unauthorized transactions on your account(s) and requests your account information

  • Asks you to enter your user ID, password, or account numbers into an email or non-secure website

  • Asks you to confirm, verify, or refresh your account information

  • Directs you to a screen that asks you to provide additional data beyond your normal login information

  • Asks you to validate account information for banking systems you do not use
  • Vishing

    Phishing scams can have a phone connection. First, it was "phishing," where criminals send email by the thousands in hopes of tricking unsuspecting users into sharing confidential information.

    Now, there is "vishing." In this latest twist, fraudsters use a telephone number in the phishing email instead. If you call, a person or an automated response system will ask for your personal or account information.

    When you call J.P. Morgan, only call the phone numbers we have provided directly to you during your program implementation.

    Hijacking

    Hijacking is a type of network security attack in which the attacker takes control of a communication, just as an airplane hijacker takes control of a flight, between two entities and masquerades as one of them. Hijack attacks may be used simply to gain access to information or the attacker may pose as that user and do anything the user is authorized to do on the network (i.e., move money).

    If you are not able to successfully access PaymentNet during normal business hours and you receive one of the responses below, you should immediately contact your program administrator and then call your J.P. Morgan Customer Service representative or Client Application Support:

  • A message that the system is down for maintenance (especially during normal business hours) that is not consistent with the pre-advised extended outage Alerts

  • You receive a blank screen, instead of the PaymentNet home screen

  • The PaymentNet home screen does not look normal (options are missing)

  • The PaymentNet Log In screen appears repeatedly and requests that you log in again
  • Malware and Botnets

    Recent developments in the area of cyber security point to a sharp increase in the number and complexity of online security attacks. These attacks are of particular concern because they can target users of financial applications at large banking institutions such as J.P. Morgan.

    One of the most common of these attacks injects malicious software, known as "malware" onto a user's machine. The malware is then able to "enslave" the machine as part of a network of "robot" computers. A network of robot computers is referred to as a "botnet."

    The use of malware distributed via botnet allows fraudsters to override existing security methods as well as harvest highly sensitive data and security credentials and possibly perform fraudulent transactions. Malware or a Botnet can:

  • Record all keystrokes entered via the users keyboard, including all passwords, user IDs, account numbers, Social Security Numbers, and so forth. This is called key stroke logging and is a common feature of malware exploits.

  • Forward this confidential information back to a central fraud database for use immediately, a later time, or to be sold to another fraudster for a profit.

  • Allow a fraudster to take direct control of a user's machine and all of the applications without presenting security credentials to gain access.

  • Enslave the user's machine within the botnet, allowing the fraudster to launch subsequent security attacks from the machine, which helps the fraudster avoid detection by law enforcement.
  • Help is Available

    If you are worried that you might have inadvertently compromised your PaymentNet user ID or password:

  • It is important that you speak with your Credit Card Solution Team to deactivate or reset your User ID or Password immediately.

  • Also, contact your J.P. Morgan Client Service representative or Client Application Support immediately at 1-800-270-7760, they are available to assist you 24/7.

  • You can help J.P. Morgan and FIU to investigate suspected fraud by forwarding suspicious email messages you receive to: abuse@jpmorgan.com and abuse@fiu.edu.

  • Deadline to Process Departmental Card Transfer of Charges

    To adjust the accounting applied to a Departmental Card after the billing cycle is closed, an approver will request a Journal Voucher Adjustment in the General Ledger from the Credit Card Solutions Accountant. The Approver must submit this request by completing a Transfer of Departmental Card Charges Form.

    The cost transfer must be accomplished within 90 days of the original transaction. Transfers not completed within 90 days suggest that ledgers are not being reviewed timely. Additionally, transfers will only be processed within the same Fiscal Year that the expense was charged to the general ledger.

    Good Practices:

  • Plan expenditures as much as possible

  • Double check entries to eliminate errors

  • Review / monitor monthly ledgers

  • Initiate required cost transfers in a timely manner
  • Bad Practices / RED Flags:

  • Transfers with inadequate explanations
    1. "to correct an error" or
    2. "to transfer to correct project"

  • Inadequate documentation

  • Transfers older than 90 days

  • Large Number of Cost Transfers
  • Any cost transfers that are not project or grant related, which are submitted to the Controller's Office more than 90 days after the original transaction, will not be processed. These include Pcard transactions, AP vouchers, or travel related expenses. If the transfer is within the 90 day window, please make sure to include all appropriate documentation, in addition to the Trandata that shows the original charge.

    Project Related Non-Payroll Transfers must follow the guidelines as established by Division of Research Policy: Cost and Payroll Transfers on Sponsored Projects found in the Compliance Website at http://policies.fiu.edu/files/266.pdf.


    Requirements for Petty Cash and Participant Payment Fund Custodians

    Custodians requesting an increase to or a new Petty Cash or Participant Payment Fund are required to complete background and fingerprinting checks per FIU Policy 1710.257. To expedite the processing of a fund request, it is recommended that a custodian contact Recruitment Services at (305) 348-2500 to verify if the requirements have been met and/or to schedule a background/fingerprinting check appointment.


    Card Cancellation Process

    When a card needs to be cancelled due to a cardholder transferring to another department or termination of employment, the approver or Department MUST notify the CCS team in an email immediately, prior to any Card Cancellation Form being sent. Departments that fail to follow the correct and timely card cancellation protocols risk losing the card privileges for their entire unit.

    Travel Reminder

    Let's expedite approving Travel Authorizations, Cash Advances and Expense reports. Documents that have not been completely finalized and are older than 90 days will be cancelled or deleted by the Travel Department. For a list of pending documents, please click here. For information regarding report status abbreviations and how to close or cancel Travel Authorizations and/or Expense Reports, please click here.


    Monthly Departmental Card Deadline

    As a reminder, Departmental Card billing transactions regularly load the first business day of the month; program participants will have 10 days to process this activity in its entirety. This month's billing statement (dated 02/29/2016) loaded into PantherSoft on March 1st and must be completely processed no later than noon, March 16, 2016.

    Any charges not processed by the closing deadline will be automatically charged to the cardholder's default accounting on file and will not eligible for expense transfer.

    Additionally, cardholders with three unjustified non-approvals in the same fiscal year will have their card limits temporarily suspended until they complete a retraining session.


    Unidentified Wire Transfers and ACH Payments

    The Controller's Office occasionally receives payments that cannot be applied to the appropriate department due to inadequate information. Click here for the list of unidentified wire transfers and ACH payments as of February 29, 2016.

    To claim a payment, please contact Cash Management (Angelmar Ortega, aortega@fiu.edu, (305) 348-2542 or Leslie-Anne Triana latriana@fiu.edu, (305) 348-1250) and provide the following information:

  • payment details

  • activity details

  • account to which the payment should be recorded
  • Payments that are not identified within 45 days of the wire/ACH date will be returned to the sender.

    How to sign up for the Panther Post Newsletter

    If you wish to be added to the ListServ for the Panther Post, please email controller@fiu.edu.

     
    Office of the Controller