Transact. publication for clients & partners. powering your e-payment program Volume 1 Number 4



Similar documents
WHITE PAPER. PCI Basics: What it Takes to Be Compliant

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

A Compliance Overview for the Payment Card Industry (PCI)

SECTION: SUBJECT: PCI-DSS General Guidelines and Procedures

Questions and Answers PCI Compliance (Updated May 23, 2014)

POLICY & PROCEDURE DOCUMENT NUMBER: DIVISION: Finance & Administration. TITLE: Policy & Procedures for Credit Card Merchants

E Pay. A Case Study in PCI Compliance. Illinois State Treasurer. Dan Rutherford

EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )

Clark University's PCI Compliance Policy

PCI Compliance Overview

Payment Card Industry Data Security Standard

University of Oregon Policy Statement Development Form

COLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

What a Processor Needs from a University to Validate Compliance

PCI DSS Compliance Information Pack for Merchants

PCI Standards: A Banking Perspective

University Policy Accepting Credit Cards to Conduct University Business

FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program

PCI Compliance. Top 10 Questions & Answers

Q: What is PCI? Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)? Q: What are the PCI compliance deadlines?

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

1/18/10. Walt Conway. PCI DSS in Context. Some History The Digital Dozen Key Players Cardholder Data Outsourcing Conclusions. PCI in Higher Education

IT Security Compliance PCI DSS FOR MERCHANTS THE PAYMENT CARD INDUSTRY DATE SECURITY STANDARD WHITE PAPER

FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program

PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES

Payment Processing considerations to comply with IRS and PCI-DSS regulations and policies

PAI Secure Program Guide

A PCI Journey with Wichita State University

Sales Rep Frequently Asked Questions

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

Version 7.4 & higher is Critical for all Customers Processing Credit Cards!

The PCI DSS Compliance Guide For Small Business

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) Merchant Business Solutions. Version 5.0 (April 2011)

Saint Louis University Merchant Card Processing Policy & Procedures

PCI Security Compliance

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development

Tokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism

Complying with Payment Card Industry Data Security Standards (PCI DSS) Requirements. Approaches in Higher Education

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

Credit Card Processing 101

PCI Compliance Top 10 Questions and Answers

PCI Compliance: How to ensure customer cardholder data is handled with care

PCI Compliance at The University of South Carolina. Failure is not an option. Rick Lambert PMP University of South Carolina

New York University University Policies

And Take a Step on the IG Career Path

PROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business

June 19, Bobbi McCracken, Associate Vice Chancellor Financial Services. Subject: Internal Audit of PCI Compliance.

RFP#15-20 EXHIBIT E MERCHANT SERVICES INFORMATION SHEET

SecurityMetrics Introduction to PCI Compliance

FAQ S: TRUSTWAVE TRUSTKEEPER PCI MANAGER

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

Registration and PCI DSS compliance validation

* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.

Credit Card Handling Security Standards

The Comprehensive, Yet Concise Guide to Credit Card Processing

Merchant guide to PCI DSS

How to read your statement basics IRS Reporting Early Termination Fees Contract Renewals Equipment Leases & Free Equipment PCI Compliance General

SecurityMetrics. PCI Starter Kit

Leveraging the State s Credit & Debit Card Payment Processing QPA

PCI DSS. Payment Card Industry Data Security Standard.

Merchant Card Processing Request Form

See page 16. Thomas A. Vallas

Kim Decarolis Compliance and Security Specialist (248) Mark Wayne Vice President Compliance and Security Specialist

La règlementation VisaCard, MasterCard PCI-DSS

University of Virginia Credit Card Requirements

Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance

PCI Data Security Standards

CREDIT CARD MERCHANT PROCEDURES MANUAL. Effective Date: 5/25/2011

This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected

How To Protect Your Business From A Hacker Attack

Third Party Agent Registration and PCI DSS Compliance Validation Guide

Merchant Services Tool Kit TEXPO 2013

Validation of PCI Compliance Requirements NC Office of the State Controller June 23, 2015

Transcription:

news publication for clients & partners a Transact powering your e-payment program Volume 1 Number 4 02 Colorado Division of Child Support Services Sees Steady Growth for their VPS Epayment Program 04 PowerPack 3.0 Ships to Clients The latest promo pack for all the ways you want to pay 05 Security Corner PCI-DSS - What is it, Why is it, and Why Should You Care? As a PCI Compliant Service Provider, VPS Has You Covered 07 Partner Profile Data Design, Inc. Newest Government Epayment Partner Covers Kentucky

Colorado Division of Child Support Services Sees Steady Growth for their VPS E-payment Program A VPS client since April of this year, the Colorado Division of Child Support Services (www.childsupport.state.co.us) began their search for an epayment partner in the summer of 2014. At the time, the VPS ChildSupportBillpay program had three clients. (Today there are 10 around the country.) At the time, says Colorado Child Support FSR Manager, Lexie C. Barath, many of the state Child Support agencies were in the same early stages of assessment for credit/debit card acceptance. Nonetheless, Colorado was able to call on people they knew at the State of Washington CS agency (a VPS early-adopter) and at the State of Indiana to discuss their programs. Indiana would become a model for the kind of performance Colorado wanted to see out of its e-payment program, says Barath. Since April, the number of payments has increased by 75% through September, and total dollars collected on behalf of Colorado has grown by 55%. We had set an ambitious goal for ourselves, based on program performance in Indiana, says Barath. At first glance, we thought we were falling short of expectations. But on second look, we realized that Indiana has twice the child support clients we have. Plus they had an epayment program in-place, and then switched to VPS, whereas we were just starting our program. Promoting End-of-March/early April, Colorado went live with its credit/debit card acceptance program with onsite promotions in 54 collections counties. (There are 64 counties in Colorado, but the smallest counties by population are served by neighboring counties.) The most effective promotional item so far has proven to be the business card handout, says Barath. A couple of counties have requested second printings of these cards. The cards are supported by posters, counter cards, and counter mats in the various county Child Support Enforcement (CSE) Units. In the first week of October, VPS and Colorado rolled out an innovative promotional program: Breast Cancer Awareness October. 2 VPS Newsletter Volume 1 Number 4 888.877.0450 x333 transact@valuepaymentsystems.com

Employer Payment Portal Federal and state regulations require that when an Order/Notice to Withhold Income For Child Support is received, an employer must start withholding child support and send child support to, most usually, a spouse or former spouse in accordance with a strictly defined timeline. During the Breast Cancer Awareness October promotion, VPS donated $.50 per transaction made during the month to the Breast Cancer Research Foundation (www.bcrfcure.org). VPS developed an employer portal on the Colorado website that simplifies the transfer of support payments deducted directly from an employee s paycheck and sent to the beneficiary. The employer can manage all obligor employees from a single screen, adding or deleting names, and making all payments in a single transaction. Debit/Credit Convenience fees are identical for debit and credit card payment of child support, both onsite in collections offices and online, a fee structure adopted so as not to favor one means of payment over the other, says Barath. We re running about 50-50, debit to credit, which is within keeping of what we know from other VPS clients like Indiana. And whether payments come via the AutoPay option or sequentially repeated is not something Colorado tracks, though Barath figures that 20 30% of payments are recurring. Employer payment portal developed for childsupport.state.co.us. Using this newly developed program feature, employers can manage all obligor employees from a single screen, with the ability to add, edit and delete names and accounts. The employer selects which employees to make payments on behalf of. Once choices are set, all accounts are paid in a single action. For Barath, the most important figure is usage. A (weighted) comparison with the model, larger Indiana program with its sizable head start puts Colorado just about where it wants to be, with usage trending upward. VPS Newsletter Volume 1 Number 4 888.877.0450 x333 transact@valuepaymentsystems.com 3

PowerPack 3.0 PowerPack 3.0 Ships to Clients The latest package of on-site/online, digital and print promotional tools in a variety for formats PowerPack 3.0 is aimed at increasing awareness of your VPS epayment program, and boosting usage. From posters and counter cards to flyers and email blast template files, PowerPack 3.0 gives clients a full complement of promo items all packed (digitally speaking) on flash drive. The 3.0 mailer also contains samples of popular print promo items. Everything in 3.0 is themed around a tag line for all the ways you want to pay and keyed to mobility, customers increasing preference for on-the-go payment options. The message is: convenience in tax, bill, and fee payments. Convenience and ease-of-use. And speed. Call it, The War Against Stamps and Envelopes. Or not. In any case, increasing customer usage of the epayment option anywhere, anytime, from any device is what it s all about. Enjoy. PowerPack 3.0, no-cost to government promotional vehicles and campaigns coming to clients soon... in the mail! 4 VPS Newsletter Volume 1 Number 4 888.877.0450 x333 transact@valuepaymentsystems.com

Security Corner PCI-DSS: What is it, Why is it, and Why Should You Care? By Joe Thomas, Director of Network Security, VPS Payment Card Industry Data Security Standards (PCI-DSS, for not-so-short) is a set of requirements technological safeguards to prevent credit card data theft that merchants accepting credit cards must implement. Who Says? The Payment Card Industry Security Standards Council (PCI SSC), an independent body formed by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB) on December 15, 2004. These companies aligned their individual policies and nearly two years later released version 1.0 of PCI DSS. (The current version is 3.0. The new, revised version 3.1 includes some minor updates that do not have much of an impact on an organization s compliance.) Why Should You Care? All merchants who accept credit cards are responsible for complying with PCI-DSS. Merchants who contract with banks and credit card processors to use their services must certify that their businesses are PCI-DSS complaint. Merchants pay fines for PCI-DSS non-compliance. And they are contractually required to reimburse banks and credit card processors for any losses if their customers credit card data is stolen. VPS Has You Covered As a PCI Compliant Service Provider, VPS takes on the PCI compliance work for their clients. For those who accept in-office payments or want to pass credit card data to VPS for processing, the VPS team will advise and help with security best practices and PCI compliance. VPS Newsletter Volume 1 Number 4 888.877.0450 x333 transact@valuepaymentsystems.com 5

How Do Merchants Become Compliant Merchants must first determine their required level of compliance, which is based on the amount or volume of transactions they process each year. To do this, they must select the Self-Assessment Questionnaire (or SAQ) that best fits how they accept payments point-of-sale, telephone, Internet and complete the form. The SAQ is a self-evaluation tool that determines the physical, technical, and administrative security controls the merchant must have in place to be considered compliant. Lastly, the merchant must partner with an Approved Scanning Vendor and scan their systems for vulnerabilities at least four times per year. The Easiest Way for Merchants to Become Compliant Minimizing the amount of credit card data that they transmit and store is the easiest way for merchants to be PCI complaint. Partners like VPS can help reduce the scope of PCI assessments by hosting the payment Web site and storing the payment data for merchants. This allows merchants to use shorter, simpler SAQs when assessing their organizations for compliance. 6 VPS Newsletter Volume 1 Number 4 888.877.0450 x333 transact@valuepaymentsystems.com

Partner Profile Data Design, Inc. Newest Government Epayment Partner Covers Kentucky Data Design Inc. (Richmond, KY), Value Payment Systems newest epayments partner in the government space, has offered comprehensive software services to public agencies in Kentucky (plus system hardware, networking, and database development) since 1978. Property tax collections in Kentucky is handled by the various county Sherriff s offices, both on-site and (now) online. We have a presence in 90 of the 120 Sheriff s offices in the state, says Data Design s president, Richard Bendure. Just about half of those have installed our collections software, TaxMaster and TaxMaster.net. Every spring, we send out our Budget Planning Guide to each office. It s a check list of what services they might be interested in, says Bendure. We re in touch with our clients pretty much on a daily basis, so it s easy for us to track their responses. If we don t hear back, we give them a call. Before contracting with VPS in August of this year, Data Design worked with another epayment vendor. That program offering established a precedent for debit and credit card acceptance for tax payments. There was a fairly strong interest level from the individual offices for epayments services, and as expressed by the Sheriff s Association as well. Switching to VPS whom Data Design felt could provide a more stable service and improved support proved an easy transition. We have 8 to 10 clients ready to add epayments to their TaxMaster software on Nov. 1, says Bendure. Clancy, The Data Design Team Mascot. Clancy has been with the company since he was a puppy, starting as an unpaid intern, and rapidly moved up in the organization to occupy his present position. Data Design s Payment Portal The VPS program is completely integrated with TaxMaster. On-site, the taxpayer swipes a card and payment appears in TaxMaster. Credit and debit card payments are processed, and all data is web-ready for viewing on the county web sites. VPS Newsletter Volume 1 Number 4 888.877.0450 x333 transact@valuepaymentsystems.com 7