Steps to Accepting Electronic Payments
- Complete the Pre-Boarding Questionnaire.
- Review the General Electronic Payment Acceptance Fees document regarding contract pricing.
- STO acceptance will contact you within 7 to 10 business days to discuss line of business, description of transaction, capture acceptance methods (payment applications, payment gateways, point of sale terminal, etc.), volume of business, go-live date, and funding source for credit card fees, etc.
- The agency completes the necessary installation forms with the assistance of STO.
- STO will provide the agency with consultation and implementation services, testing assistance and training.
- PCI compliance evaluation will be discussed with the merchant/agency and will be continual while the merchant account remains active.
Timeline for creating a Merchant Account
A merchant account can take a minimum of six weeks to complete from the initial meeting until the account is in production and the first transaction has been accepted. This includes time needed to test various settings and functionalities of the payment system and considering details related to fiscal matters between the using office/agency and the State Treasurer’s Office (STO). STO electronic payment acceptance will work with your office/agency to ensure an expeditious and efficient implementation.
Payment Processing Services
All State merchants are set up through the State’s Master Service Agreement (MSA) with Wells Fargo Merchant Services. All agencies and departments must use the MSA unless they have explicit statutory authority to enter into its own contract for electronic payment acceptance or it seeks and receives approval from the State Board of Finance. Department or agency may request consideration of an exemption through the state Board of Finance by contacting the Treasurer’s Office at 775-684-5675. The department/agency must provide a business case justifying an alternate vendor which does not negatively impact revenue collection or increase costs to the State. If approved by the State Board of Finance, the Treasurer’s Office will work with the department or agency to implement, monitor and maintain security and compliance in accordance with the State’s policy over the alternate vendor.
Outsourcing Credit Card Payments
State agencies and departments are required to participate in the Master Services Agreement (MSA) for electronic payment acceptance provided by the State Treasurer’s Office pursuant to NRS 353.1465. Departments and agencies with statutory authority are exempt from NRS 353.1465. All other agencies must seek an exception from the State Board of Finance through the assistance of the Treasurer’s Office at 775-684-5675.
This requirement applies to all contracts, including outsourced functions if they involve credit card processing. The requirement applies even when the State is not the merchant for the credit card processing.
A payment gateway facilitates the transfer of information between a web payment portal (such as a website, mobile phone or interactive voice response service) and the processor or acquiring bank for electronic payment acceptance. Wells Fargo Payment Gateway (WFPG) provides the payment gateway for the State. Departments and agencies are required to use WFPG for all internet credit and e-check transactions unless it has statutory authority or State Board of Finance approval to do otherwise. A department/agency seeking an exemption from this requirement should contact the Treasurer’s Office, Electronic payment acceptance at 775-684-5675 to discuss the business case, costs, securities, etc. Departments/agencies must provide a business case justifying an alternate vendor or process. The business case will be reviewed and forwarded to the State Board of Finance, if applicable. A department/agency shall not enter into an outsourcing agreement with a third-party vendor, including software applications for credit card processing, until the State Board of Finance has reviewed and approved the request. Upon approval, standard State purchasing polices apply.
Complete Setup Forms
Once the department has completed the initial meeting with STO and has decided on the capture method, the appropriate set up forms and documents must be completed. TrustKeeper is a web application, which will assist in determining the appropriate PCI Self-Assessment (SAQ) questionnaire for the department/agency. The department/agency will need to provide the workflow diagram and description to the Treasurer’s Office. These forms are reviewed and approved by STO. Once approved, the forms are forwarded to Wells Fargo Merchant Services by STO for processing.
Credit Card Transaction Process
Method 1: Payment Gateway
The credit card transaction process begins when the customer purchases a product, registration, license, etc. through a third-party hosted payment application/website. Please note, departments/agencies can also utilize the payment gateway for mail and/or telephone payments. This application website passes the customer to the hosted payment gateway to make the payment; the payment gateway interfaces with the payment processor; the payment processor interfaces with the credit card companies to validate the credit card, address, and pertinent information; the payment processor returns an authorization code to the payment gateway and settles the funds with the State’s bank account(s).
Method 2: Point-of-Sale Terminal
The credit card transaction process begins when a customer purchases a product, license, registration, etc. and his/her card is swiped or entered into a point-of-sale terminal. The terminal is usually connected through an analog telephone line or broadband data transmission to the payment processor for settlement. The payment processor interfaces with the credit card companies to validate the credit card and verify the address if address verification is used. The payment process returns an authorization code to the point of sale terminal and settles the funds to the State’s bank account(s).
PCI Compliance Assessment
During the set up phase, the merchant/agency needs to begin assessing their initial Payment Card Industry (PCI) Data Security Standard (DSS) Compliance. Assessment consists of the following steps:
- Complete initial SAQ – Before the merchant/agency may begin accepting transactions, the merchant/agency must complete their initial SAQ. STO Electronic payment acceptance will provide you with information from the current vendor to assist in determining the appropriate SAQ.
- Review PCI DSS Requirements – After completing the initial PCI DSS SAQ, review PCI DSS to make sure that the merchant/agency meets all applicable requirements. PCI Compliance is not a point-in-time, but a continuous day-to-day process.
- Complete Compliance Documents – Merchants/agencies are required to have documented procedures for their business process related to credit card processing.