Statewide Policy Directory

When developing agency cash management plans, each state agency shall consider utilizing electronic payments methods for both outbound and inbound payments.

The Office of the State Controller (OSC), in concurrence with the State Treasurer, shall select a service provider to provide merchant card services to eligible participants, and shall select a service provider to provide electronic funds transfer financial services to eligible participants.

The enclosed requirements are to be adhered to in regards to funding for electronic payment costs.

All state entities desiring to impose a transaction fee must comply with the enclosed requirements.

All applications that utilize merchant cards or electronic funds transfer (EFT) transactions as a method of payment via the Worldwide Web shall provide for the generation of a confirmation of the transaction at the time of the order. Confirmations shall adhere to the Office of State Controller Policy on “Security and Privacy of Data,” regarding the disclosure of confidential information.

For Merchant card transactions, the rules governing disputes are established by national card associations (e.g., MasterCard and Visa) or by other similar organizations for proprietary cards (e.g., American Express and Discover). For electronic funds transfer transactions, the rules governing disputes are established by the National Automated Clearing House Association (NACHA). Various laws and regulations may also apply, including the Federal Reserve Bank’s Regulation E.

All State agencies or other participants utilizing Merchant Card services, whether through the OSC’s Master Services Agreement or under separate arrangement, shall develop procedures to ensure compliance with the Processor’s operating guide regarding the obtaining of authorizations. Prior to the finalization of a merchant card transaction, an authorization approval code must be obtained from the merchant card processor. Real-time authorization shall be the preferred method, with the telephone authorization being the alternative method. Finalization of a transaction shall include both fulfillment of a sale or acceptance of an accounts payable, and the monetary settlement of the transaction.

All State agencies or other participants utilizing Electronic Funds Transfer (EFT), whether through the OSC’s Master Services Agreement or under separate arrangement, shall develop procedures to ensure compliance with all NACHA operating rules, specifically as they pertain to Receiver (i.e. citizen or business) Authentication and Authorization, before originating debit or credit entries against the Receiver’s account (Article Two). This includes signed or written authorizations provided electronically in accordance with the Electronic Signatures in Global and National Commerce Act (15 U.S.C §7001 et seq.) which defines electronic records (as contracts or other records created, generated, sent, communicated, received, or stored by electronic means) and electronic signatures.

The Office of the State Controller (OSC) will periodically consider the types of merchant cards that may be appropriate to be accepted as a means of payment by entities participating under a master services agreement provided by the State Controller, and participating entities shall adhere to the guidelines prescribed herein.

All participants in the State Controller’s Master Services Agreement for Merchant Card Services, as well as State agencies engaging in separate arrangements, are to devise a security incident response plan that incorporates the requirements of the Payment Card Industry Security Council. For those State agencies falling under the purview of The State Chief Information Officer, the incident response requirements defined by the Office of Information Technology Services (ITS) should also be incorporated.

Not withstanding any conflict with the “Security and Privacy of Data Policy” or with the Master Services Agreement with the merchant card vendor, the enclosed requirements are to be adhered to.

To leverage the established state enterprise agreement between Division of Purchase & Contract (P&C) and a commercial card vendor bank, state agencies requiring procurement card services and/or payment card services shall acquire either or both services through P&C.

All participants in any of the Master Services Agreements (i.e., Merchant Card Services and Electronic Funds Transfer Financial Services), as well as State agencies engaging in separate arrangements, are to adhere to the appropriate security and privacy requirements that may govern the entity. Not withstanding any conflict with policies of The Office of Information Technology Services (ITS), the enclosed requirements are to be adhered to.