Laserfiche WebLink
Section 1:Purpose <br />The purpose of this policy is to establish guidelines to ensure safe handling and processing of debit/credit cards for <br />security and compliance with the Payment Card Industry Data Security Standard (PCI DSS). <br />In response to increasing incidents of identity theft,the five major payment card companies (American Express, <br />Discover,JCB,Master Card,and Visa)formed the PCI Security Standards Council,an internally created <br />organization that dictates data security standards by which merchants must adhere to when accepting credit cards. <br />The PCI DSS was enacted to help identify and prevent theft of customer data,and is applicable to all businesses that <br />accept payment cards to procure goods or services.Merchant compliance with this Standard is required and enforced <br />by the payment card companies and generally,noncompliance is discovered when an organization experiences a <br />security breach that includes cardholder data.Security breaches can result in serious consequences,including release <br />of confidential information,damage to reputation,the assessment of substantial fines,possible legal liability,and the <br />potential loss of the ability to accept credit card payments. <br />Section 2:Policy <br />The County has adopted the following policy and departmental procedures for all types of credit card activity <br />transacted in-person where the County appears as the merchant.Individual departments may determine if it is <br />necessary or feasible to accept payments via credit/debit cards by considering the volume and frequency of <br />payments received. <br />All transactions that involve the transfer of credit card information must be performed on systems that are hosted by <br />a PCI compliant provider. <br />Section 3:Specific Policy Provisions <br />1)Types of cards accepted.Departments may only accept merchant cards from credit card associations that <br />have agreements with the vendor(s)utilized by the County. <br />2)Transaction or convenience fees.A transaction fee (convenience/processing fee)shall be charged to cover <br />the cost of permitting a person to complete a credit card transaction and is paid to the vendor,not the <br />county.Pursuant to RCW 36.29.190,a payer desiring to pay by a credit card,charge card,debit card,smart <br />card,stored value card,federal wire,automatic clearinghouse system,or other electronic communication <br />shall bear the cost of processing the transaction as a nominal fee set forth by the vendor.This fee is <br />typically assessed as a percentage of the transaction amount. <br />Section 4:Responsibilities of Departments <br />Departmental responsibilities in the acceptance of the credit/debit cards include the following: <br />1)Funding the initial equipment lease. <br />2)Installation of equipment and training of employees. <br />3)Management of the system,including the following:required receipting,procedures,reconciliation,charge- <br />backs,and communication with the processor. <br />4)Credit card transactions shall only be performed by authorized staff. <br />5)The employee handling the credit card transaction must verify the signature on the card or observe a picture <br />ID. <br />6)An authorization approval code must be obtained from the merchant card processor,with real time <br />authorization being the preferred method or telephone authorization as an alternative. <br />7)If authorization is not received the card cannot be accepted and an alternative means of payment will be <br />required. <br />8)If fraud is suspected the procedures in County Policy 17 Identity Theft Prevention Program shall be <br />followed. <br />Page 3 of8 Pages Effective ,2019