Government agency credit card programs and PCI compliance

August 20, 2019

What’s PCI? All organizations that accept and process card payments must comply with the Payment Card Industry (PCI) Data Security Standard (DSS). This includes government agencies that take credit card payments for constituent services. The cost of noncompliance can be high, so it pays to comply with the PCI DSS.

“PCI DSS applies to all entities that process, transmit and/or store cardholder data,” explains Michael Hodge, regional director of payment solutions at U.S. Bank. “If a government agency is processing card payments, then it’s clearly in scope for PCI compliance.”

The Payment Card Industry (PCI) Data Security Standard (DSS) Council is responsible for the global requirements governing the security of cardholder data. Card brands are responsible for enforcement. All merchant services providers, also known as “acquirers,” have the responsibility to report PCI DSS compliance to the data security programs of the card brands.

Major card associations worked together to develop the PCI DSS because of escalating risks related to credit card fraud.

PCI DSS includes requirements that address:

Security management
Policies
Procedures
Network architecture
Software design
Other critical protective measures

Noncompliance can mean big consequences

PCI DSS compliance requirements and validation apply to government agencies the same as they do for other businesses.

“If an organization, such as a government agency, fails to adhere to PCI DSS, they may be assessed fines for noncompliance, and/or may no longer be able to process cards for payment,” Hodge says. Fines vary by card brand and an agency’s assigned PCI level, but they can be as high as hundreds of thousands of dollars.

“Beyond fines, government agencies also need to comply with the standard to maintain constituent trust,” Hodge says. “They should consider it a best practice to protect cardholder data and information.”

“At U.S. Bank, our government agency clients consistently adhere to their PCI DSS compliance, and validate it annually,” Hodge says.

However, Hodge notes the configuration of card processing networks for government agencies — and how these networks speak to one another — can affect how agencies manage and conduct their PCI DSS audit duties. They may be subject to multiple audits and validations, or just one.

“Given that we’re reminded of security breaches daily, it’s imperative that agencies accepting cards recognize and address annual compliance,” Hodge says.

“As long as an agency is the merchant of record, it has compliance responsibility. Once it begins accepting card payments, its compliance duties begin. The agency should be diligent to discuss with its payment acquirer the steps necessary to reach compliance responsibility.”

Some government entities may find they have bureaucratic challenges with PCI DSS compliance

Government entities work across agencies and with management to understand their responsibilities, which include the need to examine, establish and maintain a strong data security posture. They also need to understand the costs of annual validation. “As a result, it’s important that they develop a best practices policy for card payment acceptance,” Hodge says.

The PCI DSS Council provides a list of approved companies that can assist you with an audit. Acquirers often recommend a PCI Approved Qualified Security Assessor, but government agencies aren’t required to follow this recommendation.

For more information about PCI DSS compliance, talk to your merchant services provider and visit www.pcisecuritystandards.org. Card brands also offer data security program help:

Learn about U.S. Bank

Visit usbank.com

Request a call

Rule 2a-5 overview: Good faith determinations of fair value

Rule 18f-4: The limited use exception

Rule 18f-4: An in-depth look at the derivative risk management program and value-at-risk

Rule 18f-4 overview: Regulatory framework changes for derivatives

Liquidity management: A renewed focus for European funds

Administrator accountability: 5 questions to evaluate outsourcing risks

IRC Section 305(c): Deemed distributions and related regulations

A first look at the new fund of funds rule

Depositary services: A brief overview

6 timely reasons to integrate your receivables

Maximizing your deductions: Section 179 and Bonus Depreciation

Colleges respond to student needs by offering digital payments

Benefits of billing foreign customers in their own currency

Webinar: Digitizing receivables to transform B2B rent payments

Best practices on securing cardholder data

Improve government payments with electronic billing platforms

Emerging A/R solutions use artificial intelligence to target efficiency

Drivers for changing accounts receivable in 2021

Webinar: Managing foreign exchange risk in unpredictable markets

Webinar: What’s new in international payments?

Post-pandemic fraud prevention lessons for local governments

Webinar: Recording of the Central Securities Depository Regulation and Pivot

Authenticating cardholder data reduce e-commerce fraud

Webinar: Robotic process automation

Webinar: Digitize your AP processes to optimize results

Hospitals face cybersecurity risks in surprising new ways

Turn risk into opportunity with supply chain finance

Evaluating interest rate risk creating risk management strategy

Webinar: Empower your AP automation with strategic intelligence

Webinar: Key issues impacting relocation in 2021

Webinar: Building digital bridges for treasury optimization

Proactive ways to fight vendor fraud

Webinar: CRE technology trends

Webinar: Driving innovation to impact treasury management

What is CSDR, and how will you be affected?

Tactical Treasury: Fraud prevention is a never-ending task

Webinar: AP automation—solve payment challenges with an invoice-to-pay solution

Webinar: CRE treasury leader roundtable

Risk management strategies for foreign exchange hedging

5 Ways to protect your government agency from payment fraud

Cayman Islands’ Private Funds Law: What you need to know

Webinar: International payments

Webinar: Economic, political and policy insights

Webinar: Redefine your business with technology

Redefining beneficial ownership in the Cayman Islands

Webinar: The future of digital onboarding for U.S. Bank clients

4 tips for protecting your business against Coronavirus-related scams

Webinar: The impact of innovation on processing receivables

The cyber insurance question: Additional protection beyond prevention

Complying with changes in fund regulations

Protecting your business from fraud

The latest on cybersecurity: Vulnerability testing and third-party software

The latest on cybersecurity: Mobile fraud and privacy concerns

Avoiding the pitfalls of warehouse lending

Fight the battle against payments fraud

Fraud prevention checklist

5 steps you should take after a major data breach

Cybercrisis management: Are you ready to respond?

The password: Enhancing security and usability

Business risk management for owners of small companies

Why KYC — for organizations

How to improve your business network security

Cybersecurity – Protecting client data through industry best practices

Government agency credit card programs and PCI compliance

BEC: Recognize a scam

Navigate changing consumer behavior with service fees

Higher education strategies for e-payment migration, fighting fraud

Payment industry trends that are the future of POS

How electronic billing platforms improve government payments

Modernizing fare payment without leaving any riders behind

What government officials should know about real-time payments

Escheatment resources: Reporting deadlines for all 50 states

How real-time inventory visibility can boost retail margins

Access, flexibility and simplicity: How governments can modernize payments to help their citizens

Tap-to-pay: Modernizing fare payments pays off for transit agencies and riders

ABCs of APIs: Drive treasury efficiency with real-time connectivity

White Castle optimizes payment transactions

Three healthcare payment trends that will continue to matter in 2022

Managing the rising costs of payment acceptance with service fees

Restaurant survey shows changing customer payment preferences

Want AP automation to pay both businesses and consumers?

Webinar: CSM corporation re-thinks AP

Digital trends poised to reshape hotel payments

How to improve digital payments security for your health system

Luxury jeweler enhances the digital billing and payment customer experience

Enhancing the patient experience through people-centered payments

Adjust collections to limit impact of USPS delivery changes

Increase working capital with Commercial Card Optimization

Automate escheatment for accounts payable to save time and money

Top 3 ways digital payments can transform the patient experience

How COVID-19 is transforming healthcare payments

3 benefits of integrated payments in healthcare

Automate accounts payable to optimize revenue and payments

Unexpected cost savings may be hiding in your payment strategy

What to know when investing in AP automation solutions

Webinar: AP automation for commercial real estate

How AR technology is helping advance payment processing at Avera Health

Understanding and preparing for the new payment experience

3 ways to adapt to the new payments landscape

How to accept credit card payments without transaction fees

3 reasons governments and educational institutions should implement service fees

Ways prepaid cards disburse government funds to the unbanked

Collect utility and telecom bill payments faster

Safeguarding the payment experience through contactless

Higher education and the cashless society: Latest trends

Top tips for card payments optimization

The benefits of payment digitization: Pushing for simplicity

COVID-19 safety recommendations: Are you ready to reopen?

Government billing survey: The digital transformation of the payment experience

3 ways to make practical use of real-time payments

4 benefits to paying foreign suppliers in their own currency

Digital Onboarding helps finance firm’s clients build communities

Flexibility remains essential for public sector workforces

ABCs of ARP: Answers to American Rescue Plan questions for counties

Tailor Ridge eBill case study

Webinar: Fraud prevention and mitigation for government agencies

Digital receivables to meet changing demand

Overcoming the 3 key challenges of a lump sum relocation program

Streamline operations with all-in-one small business financial support

How mobile point of sale (mPOS) can benefit your side gig

Checklist: What you’ll need for your first retail pop-up shop

Rethinking common time management tips

How to apply for a business credit card

How jumbo loans can help home buyers and your builder business

How a small business is moving forward during COVID-19

How Everyday Funding can improve cash flow

How to accept credit cards online

Tips for navigating a medical hardship when you’re unable to work

When your spouse has passed away: A three-month financial checklist

How to save money in college: easy ways to spend less

3 awkward situations Zelle can help avoid

Dear Money Mentor: How do I set and track financial goals?

How voice-activated devices work with banks

P2P payments make it easier to split the tab

Dear Money Mentor: How do I begin paying off credit card debt?

Myth vs. truth: What affects your credit score?

Equal Housing Lender

Loan approval is subject to credit approval and program guidelines. Not all loan programs are available in all states for all loan amounts. Interest rate and program terms are subject to change without notice. Mortgage, home equity and credit products are offered by U.S. Bank National Association. Deposit products are offered by U.S. Bank National Association. Member FDIC.