about the north carolina office of the state controller

SECP News/System Status

Date Time Announcement
03/07/2014 8:00 am

14-26 Merchant Card Processing

 


2013
2012

2011
2010
2009

2008
02/06/2008 8:00am On February 6, 2008, the PCI Security Standards Council announced that its updated Self Assessment Questionnaire (SAQ) for merchants and service providers is now available. The updated SAQ reflects the requirements specified in the PCI Data Security Standard version 1.1. The new version of the SAQ actually has four different sub-versions (A,B,C, and D). The sub-version to be used by a merchant depends upon the manner in which the merchant processes merchant cards. Information on the updated SAQ can be found at the following link: https://www.pcisecuritystandards.org/tech/saq.htm
03/27/2008 4:00pm The Office of the State Controller will hold its second annual E- Commerce Conference on April 23, 2007 at the McKimmon Center in Raleigh. The focus of the conference will be on assisting agencies in identifying how they can more fully participate in E-Commerce, for both disbursement and collection of funds. Registration information may be found at: http://qa.osc.nc.gov/cpe/courses.html
04/24/2008 10:55am

The State Controller has entered into a master services agreement with Discover Network Card, under which agencies can participate on an optional basis. Enrollment will be available May 1.

The Office of Information Technology Services (ITS) has announced a 15% reduction in the fee that the Common Payment Service (CPS) charges for processing merchant card transactions. The per transaction fee has been reduced from $.41 to $.35, effective April 1, 2008.

04/30/2008 10:05am MyClientLine is currently experiencing problems and unavailable. The problem is being worked on; however, at this time there is no current estimate for the resumption of normal service.
04/30/2008 1:00pm MyClientLine is expected to be available again at 3pm.
04/30/2008 4:30pm The State Controller has prepared and submitted to the General Assembly a report entitled, "Electronic Commerce Task Force Report - 2008" The report provides an assessment of the current environment and provides recommendations to expand ecommerce in state government.
06/23/2008 9:30am An enhancement is being made to the utilization of the PCI Data Security "Compliance Validation Service” available through Trustwave, a qualified security assessor. Beginning in July 2008, all participants in the merchant card services MSA are required to be enrolled in the service, even if scanning services are not needed. Click here for information regarding the new process.
09/30/2008 2:40pm Wachovia Connection is currently having technical difficulties. The problem is being worked on; however, at this time there is no current estimate for the resumption of normal service.
10/01/2008 5:00pm

The PCI Security Council has released version 1.2 of the PCI Data Security Standard. The policy and related information may be viewed at: https://www.pcisecuritystandards.org/

The State Controller issued a policy entitled, PCI Data Security Compliance, to assist participants in being and remaining compliant with the PCI Data Security Standard.

10/01/2008 5:00pm The following memorandum has been posted: PCI Data Security Compliance Policy
11/10/2008 11:30pm OSC has changed its email convention. All email correspondence relating to the Statewide E-Commerce Program (SECP) should now be sent to osc.secp.info@osc.nc.gov, replacing the suffix “@ncosc.net.” The new suffix applies to the email address of OSC staff members as well.
11/14/2008 9:50am Webinars offered by the PCI Security Council are now available on the Council’s website: https://www.pcisecuritystandards.org/education/webinars.shtml.
12/10/2008 1:00pm There is a credit card fraud scheme prevalent among non-profit organizations to which agencies may be susceptible. A document entitled "Fraud Detection Services for Card-Not-Present Transactions" can be viewed at: http://www.osc.nc.gov/SECP/Card_Fraud_Detection.pdf
2007
01/19/2007 11:35am A recent press announcement was made regarding a data security breach at a large retailer. The incident underscores the need for all businesses, including government agencies, to handle customer payment card data with the utmost vigilance. Being a member of the PCI Security Council, OSC fully supports the need for greater education and adherence with the PCI Data Security Standard (PCI DSS). Information regarding the PCI DSS can be found on the OSC site.

Click here to read more about the incident.

02/02/2007 3:10pm The State Controller has entered into a master agreement with American Express, under which agencies can participate on an optional basis. Enrollment is now available.
02/08/2007 2:15pm The State Controller has issued a new E-Commerce Policy entitled, "Merchant Cards Security Incident Plan." This policy should be adhered to when developing a security incident plan as required by the PCI Data Security Standard. All E-Commerce policies can be viewed at the following link:

http://www.osc.nc.gov/SECP/SECP_Policies.html

03/07/2007 2:05pm The State Controller has published a document entitled, "Statewide Electronic Commerce Program Status Report." The report has been provided to the State's leadership in order to identify issues requiring attention, which is necessary to help state government move closer to a paperless environment.
03/26/2007 4:25pm The Office of the State Controller will hold its first E-Commerce Conference on May 7, 2007. The focus of the conference will be on assisting agencies in identifying how they can more fully participate in E-Commerce, for both disbursement and collection of funds. Registration information may be found at: http://qa.osc.nc.gov/cpe/courses.html
04/17/2007 11:30am Effective April 13, 2007 a new "Schedule C - Visa and MasterCard's Interchange Qualification Data" becomes effective.  A new component of the interchange pass through cost is a fee referred to as the "Visa and MasterCard Access Fees," which is $.0075 per settled transaction.  The Access Fees have an April 1 effective date.
06/12/2007 5:00pm The E-Commerce Policy entitled, "Maximization of Electronic Payments" has been revised, effective June 1, 2007. The revision recognizes new electronic payment solutions that are now available to agencies. The revision recognizes more options for an agency to consider for disbursements, including debit cards and payroll cards. The revision also allows the State Controller to pre-approve third-party gateway service providers that may be utilized to accommodate an agency's Web capture needs. The revised policy can be viewed at the following link: http://www.osc.nc.gov/SECP/SECP_Policies.html
10/02/2007 9:15am On September 18, AmbironTrustWave (ATW), the State's contracted Qualified Security Assessor (QSA) announced the change of their brand name to Trustwave. Whenever documentation on OSC's website refers to ATW, it now refers to Trustwave.
10/23/2007 5:00pm Effective October 12, 2007 a new "Schedule C - Visa and MasterCard's Interchange Qualification Data" becomes effective. See the link under the Merchant Card Master Services Agreement.
10/24/2007 8:00am

The online tool provided by SunTrust Merchant Services called "MyMerchantView" is being replaced by a new online tool called "ClientLine."  A series of Webinar sessions are being offered to explain ClientLine. The Webinars require registration.

10/25/2007 11:15am Wachovia Connection is currently unavailable. The problem is being worked on; however, at this time there is no current estimate for the resumption of normal service.
10/25/2007 1:15pm Wachovia Connection is now available.
10/31/2007 4:00pm The State Controller sent a memo to the chief fiscal officers of the three sectors of government regarding an E-Commerce Survey that is being required to be completed. The memo can be view at the following site. http://www.osc.nc.gov/SECP/SECP_Task_Force.html
11/27/2007 2:30pm The master services agreement with STMS has been amended to grant participants the option to truncate the cardholder account number that is printed on the merchant's copy of sales slips. The associated change has also been made to the policy entitled, "Security and Privacy of Data."   Click here to view the State Controller's memo pertaining to this change.

2006
8/17/2006 11:30am

The SECP site has been redesigned to reflect the changes in the Master Services Agreement provider and to offer more information about the program.

8/25/2006 3:00pm "Participants in the Master Services Agreement (MSA) for processing merchant cards have until October 31, 2006 to complete the tasks to transition to the new MSA with SunTrust Merchant Services. Three windows to convert have been established. The first window was from August 1 to August 25. The second window is from August 26 to September 26. The third window is from September 27 to October 26. Conversion by the 26th of a given month will result in the fees for that month being retroactive to the first day of that month. Delays in transitioning will result in a participant paying $.108 per transaction instead of $.04 per transaction. "
8/30/2006 12:40pm "There have been some changes in OSC's help desk operation, which is now called ""OSC Support Services Center."" Two trained analysts will be taking calls pertaining to SECP and assisting the user. If there are issues that need to be escalated to a second level analyst, the caller will be given a HEAT ticket number and the issue will be sent to the next level for resolution. When calling the Support Services Center, telephone 919-875-HELP (4357), choose Option 2 for SECP issues. "
9/26/2006 9:25am "A revised PCI Security Data Standard has been issued by the newly formed PCI Security Council. Version 1 has been enhanced and is being replaced by Version 1.1, effective September 7, 2006. There is a phase out period, and Version 1 may no longer be used for PCI DSS compliance validation after December 31, 2006. "
10/17/2006 11:45am "Since the inception of the State's arrangements with SunTrust Merchant Services, STMS has issued several versions of its ""Operating Guide,"" which is a critical component of the Master Services Agreement (MSA). The version of the Operating Guide that applies to participants of the the State's MSA dated August 1, 2006 is version OPSG801. The Operating Guide can be viewed on the OSC SECP Website on the page entitled, ""Merchant Card Master Services Agreement."" As specified by Section 3 of the ""Merchant Bankcard Services Agreement,"" all Participants are required to follow the procedures in the Operating Guide, and if there is any conflict between the terms of the ""Merchant Bankcard Services Agreement"" and the ""Operating Guide,"" the terms of the Agreement will govern. Should a different version of the Operating Guide apply in the future, the revised Guide will be posted on the OSC SECP Website. "
10/20/2006 9:45am The State's old contract with STMS for merchant card services expires October 31. Participants not yet transitioned to the new contract put into place August 1 must have their enrollment forms into OSC no later than October 26 in order to allow sufficient time for both OSC and DST to execute the forms prior to forwarding them to STMS.  Forms received by this date will result in the new pricing schedule being effective retroactive to October 1. Forms received by OSC after October 26 but prior to October 31, will be processed, but the new pricing schedule will not become effective until November 1.  Forms received after October 31, will be processed, but participants should be aware of the risk of services being discontinued by STMS.  If problems with obtaining PCI compliance are being experienced, the enrollment forms should still be submitted by the October 26 date, so the forms can be processed by OSC and DST timely.  Please contact OSC's Support Services Center at 919-875-4357 if assistance is needed in completing the enrollment forms.
11/03/2006 12:50pm All enrollment forms to convert to the new MSA with STMS that were received by OSC on or prior to October 26 were processed, which should result in the invoicing for the month of October reflecting the new price of $.04 per transaction. Participants should inspect their October invoices received from STMS to ascertain that STMS set the account up properly. Participants should notify OSC if the invoices appear to be incorrect. Enrollment forms received by OSC after October 26 were processed with the new rate becoming effective November 1.
11/16/2006 10:00am One of the negotiated enhancements of the new Master Services Agreement for merchant card processing was STMS agreeing to provide a second frame relay circuit  as a backup connection for the the Common Payment Service (CPS) gateway, instead of an ISDN line as the backup connection.  Effective November 13, the new frame relay connection was put into place as the primary backup.  As an extra measure of protection, the ISDN line will be retained as a secondary backup. This enhancement provides participants that use the CPS as their gateway with more reliability.


News Updates
Status Updates