about the north carolina office of the state controller

SECP News/System Status

Date Time Announcement
02/14/2013 9:30 am

Today the PCI Security Standards Council (PCI SSC), an open, global forum for the development of payment card security standards published the PCI Mobile Payment Acceptance Security Guidelines for Merchants as End-Users. The guidance educates merchants on the factors and risks that need to be addressed in order to protect card data when using mobile devices, such as smart phones and tablets, to accept payments.

PCI SECURITY STANDARDS COUNCIL RELEASES GUIDANCE FOR MERCHANTS ON MOBILE PAYMENT ACCEPTANCE SECURITY:

https://www.pcisecuritystandards.org/pdfs/13_02_13_Mobile_Press_Release.pdf
02/07/2013 9:30 am

Today the PCI Security Standards Council (PCI SSC), an open, global forum for the development of payment card security standards published the PCI DSS Cloud Computing Guidelines Information Supplement, a product of the Cloud Special Interest Group (SIG). Businesses deploying cloud technology can use this resource as a guide for choosing solutions and third-party cloud providers that will help them secure their customer payment data and support PCI DSS compliance.

PCI SECURITY STANDARDS COUNCIL RELEASES PCI DSS CLOUD COMPUTING GUIDELINES:

https://www.pcisecuritystandards.org/pdfs/pr_130205_Cloud_SIG.pdf
01/31/2013 9:30 am

Today the PCI Security Standards Council (PCI SSC), an open, global forum for the development of payment card security standards published the PCI DSS E-commerce Guidelines Information Supplement, a product of the E-commerce Security Special Interest Group (SIG). Businesses selling goods and services over the Internet can use this resource as a guide for choosing e-commerce technologies and third-party service providers that will help them secure customer payment data and support PCI DSS compliance efforts.

PCI SECURITY STANDARDS COUNCIL RELEASES PCI DSS E-COMMERCE SECURITY GUIDELINES:

https://www.pcisecuritystandards.org/pdfs/pr_130130_ecommerce_sig.pdf
09/11/2012 3:50 pm

2012 E-Commerce Conference
The Office of the State Controller will hold its 2012 E- Commerce Conference on October 30, 2012 at the North Carolina State University McKimmon Center in Raleigh.

E-Commerce Announcement
E-Commerce Conference Agenda

To register for this conference, click on the following link: http://www.zoomerang.com/Survey/WEB22GK9SJST6Y
07/10/2012 9:15 am Common Payment Service Fee Reduction
The per card transaction fee charged by the Common Payment  Service (CPS) for processing card transactions has been reduced from $0.28 to $0.23.  The 18% reduction was effective for June transactions and will be reflected in the ITS July billing.   This rate reduction is the second in the last two years, with the last reduction effective July 1, 2010
06/13/2012 11:00 am

Wells Fargo EFTs
After reviewing the most recent invoices sent by Well Fargo for Electronic Funds Transfer we believe the majority of the billed items to be accurate.  There are 3 outstanding items that if found to be inaccurate can be credited back to each agency.  Therefore, agencies should pay their outstanding invoices and should not hold payments past the fiscal year.

04/19/2012 4:30 pm

Communication from Wells Fargo
We want to thank all of the agencies for your work and support.  We are glad to communicate that we have completed the formal aspects of the bank conversion and that all systems and services are performing well.


As expected, we are still working on the billing aspect of the analysis systems.  We want to provide an update to address and eliminate any of the confusion.

  • The analysis for the month of January was produced on the Wells Fargo system and is correct.  An agency would have received this in February.  As always there may be some minor adjustments for a particular agency that we will address.  The expectation is that agencies should have paid or should pay their invoice for the month of January.
  • As expected, the invoice for the month of February is not 100% accurate and should not be paid at this time.  In some cases, an agency may have received multiple invoices for February.  Regardless, these should not be paid until we provide an update.  If you have already paid, and the final invoice differs from the one that was paid, the agency will receive credit for the amount of the payment.
  • We expect invoices for the month of March to be sent prior to the end of April.  However, the invoice for the month of March will not be 100% accurate and should not be paid.
  • We expect to provide the final invoices for the months of February and March early during the month of May.
  • Please disregard any notices that an agency may receive regarding unpaid invoices for February.
  • Remember that when we speak of a particular month, the invoice normally is sent in the following month.  As an example, the invoice for the month of January that an agency would have received in February is accurate.  The invoice that an agency may have received in March for the month of February is the one that is not 100% accurate.
  • An agency will have the option of seeing the Account Analysis via CEO.  As these are corrected, we expect the system to be updated with the new information.
  • If an agency has paper copies of Account Analysis for the month of February (and for the month of March in the next week or so), our suggestion would be that the agency shred,  or destroy those copies so an agency will not confuse it with the updated Account Analysis.
12/29/2011 2:05 pm

Visa Announces U.S. Participation in Global Point-of-Sale Counterfeit Liability Shift – Effective October 1, 2015. http://usa.visa.com/download/merchants/bulletin-us-acquirer-mandate-080911.pdf
This policy assigns liability for counterfeit fraud to the party that has not made the investment in EMV chip cards(issuers) or terminals (merchants’ acquirers).  The policy encourages wider deployment of EMV cards and terminals.
11/08/2011 4:25 pm

Wachovia/Wells Fargo CEO Credential Migration
On December 10th, users on the merchant card and EFT contracts that use Wachovia Connection will transition from the Wachovia Global Connect portal to the CEO portal. You will automatically be prompted to go through the CEO New User Setup process after you log in to the Wachovia Global Connect portal.  The CEO portal will be your new home page, and you will access your Wachovia online services under My Services on that page.   Alerts in Wachovia Connection will begin on November 10, 2011.

In an effort to share with you what this process will look like for you, please ensure that you AND your users review the CEO Portal First-Time User Tour (Flash).

Obtaining  new log-in credentials:
You are scheduled to transition to the CEOportal, the system will prompt you through the CEONew User Setup process after you log in to the Wachovia Global Connectportal. You will complete this process in a few simple steps by creating a password, receiving your new CEOportal credentials (company ID and user ID), and establishing your CEOsecret questions and answers. Please remember your new credentials, as you will need them every time you log in to the CEOportal.

  • Your new credentials will replace the Wachovia Global Connect log-in credentials you currently use.
  • You will be able to access your Wachovia online services through the Wells Fargo CEO portal using your new credentials.

The New User Set Up process includes a few simple steps:

  1. create a password
  2. receive your new CEO portal credentials (company ID and user ID)
  3. establish your CEO portal secret questions and answers.
  4. You will use your new credentials every time you log in to the CEO portal and RDC 2.0. Please print the New User Setup confirmation screen for your records.

Additional CEO Migration Resources:

If you have any questions, please contact the OSC Support Services Center at 919-707-0795.
07/27/2011 4:15 pm

Schedule C Revision
The Spring 2011 “Association Interchange Compliance Guide” has been revised to incorporate the current fees levied by Visa, MasterCard, and the debit networks. Merchants should note there are some minor additional “pass through” fees for MasterCard which include the processing integrity fee (misuse fee) at $.045 which matches what Visa has been charging and the account status inquiry fee at $.025 (US issued card) or $.03 (non US issued card).  Both of these new MasterCard fees are effective June 14, 2011.  Effective October 1, 2011 (per the Federal Reserve Bank’s Regulation II), the interchange and switch fees for PIN debits depend upon the asset size of the card issuer and which card network the card is cleared through (e.g., NYCE, STAR, etc.)
http://www.osc.nc.gov/SECP/Schedule%20C-VisaandMasterCardIDQ.pdf

07/06/2011 10:30am

Regulation II - Wall Street Reform and Consumer Protection Act (H.R.4173) requires the Federal Reserve Board  to establish standards for debit card interchange fees and prohibiting exclusivity arrangements and routing restrictions.  A final rule (Regulation II) was issued by the Federal Reserve Board on June 29, 2011.  For more information on the ruling see the Federal Reserve Board release http://www.federalreserve.gov/newsevents/press/bcreg/20110629a.htm.

06/14/2011 3:30 pm

STMS Contract Renewal and Fee Revision – The merchant card services contract with STMS has been renewed for an additional year.  The renewal provides for a revision of the vendor-levied “per transaction” fee, from $.04 to $.0425, effective July 1, 2011.  The incremental increase of $.0025 is to offset PCI Data Security validation services provided the participants. Refer to the memo at http://www.osc.nc.gov/SECP/11-51_Merchant_Cards_Contract_Renewal.pdf
01/31/2011 2:40 pm

IRS Code Section 6050W – The IRS has a new code that will result in card merchant agencies receiving a Form 1099-K in January 2012, for card transactions beginning January 1, 2011.  In preparation for the receipt of the Form 1099-K, it is important that the card processors (i.e., STMS / First Data, American Express, and Discover) have the agency’s correct Tax Identification Number (TIN) and “legal name” (as on file with the IRS).  Notices received from a card processor asking for the agency’s correct TIN and/or legal name should be responded to.  Refer to the following link for additional information:    http://www.irs.gov/govt/fslg/article/0,,id=226894,00.html
11/09/2010 3:20 pm

PCI Standards Version 2.0 - The PCI Security Standards Council has released Version 2.0 of both the PCI Data Security Standard (PCI-DSS) and the Payment Application Data Security Standard (PA-DSS).  The new standards become effective January 1, 2011.  More info can be viewed at https://www.pcisecuritystandards.org/pdfs/pr_101028_standards_2.0.pdf .
10/20/2010 2:00pm

Durbin Amendment – Federal legislation recently enacted (H.R.4173 - Wall Street Reform and Consumer Protection Act) has several provisions impacting government entities accepting credit and/or debit cards.  Notable provisions that went into effect July 2010 are as follows: 1) A merchant can now set a minimum amount for which it will accept a credit card payment, provided the minimum amount does not exceed $10.00 (provision applies to all merchants, but does not apply to debit cards); 2) An institution of higher education (university or community college) can now set a maximum amount for which it will accept a credit card payment (provision does not apply to debit cards, or to general government agencies or local units of government); 3) All merchant agencies can now offer a discount for any given form of payment (e.g., provide a discount for paying by cash, check, or debit card versus credit card).  Government entities should examine the federal legislation in detail, as there are additional requirements and/or exclusions that may apply when implementing any of the provisions referenced.  See Durbin Amendment contained in the legislation (pages 693-699). http://www.sec.gov/about/laws/wallstreetreform-cpa.pdf
10/07/2010 9:00 am

Schedule C Revision: The Fall 2010 “Association Interchange Compliance Guide” has been revised to incorporate the current fees levied by Visa, MasterCard, and the debit networks. Merchants should note the best “interchange rate” available to most public sector merchants remain the same: MasterCard “Enhanced Public Sector” – 1.55% plus $.10; and Visa “CPS Retail 2 Emerging Market” – 1.43% plus $.05. An agency may or may not qualify for the best interchange rate available, depending upon its capture method and the type of card being presented. The Assessment Fee for both brands is now .11%. See revised Schedule C for more information, including rates for the various PIN debit cards and other fees that may apply. These fees represent the “pass-through” fees associated with accepting merchant cards.
 http://www.osc.nc.gov/SECP/ScheduleC-VisaandMasterCardIQD.pdf
07/19/2010 4:05 pm

Card Program 10th Anniversary - July 1, 2010, marked the 10th anniversary of the statewide enterprise program that allowed agencies to accept merchant cards for payments.  During the past three years, the volume has doubled, while over the past five years the volume has tripled. Transaction activity for the Fiscal Year ending June 30, 2010 showed that over 9 million card transactions, totaling nearly $800 million, were processed by various state agencies during the year.
07/19/2010 4:05 pm

Common Payment Service Fee Reduction - The per card transaction fee charged by the Common Payment  Service (CPS) for processing card transactions has been reduced from $.035 to $.28.  The 20% reduction was effective July 1, 2010 and will be reflected in the ITS August billing.  This rate reduction demonstrates the economies of scale that can be achieved when agencies subscribe to an enterprise service.
04/19/2010 9:50 am

Schedule C Revision: The Spring 2010 “Association Interchange Compliance Guide” has been revised to incorporate the current fees levied by Visa, MasterCard, and the debit networks. Merchants should note there are some minor fee increases for: 1) Some of the PIN debits networks; 2) MasterCard’s increase in the “assessment fee” from .095% to .11% per transaction amount, effective April 1, 2010; and 3) Visa’s increase in the “assessment fee” from .0925% to .11% per transaction amount, effective July 1, 2010 . See revised Schedule C for more information.
 http://www.osc.nc.gov/SECP/ScheduleC-VisaandMasterCardIQD.pdf
04/14/2010 12:07pm

Schedule C - The Spring 2010 “Association Interchange Compliance Guide” has been revised to incorporate the current fees levied by Visa, MasterCard, and the debit networks. Merchants should note there are some minor fee increases for: 1) Some of the PIN debits networks; and 2) MasterCard’s increase in the “assessment fee” from .095% to .1100% per transaction amount. See revised Schedule C for more information.
 http://www.osc.nc.gov/SECP/ScheduleC-VisaandMasterCardIQD.pdf
04/05/2010 9:10 am

PCI-PTS Standard - Effective July 1, 2010, Visa will be enforcing the “PCI PIN Transaction Security (PCI-PTS) Standard.”  The standard was first announced in 2008 and was previously known as the PIN Entry Device (PCI-PED) standard.  The standard requires all POS terminals that accept PIN based debit cards to have triple DES encryption.  For merchants purchasing new POS equipment in the last five years, this should not be an issue.  All agencies accepting PIN based debit cards are advised to inspect their POS devices and ascertain if the terminals are compliant.  Replacement of non-complaint POS terminals prior to July 1, 2010 will be necessary if PIN based debit cards are being accepted. Information on the standard can be found at the following link: https://www.pcisecuritystandards.org/security_standards/ped/index.shtml
01/25/2010 8:15am Visa Misuse Authorization Fee – Effective October 1, 2009, Visa began implementing a Misuse of Authorization System Fee at $0.045 per item. This fee applies to authorized transactions that are not followed by a matching Visa cleared (settled) transaction (or in the case of a canceled transaction, not properly reversed). The fee can be avoided by clearing (settling) your transactions within 10 days of authorization for all MCCs, with the exception of Travel & Entertainment Merchants which must clear within 20 days. If an authorization is not needed, the authorization must be electronically reversed within 24 hours for card present authorizations, or 72 hours for card-not-present authorizations.
11/01/2009 2:45pm Effective October 1, 2009, the Diners Club Card is no longer being processed by MasterCard, but by Discover Financial Services. This is the result of Discover acquiring Diners Card International from Citi. The effect on a participating merchant will depend on whether the merchant currently subscribes to the Discover Network (i.e., accepts the Discover Card). A merchant that does not have an arrangement with Discover will find that the Diners Card International can no longer be processed through STMS (the processor of Visa and MasterCard transactions).
11/02/2009 8:00am Trustwave Holdings, Inc. has been re-selected as the PCI Security Compliance Services vendor, with the new contract period being for three years, through October 2012. Trustwave will continue to provide remote validation services (online Self-Assessment Questionnaire) and external vulnerability scanning (for those having capture solutions with external facing IP addresses) to participating merchants under the STMS master services agreement. The OSC will continue to pay for these basic services provided by Trustwave. Participants requiring specific supplemental remediation services relating to PCI compliance can subscribe to such services from Trustwave on an optional basis.
07/29/2009 11:00am The State Controller has issued an “IAT Rules Advisory” to alert and assist agencies that originate electronic payments through the ACH Network, regarding an important regulatory rule that becomes effective September 18, 2009. The advisory can be viewed at http://www.osc.nc.gov/SECP/SECP_IAT_Rules.html
05/05/2009 3:00pm A series of webinars will be offered to participants of the merchant card contract regarding the online reporting tools – ClientLine and EIDS. The webinars are being held the last part of May. Enrollment information can be viewed at: http://www.osc.nc.gov/cpe/courses.html
04/20/2009 8:45am The Spring 2009 fee schedules have been issued by Visa, MasterCard, and the debit networks. Merchants should note there are some significant fee increases for: 1) Some of the PIN debits networks, as the caps have been removed; and 2) Visa and MasterCard have each increased their “access fee,” which is now approximately $.02 per transaction. The fees take effect on various dates. See Merchant Card Fees document for more information.
04/06/2009 5:00pm An optional gateway service is now available to participants of the STMS master services agreement, allowing participants to subscribe to the PayPoint gateway service, which offers a web capture solution for participants that do not have the internal expertise or resources to develop an internal web capture application of its own. View Information on the gateway service.
03/31/2009 3:00pm The Common Payment Service (CPS) gateway will be unavailable for an extended period of time on Sunday, May 3, from 12:00 midnight until 12:00 noon. CPS will undergo annual maintenance to re-encrypt the CPS database with a new encryption key, a new requirement of the PCI Data Security Standard. Any questions regarding this event should be addressed to the ITS Service Desk at 919-754-6000 or 800-722-3946, with a reference to Change Request 9808.
03/20/2009 12:20pm

The gateway capture solution available under the STMS contact, previously known as “YourPay,” is now called “First Data Global Gateway.”

The First Data Global Gateway will be unavailable for several hours during the early morning hours of April 19. An outage is necessary to perform a scheduled migration of the Online and Settlement systems. It will affect all activities on the First Data Global Gateway including API, Connect, and the Virtual Terminal. Please contact your Account Specialist if you have any questions.

01/22/2009 12:00pm To assist agencies that utilize third-party “service providers” for processing merchant cards, to ensure compliance with the PCI Data Security Standard, OSC has prepared a document entitled, ”PCI Data Security Validation for Service Providers.” The document references a “Sample Addendum for Requirement 12.8” for the agency’s potential use.
2008
02/06/2008 8:00am On February 6, 2008, the PCI Security Standards Council announced that its updated Self Assessment Questionnaire (SAQ) for merchants and service providers is now available. The updated SAQ reflects the requirements specified in the PCI Data Security Standard version 1.1. The new version of the SAQ actually has four different sub-versions (A,B,C, and D). The sub-version to be used by a merchant depends upon the manner in which the merchant processes merchant cards. Information on the updated SAQ can be found at the following link: https://www.pcisecuritystandards.org/tech/saq.htm
03/27/2008 4:00pm The Office of the State Controller will hold its second annual E- Commerce Conference on April 23, 2007 at the McKimmon Center in Raleigh. The focus of the conference will be on assisting agencies in identifying how they can more fully participate in E-Commerce, for both disbursement and collection of funds. Registration information may be found at: http://qa.osc.nc.gov/cpe/courses.html
04/24/2008 10:55am

The State Controller has entered into a master services agreement with Discover Network Card, under which agencies can participate on an optional basis. Enrollment will be available May 1.

The Office of Information Technology Services (ITS) has announced a 15% reduction in the fee that the Common Payment Service (CPS) charges for processing merchant card transactions. The per transaction fee has been reduced from $.41 to $.35, effective April 1, 2008.
04/30/2008 10:05am MyClientLine is currently experiencing problems and unavailable. The problem is being worked on; however, at this time there is no current estimate for the resumption of normal service.
04/30/2008 1:00pm MyClientLine is expected to be available again at 3pm.
04/30/2008 4:30pm The State Controller has prepared and submitted to the General Assembly a report entitled, "Electronic Commerce Task Force Report - 2008" The report provides an assessment of the current environment and provides recommendations to expand ecommerce in state government.
06/23/2008 9:30am An enhancement is being made to the utilization of the PCI Data Security "Compliance Validation Service” available through Trustwave, a qualified security assessor. Beginning in July 2008, all participants in the merchant card services MSA are required to be enrolled in the service, even if scanning services are not needed. Click here for information regarding the new process.
09/30/2008 2:40pm Wachovia Connection is currently having technical difficulties. The problem is being worked on; however, at this time there is no current estimate for the resumption of normal service.
10/01/2008 5:00pm

The PCI Security Council has released version 1.2 of the PCI Data Security Standard. The policy and related information may be viewed at: https://www.pcisecuritystandards.org/

The State Controller issued a policy entitled, PCI Data Security Compliance, to assist participants in being and remaining compliant with the PCI Data Security Standard.
10/01/2008 5:00pm The following memorandum has been posted: PCI Data Security Compliance Policy
11/10/2008 11:30pm OSC has changed its email convention. All email correspondence relating to the Statewide E-Commerce Program (SECP) should now be sent to osc.secp.info@osc.nc.gov, replacing the suffix “@ncosc.net.” The new suffix applies to the email address of OSC staff members as well.
11/14/2008 9:50am Webinars offered by the PCI Security Council are now available on the Council’s website: https://www.pcisecuritystandards.org/education/webinars.shtml.
12/10/2008 1:00pm There is a credit card fraud scheme prevalent among non-profit organizations to which agencies may be susceptible. A document entitled "Fraud Detection Services for Card-Not-Present Transactions" can be viewed at: http://www.osc.nc.gov/SECP/Card_Fraud_Detection.pdf
2007
01/19/2007 11:35am A recent press announcement was made regarding a data security breach at a large retailer. The incident underscores the need for all businesses, including government agencies, to handle customer payment card data with the utmost vigilance. Being a member of the PCI Security Council, OSC fully supports the need for greater education and adherence with the PCI Data Security Standard (PCI DSS). Information regarding the PCI DSS can be found on the OSC site.

Click here to read more about the incident.

02/02/2007 3:10pm The State Controller has entered into a master agreement with American Express, under which agencies can participate on an optional basis. Enrollment is now available.
02/08/2007 2:15pm The State Controller has issued a new E-Commerce Policy entitled, "Merchant Cards Security Incident Plan." This policy should be adhered to when developing a security incident plan as required by the PCI Data Security Standard. All E-Commerce policies can be viewed at the following link:

http://www.osc.nc.gov/SECP/SECP_Policies.html
03/07/2007 2:05pm The State Controller has published a document entitled, "Statewide Electronic Commerce Program Status Report." The report has been provided to the State's leadership in order to identify issues requiring attention, which is necessary to help state government move closer to a paperless environment.
03/26/2007 4:25pm The Office of the State Controller will hold its first E-Commerce Conference on May 7, 2007. The focus of the conference will be on assisting agencies in identifying how they can more fully participate in E-Commerce, for both disbursement and collection of funds. Registration information may be found at: http://qa.osc.nc.gov/cpe/courses.html
04/17/2007 11:30am Effective April 13, 2007 a new "Schedule C - Visa and MasterCard's Interchange Qualification Data" becomes effective.  A new component of the interchange pass through cost is a fee referred to as the "Visa and MasterCard Access Fees," which is $.0075 per settled transaction.  The Access Fees have an April 1 effective date.
06/12/2007 5:00pm The E-Commerce Policy entitled, "Maximization of Electronic Payments" has been revised, effective June 1, 2007. The revision recognizes new electronic payment solutions that are now available to agencies. The revision recognizes more options for an agency to consider for disbursements, including debit cards and payroll cards. The revision also allows the State Controller to pre-approve third-party gateway service providers that may be utilized to accommodate an agency's Web capture needs. The revised policy can be viewed at the following link: http://www.osc.nc.gov/SECP/SECP_Policies.html
10/02/2007 9:15am On September 18, AmbironTrustWave (ATW), the State's contracted Qualified Security Assessor (QSA) announced the change of their brand name to Trustwave. Whenever documentation on OSC's website refers to ATW, it now refers to Trustwave.
10/23/2007 5:00pm Effective October 12, 2007 a new "Schedule C - Visa and MasterCard's Interchange Qualification Data" becomes effective. See the link under the Merchant Card Master Services Agreement.
10/24/2007 8:00am

The online tool provided by SunTrust Merchant Services called "MyMerchantView" is being replaced by a new online tool called "ClientLine."  A series of Webinar sessions are being offered to explain ClientLine. The Webinars require registration.
10/25/2007 11:15am Wachovia Connection is currently unavailable. The problem is being worked on; however, at this time there is no current estimate for the resumption of normal service.
10/25/2007 1:15pm Wachovia Connection is now available.
10/31/2007 4:00pm The State Controller sent a memo to the chief fiscal officers of the three sectors of government regarding an E-Commerce Survey that is being required to be completed. The memo can be view at the following site. http://www.osc.nc.gov/SECP/SECP_Task_Force.html
11/27/2007 2:30pm The master services agreement with STMS has been amended to grant participants the option to truncate the cardholder account number that is printed on the merchant's copy of sales slips. The associated change has also been made to the policy entitled, "Security and Privacy of Data."   Click here to view the State Controller's memo pertaining to this change.

2006
8/17/2006 11:30am

The SECP site has been redesigned to reflect the changes in the Master Services Agreement provider and to offer more information about the program.
8/25/2006 3:00pm "Participants in the Master Services Agreement (MSA) for processing merchant cards have until October 31, 2006 to complete the tasks to transition to the new MSA with SunTrust Merchant Services. Three windows to convert have been established. The first window was from August 1 to August 25. The second window is from August 26 to September 26. The third window is from September 27 to October 26. Conversion by the 26th of a given month will result in the fees for that month being retroactive to the first day of that month. Delays in transitioning will result in a participant paying $.108 per transaction instead of $.04 per transaction. "
8/30/2006 12:40pm "There have been some changes in OSC's help desk operation, which is now called ""OSC Support Services Center."" Two trained analysts will be taking calls pertaining to SECP and assisting the user. If there are issues that need to be escalated to a second level analyst, the caller will be given a HEAT ticket number and the issue will be sent to the next level for resolution. When calling the Support Services Center, telephone 919-875-HELP (4357), choose Option 2 for SECP issues. "
9/26/2006 9:25am "A revised PCI Security Data Standard has been issued by the newly formed PCI Security Council. Version 1 has been enhanced and is being replaced by Version 1.1, effective September 7, 2006. There is a phase out period, and Version 1 may no longer be used for PCI DSS compliance validation after December 31, 2006. "
10/17/2006 11:45am "Since the inception of the State's arrangements with SunTrust Merchant Services, STMS has issued several versions of its ""Operating Guide,"" which is a critical component of the Master Services Agreement (MSA). The version of the Operating Guide that applies to participants of the the State's MSA dated August 1, 2006 is version OPSG801. The Operating Guide can be viewed on the OSC SECP Website on the page entitled, ""Merchant Card Master Services Agreement."" As specified by Section 3 of the ""Merchant Bankcard Services Agreement,"" all Participants are required to follow the procedures in the Operating Guide, and if there is any conflict between the terms of the ""Merchant Bankcard Services Agreement"" and the ""Operating Guide,"" the terms of the Agreement will govern. Should a different version of the Operating Guide apply in the future, the revised Guide will be posted on the OSC SECP Website. "
10/20/2006 9:45am The State's old contract with STMS for merchant card services expires October 31. Participants not yet transitioned to the new contract put into place August 1 must have their enrollment forms into OSC no later than October 26 in order to allow sufficient time for both OSC and DST to execute the forms prior to forwarding them to STMS.  Forms received by this date will result in the new pricing schedule being effective retroactive to October 1. Forms received by OSC after October 26 but prior to October 31, will be processed, but the new pricing schedule will not become effective until November 1.  Forms received after October 31, will be processed, but participants should be aware of the risk of services being discontinued by STMS.  If problems with obtaining PCI compliance are being experienced, the enrollment forms should still be submitted by the October 26 date, so the forms can be processed by OSC and DST timely.  Please contact OSC's Support Services Center at 919-875-4357 if assistance is needed in completing the enrollment forms.
11/03/2006 12:50pm All enrollment forms to convert to the new MSA with STMS that were received by OSC on or prior to October 26 were processed, which should result in the invoicing for the month of October reflecting the new price of $.04 per transaction. Participants should inspect their October invoices received from STMS to ascertain that STMS set the account up properly. Participants should notify OSC if the invoices appear to be incorrect. Enrollment forms received by OSC after October 26 were processed with the new rate becoming effective November 1.
11/16/2006 10:00am One of the negotiated enhancements of the new Master Services Agreement for merchant card processing was STMS agreeing to provide a second frame relay circuit  as a backup connection for the the Common Payment Service (CPS) gateway, instead of an ISDN line as the backup connection.  Effective November 13, the new frame relay connection was put into place as the primary backup.  As an extra measure of protection, the ISDN line will be retained as a secondary backup. This enhancement provides participants that use the CPS as their gateway with more reliability.


News Updates
Status Updates