Credit And Debit Card Collection Transactions
This chapter consolidates existing guidance and provides the requirements that federal entities must follow when collecting obligations via credit or debit card.
Section 7010—Scope and Applicability
This chapter applies to federal entities that collect or intend to collect obligations via credit or debit card (Card). Card acquiring services are provided by a financial institution that the Bureau of the Fiscal Service (Fiscal Service) designates as its financial agent. The financial agent credits and debits participating federal entities for all Card transactions initiated by federal entities or cardholders for (or in connection with) the collection of obligations. The financial agent may use the services of a merchant acquirer or processor to perform Card authorization, transaction processing or other services on behalf of the financial agent.
In addition to the requirements of this chapter, a federal entity also must comply with and be bound by the rules and regulations governing all credit and debit card transactions accepted by the federal entity (collectively, the Network Rules), any of which may be altered or amended periodically and without notice. A federal entity that fails to comply with any provision of the Network Rules may incur fines and penalties imposed by a network. In the event that the Network Rules conflict with federal law and/or the terms of this chapter, federal law and/or the terms of this chapter take precedence over the Network Rules. If the Network Rules simply provide more specificity or clarity regarding a provision of this chapter, the Network Rules are not to be deemed to conflict with this chapter. If there is an apparent conflict between this chapter and the Network Rules, please notify the Fiscal Service Program Contact.
Network Rules may include:
- The Visa U.S.A. Inc. By-Laws and Operating Regulations; the Visa International Operating Regulations; and any other rules, policies, or requirements of Visa or any of its subsidiaries or affiliates (collectively “Visa Rules”),
- The MasterCard Worldwide By-Laws and Operating Regulations and any other rules, policies, or requirements of MasterCard or any of its subsidiaries or affiliates (collectively “MasterCard Rules”),
- The American Express Card Acceptance Operating Rules,
- The Discover Network Operating Regulations,
- The Interlink Network and Maestro U.S.A. Network rules and regulations (collectively “National/International Networks”),
- The operating rules and regulations of various regional on-line debit card networks, Electronic Benefit Transfer (EBT) States, and EBT Processing Networks (collectively “Regional Networks”), and
- The rules and regulations issued by any other network for which Fiscal Service may determine to offer Card processing services. See the Fiscal Service website for information.
See, inter alia, 12 U.S.C. 90, 265, 266; 15 U.S.C. 1693o–2; 31 U.S.C. 321, 3301-3303, 3720.
Section 7020—Terms and Definitions
For terms and definitions related to this chapter, please view the TFM Glossary.
In order to accept Cards, a federal entity must establish a processing relationship with Fiscal Service by completing and submitting a Card Acquiring Service Application (CASA). Fiscal Service reviews the application and may approve or reject , based on factors such as the nature and amount of the collections for which the federal entity wishes to accept Cards. A federal entity may not engage in mail order, telephone order, delayed delivery, and/or eCommerce transactions unless approved by Fiscal Service. If a federal entity determines that a change in the collection process is needed, such as adding eCommerce or over-the-counter transactions, the federal entity must seek prior approval from Fiscal Service through the CASA process. Fiscal Service reserves the right to withhold Card processing services for a specific cashflow if Fiscal Service determines that it is not cost effective or in the public interest.
If a federal entity’s CASA is approved, the establishment of a card servicing account would ensue. To establish a card servicing account, the Financial Agent will assign an account series which consist of a Chain, Division, and Merchant Identification (MID) number to each new account. Locations and/or MID numbers can be added to an existing card servicing account which requires the completion, submission, and approval of a CASA. A federal entity must designate on its application an Authorizing Official, Chain, MID and Billing point of contact for each account. The roles and responsibilities of each card servicing point of contact type is defined below. The federal entity must inform the Fiscal Service Program Contact and Financial Agent of any changes to its organizations points of contact.
- Authorizing Official (AO) – The AO is the highest contact within the CAS hierarchy. The AO is a Supervisor or equivalent from the applying federal entity. During the CASA onboarding process, the AO sanctions the approval of any card servicing account and cannot be the submitter of the application. If the CASA applicant is a fully integrated contractor, the AO is still required to be a Supervisor or equivalent employed by the federal entity.
- Chain POC – The Chain POC is the first line contact within the CAS hierarchy. This contact will serve as the subject matter expert for the CAS program relationship. Due to the interactive partnership with the program, the Chain POC owns the role of lead liaison for any CAS program related projects, unless otherwise specified. The Chain POC should disseminate program related information and/or communications to federal entity representatives, as well as approve any modifications to the card servicing account.
- MID POC - The MID POC, also known as, the location level POC is the second line contact within the CAS hierarchy. This contact should be familiar with the day-to-day operations for the point-of-sale devices and/or software used under the card servicing chain. As a MID POC, a partnership should be formed with the Chain POC, if applicable, in order to adequately inform federal entity representation of any CAS program related information, updates or changes.
- Billing POC – The Billing POC is responsible for addressing any funding, operations or service-related questions pertaining to the card servicing account.
Rules for card servicing account modifications, if applicable, are as follows:
- If a federal entity requires processing for an additional collection activity, a new CASA must be submitted to Fiscal Service for approval.
- If a federal entity processes Cards and another of its locations would like to process obligations via Card, a new application must be submitted to Fiscal Service for approval.
- If a federal entity needs to change the Agency Location Code (ALC) to which deposits are reported, the federal entity must notify the Fiscal Service Program Contact.
See the Fiscal Service – Card Acquiring Service website for current forms and information.
All credits and debits to Federal entities are subject to review, audit, and correction by the Financial Agent, and any independent third party that has the authority to conduct such audits.
Section 7035— Card Servicing Contact Requirements
Section 7035.10 - Training of Key Personnel
Federal entities must review all Card collection processes and ensure that any staff and/or personnel assigned as the Chain (subject matter expert) and MID (location level) points of contact are properly trained to accommodate VISA, MasterCard, American Express, Discover, EBT, and debit cards, as appropriate. The Financial Agent offers training on its reporting tool, including such topics as reconciliation, reporting, and chargebacks. Federal entities must ensure that training is conducted in conjunction with the Financial Agent and that all appropriate personnel are set up with access to the Financial Agent’s reporting tool.
Federal entities may contact the Financial Agent to receive ad hoc assistance and training. Assistance and training may focus on how to reconcile Card activity daily, demonstrations on reporting capabilities, and how to operate or troubleshoot equipment, etc.
The Financial Agent may from time to time offer free training to federal entities as part of its usual customer services, including courses, presentations, and webinars provided by third-party contractors of the Financial Agent. By notifying federal entities of such training opportunities, Fiscal Service is not endorsing other products or services that the third party may offer.
Section 7035.20—Maintenance of Federal Entity Contacts
Each federal entity must promptly inform Fiscal Service of changes in personnel assigned as the Authorizing Official, Chain, MID or Billing points of contact to ensure continued communications between Fiscal Service and the federal entity. Each federal entity should submit personnel contact changes to the Fiscal Service Program Contact at CardAcquiringService@fiscal.treasury.gov and identify the individual that has been replaced or removed and the name and contact information for the new individual. In the subject line of the email, each federal entity should indicate “POC Addition” or “POC Change,” as applicable.
Section 7040—Honoring of Cards and Surcharges
7040.10—Honoring of Cards
Federal entities must honor all valid Cards within the appropriate categories of acceptance when properly presented as payment from cardholders. Federal entities must not:
- Try to dissuade a cardholder from using any Card,
- Criticize or mischaracterize any Card, services, or programs,
- Try to persuade or prompt cardholders to use any particular Card, or
- Engage in activities that harm the business or brand of Visa, MasterCard, American Express, or Discover or any applicable PIN Debit network.
A federal entity must not directly or indirectly require any cardholder to pay a surcharge or cash discounting in connection with a transaction unless required by law or specified by the Fiscal Service. Additionally, a federal entity cannot charge or add a fee to the transaction amount when accepting a Card for payment.
Section 7045—Service Marks
7045.10-Use of Service Marks
Federal entities must display Visa, MasterCard, American Express, Discover and Contactless promotional materials, in the same manner, at the points of interaction to indicate that all Cards are honored. The service marks should be placed near the entrance of the federal entity or posted on a website. No service or word marks for a specific Card type should be omitted when creating any promotional, printed, or broadcast material. All four card brands word marks on promotional, printed, or broadcast materials must be shown in the same manner, to indicate Cards are acceptable for payment.
Section 7050—Validation, Authorization and Settlement
Card Present Transactions – When the cardholder physically interacts with the payment machinery (e.g., terminal, kiosks, mobile devices) and the electronic data is captured at the time of the sale transaction, this is a card present transaction. Federal entities are not required to validate or enforce the validation of signatures or additional identification for card present sales transactions.
eCommerce/Card Not Present Transactions - When the cardholder is not physically present for the actual transaction, the federal entity must require the card validation code, the CVV2 for Visa Cards, the CVC2 for MasterCard Cards, and the CID for American Express and Discover Cards. These card security codes are security features for credit and debit card transactions, providing increased protection against Card fraud. The cardholder’s address and postal zip code shall be sent on all eCommerce and card not present transactions for validation by the card issuers. Federal entities should use the verification responses from the issuer of the Card in their decision to accept or decline a transaction.
Federal entities must obtain authorization for each sales transaction, for the total amount of the transaction. An authorization code indicates the availability of a cardholder’s credit or funds at the time the authorization is obtained.
If a sales transaction is not authorized, a federal entity must not complete the sale. A declined sales transaction is originated from the bank that issued the card.
A federal entity may not present to the Financial Agent, either directly or indirectly, any sales draft or credit draft that was not originated as a result of an act between the cardholder and the federal entity.
Authorization must be obtained through the terminal, unless there is a loss of terminal connectivity. Federal entities should first obtain the authorization electronically by allowing the terminal to read the card information from the Europay, MasterCard, Visa (EMV) chip or magnetic stripe. If the Card account number is not able to be read electronically from the EMV chip or magnetic stripe, the federal entity must manually key enter the card account number and expiration date into the terminal and must obtain an imprint of the Card. The cardholder must sign the draft with the imprint.
If a terminal loses connectivity so that authorization cannot be obtained either electronically or manually through the terminal, the federal entity must call the Financial Agent’s voice authorization telephone number and must obtain a valid authorization. The federal entity should document the authorization code along with the card number. When the terminal’s connectivity is restored, the federal entity must manually enter the transaction information directly into the terminal as a force post item.
The federal entity should retain an imprinted paper slip in accordance with the requirements in Section 7070—Retention and Storage of Card Data/Payment Card Industry Data Security Standard
The Financial Agent is authorized to credit and debit a federal entity for any sums due to and from the federal entity. A federal entity must deposit only transaction receipts that result from cardholder transactions with that federal entity.
Any federal entity that transmits completed batches to the Financial Agent must do so within one calendar day after completion of the Card transaction. This requirement does not apply:
- Until the goods are shipped or the services are performed, unless the cardholder agrees to a delayed delivery of the goods or services at the time of the transaction, or
- If the federal entity has requested and received authorization for delayed presentment, in which case the authorization number and the words “Delayed Presentment” must be legibly noted on the transaction receipt.
Section 7055—Card Compliance
Federal entities may not establish a minimum transaction amount as a condition for honoring a Card. This applies to credit and debit card transactions. Fiscal Service may allow or establish a minimum transaction amount in certain circumstances for security reasons or to meet a federal entity business or operating need.
Debit card collections have no individual transaction maximum. This is the contrary for credit card and intra-governmental collections. Federal entities must limit their credit card and intra-governmental card collections so that individual transactions are no more than $24,999.99.
Effective October 1, 2022, the threshold for intra-governmental card collections will decrease so that individual transactions are no more than $10,000.00.
If the federal entity’s cashflow and/or collection obligation includes individual transactions greater than the thresholds outlined within this Chapter, the federal entity should use another electronic collection alternative. Available electronic alternatives include debit cards, Automated Clearing House debits or credits, and Fedwire transactions.
Any individual credit card or intra-governmental card transaction greater than the outlined thresholds will be rejected. Individual transactions greater than the outlined threshold may not be split into two or more transactions over one or multiple days. Splitting a transaction violates Network Rules and this Chapter of the TFM. If a customer attempts multiple transactions on the same day, with the same Card [at the same Federal entity and/or Locations], those transactions causing the total charge to exceed the limits outlined within this Chapter will be rejected.
Federal entities must change any regulations, policies, or other procedural documents to reflect the policies set forth in this Section. Additionally, Federal entities must reinforce this policy in communications with customers which should reference collection alternatives to Card payments. Adherence to the section of this Chapter will result in non-compliance.
7055.30—Prohibition on Splitting Transactions
Federal entities accepting payment by Card from customers who owe an amount on a bill, debt, or other obligation due to the federal government should not structure an obligation with the purpose to evade the credit card transaction maximum of $24,999.99. Federal entities must prohibit the customer from splitting the total amount due into more than one payment transaction on one or more cards or on one or more days if the multiple transactions would cause the total charge to exceed the individual transaction maximum dollar amount. Splitting an amount owed into several payment transactions violates the Network rules and this Chapter of the TFM .
If the customer is a federal entity, the use of Card for payment should be avoided. The payment method of choice for federal entity-to-federal entity transactions should be an Intra-Governmental Payment and Collection (IPAC) or G-Invoicing. Refer to Section 7055.50 for additional information about IPAC and G-Invoicing.
Example of a SPLIT TRANSACTION – A customer was provided with an obligation from a federal entity for $48,000. The customer charges Card 1 for $24,999.99 and placed the remaining balance on Card 2 for $23,000.01. This is a split transaction as the customer used two credit cards to evade the transaction maximum amount of $24,999.99 on one specific obligation.
Example SOLUTION to split transactions - A customer was provided with an obligation from a federal entity for $48,000. The customer charges Card 1 for $24,999.99 and the remaining balance of $23,000.01 can be paid via cash, debit card or Automated Clearing House. If a federal entity, the customer should use IPAC.
7055.40—Multiple Sales Drafts and Partial Consideration
A federal entity must not use two or more sales drafts originated by the use of a single Card for the purpose of avoiding authorization for the whole amount. A federal entity must include all items of goods and/or services purchased in a single transaction in the total amount on a single sales draft, except in the following situations:
- For purchases in separate departments of a multiple-department store, and
- For partial payment transactions when the balance of the amount due is paid by the cardholder at the time of the transaction in cash, by check, with another Card, or any combination of these payment types.
7055.50—Intra-governmental Card Transactions
An intra-governmental (IGT) Card transaction is defined as a sale of goods or services, or collection of other obligation by one government federal entity from another government federal entity using a government-issued Card. Federal entity may accept Cards issued under the U.S. General Services Administration’s SmartPay contract for intra-governmental collections, if indicated on the federal entity application and approved in writing or via email by Fiscal Service.
Federal entities are encouraged to use an alternative to government-issued credit cards for IGT transactions, such as Intra-Governmental Payment and Collection (IPAC) and G-Invoicing.
- IPAC is a way for federal program agencies to transfer funds from one federal entity to another, using standardized descriptive data. For more details on IPAC, please follow this link: https://www.fiscal.treasury.gov/ipac/.
- G-Invoicing is the long-term solution for Federal Program Agencies (FPAs) to manage their intragovernmental (IGT) Buy/Sell transactions. G‑Invoicing helps (or will help) agencies and their trading partners:
- Negotiate and accept General Terms and Conditions (GT&C) agreements,
- Broker orders,
- Exchange performance information, and
- Validate settlement requests through IPAC.
For more information on G-invoicing please visit https://fiscal.treasury.gov/g-invoice/.
Federal entities are solely responsible for all fees associated with processing intra-governmental transactions, including interchange, processing fees and Network charges. Fiscal Service is not liable for any charges or cost incurred through a federal entity’s participation in an intra-governmental transaction. The Financial Agent directly invoices each federal entity for such fees and charges monthly. The federal entity pays the Financial Agent directly within 30 calendar days of the receipt of the invoice. In the event a federal entity fails to pay the Financial Agent on a timely basis, Fiscal Service, in its sole discretion, may pay the Financial Agent the amount owed by the federal entity and the federal entity authorizes Fiscal Service to obtain equivalent funds from the federal entity via the IPAC system to reimburse Fiscal Service. In such event, Fiscal Service provides the federal entity with information supporting the IPAC transfer. Fiscal Service reserves the right to require federal entities to use the Fiscal Service’s Internet Payment Platform, G-Invoicing or IPAC to process intra-governmental transactions rather than allow these transactions to be conducted with a government-issued Card.
Failure to pay the interchange, processing fees and Network charges associated with intra-governmental transactions may subject a federal entity to the CAS Program Non-Compliant Notice and Suspension of Service Process set forth in section 7075 of this Chapter.
7055.60—Federal Entity Compliance
The Financial Agent, either itself or through its merchant acquirer or processor, will reject any Card transactions that would cause the total charge to exceed the individual transaction maximum dollar amount. Federal entities are responsible for working with their customers that are splitting transactions to avoid violation of compliance with Fiscal Service maximum transaction dollar amount.
Fiscal Service and its Financial Agent will monitor federal entity compliance with the prohibition on splitting transactions. Fiscal Service and its Financial Agent may provide assistance to federal entities not in compliance or that request guidance.
Section 7060—Dispute Processing: Retrieval Requests and Chargeback Processing
Federal entities must respond to a retrieval request for a draft within 10 calendar days. If a federal entity does not submit a complete response within 30 calendar days of the network receipt of the draft retrieval, the draft retrieval can turn into an automatic chargeback, which the federal entity has no right to represent. This chargeback results in a loss of funds to the federal entity.
Federal entities are debited automatically for any chargebacks submitted by a network to the Financial Agent. A federal entity must respond to a chargeback within 15 calendar days. If a federal entity does not submit a complete and proper response to the chargeback within 45 calendar days, the chargeback is finalized, resulting in a loss of funds to the federal entity.
Federal entities shall resolve any claims or complaints arising from Card transactions directly with cardholders. If the authorized Card issuer notifies the Financial Agent that the issuer’s cardholder has been unable to resolve any such claims or complaints through proper federal entity channels, the Financial Agent and the federal entity work together to resolve the claim or complaint. If a claim cannot be resolved, the Financial Agent debits the federal entity for the amount of the claim and provides the federal entity a copy of the debit advice and supporting documentation.
The Financial Agent maintains an online system that allows for the automation of the chargeback process, and the Financial Agent communicates directly with the federal entity through this system to obtain all information necessary to resolve disputes.
When a chargeback is properly completed, the Financial Agent debits the federal entity for the proper amount of the chargeback.
For a chargeback received for a transaction made on a foreign-issued Card, the chargeback amount may or may not match the amount of the original transaction due to the exchange rate conversion.
Any network fees imposed on the federal entity as a result of noncompliance with retrieval request or chargeback requirements may be passed through to the federal entity separately as a fine or may be included in the chargeback or miscellaneous adjustment amounts for which the federal entity is debited.
Section 7065—Disclosure and Display of Cardholder Information
7065.10— Truncation Requirements
Federal law and Network Rules prohibit printing more than the last four digits of a card number on a cardholder’s receipt. Failure to adhere to this requirement may result in fines or penalties. Federal entities are also prohibited from printing the card expiration date on the receipt. Both prohibitions apply to all cardholder receipts.
7065.20—Disclosure to Third Parties
Federal entities must not disclose a cardholder’s account information or any other personal information to third parties other than to the federal entity’s agents for the sole purpose of assisting the federal entity in completing the transaction or as specifically required by law.
Suspicious requests for account information should be reported immediately. Contact the Fiscal Service Program Contact to report such request.
Section 7070—Retention and Storage of Card Data/Payment Card Industry Data Security Standard
7070.10—Retention and Storage of Card Data and Information
Federal entities are subject to a number of requirements, including the Payment Card Industry Data Security Standard and the data retention requirements set forth in the Network Rules, relating to the retention and storage of Card transaction data and cardholder information. Federal entities that fail to comply with the requirements of this section may be subject to network fines, and/or penalties, liabilities, or damages arising under federal law.
A federal entity must retain in its files at each federal entity terminal location or central location legible copies of each sales draft and credit draft for a period of at least 18 months for Visa, MasterCard, and Discover transactions and 24 months for American Express transactions. In addition, for any draft related to a contract for the delivery of services over an extended period of time, the federal entity must retain the draft for a period of 6 months following the date that the extended service period ends.
Federal entities must not store any Card numbers on a web server or otherwise maintain a database of Card numbers on a machine accessible from the internet or by unauthorized federal entity local area network users. Workstations where Card numbers are keyed or otherwise entered are to be secured from the internet via the appropriate firewall and networking configurations.
If a federal entity stores a customer’s card number for future use, a customer must opt in for this type of service. An option must be offered for a customer to log in to their account and remove this option at any time. It is recommended that when customers view their accounts online that Card numbers and expiration dates are truncated.
Federal entities may not retain the full content of any track on the back of a Card’s magnetic stripe, any EMV chip data, the CVV2/CVC2 or CID (the three or four digit code printed on the card), or the personal identification number (PIN) or encrypted PIN blocks subsequent to the authorization of a sales transaction or data transmitted via Near Field Communication (NFC). Federal entities must follow the Office of Management and Budget (OMB) Personally Identifiable Information (PII) guidelines located on the OMB website. Each federal entity should contact its legal counsel to identify the specific requirement for reporting to OMB.
Federal entities must immediately notify the Financial Agent, as well as the Fiscal Service Program Contact of any breaches of cardholder information.
7070.20—Payment Card Industry Data Security Standard (PCI DSS)
Federal entities must comply fully with the PCI DSS. The PCI DSS is an industry standard supported by all Card networks that applies to any entity processing, storing, or transmitting cardholder data. The PCI DSS contains security requirements to help protect against unauthorized intrusions and account data compromises.
The method of PCI DSS compliance validation required for each federal entity depends on the federal entity’s merchant level. There are four merchant levels established by the networks based on transaction volume calculated over a 12-month period. Fiscal Service and/or the Financial Agent notifies federal entities, via email, that meet the thresholds for Levels 1, 2, and 3, and provide specific guidance on validation requirements and associated time frames for compliance. Federal entities should consider themselves to be a Level 4, unless otherwise notified.
PCI DSS compliance is an ongoing process, not a one-time event. Federal entities must continuously assess their operations and fix any identified vulnerabilities, in addition to annual validation requirements. PCI DSS validation, compliance or security audits are not performed by Fiscal Service and where applicable, may result in expenses to your federal entity.
PCI DSS requirements are an addition to, and do not replace, federal entity requirements under the Federal Information Security Management Act of 2002 (FISMA) or any National Institute of Standards and Technology (NIST) guidelines. Questions about PCI DSS or the associated requirements should be directed to the federal entities Fiscal Service Program Contact.
Transaction volume per year:
More than 6 million transactions in one card brand
1 to 6 million transactions in one card brand
20,000 to 1 million Visa or MasterCard e-commerce transactions
Any merchant that has suffered a hack or an attack that resulted in an account data compromise
Any merchant that any card association determines to be a Level 1
Section 7075 – Rules of Non-Compliance
7075.10—Failure to Respond
Unless otherwise specified in this chapter, each federal entity must respond to any written or email inquiry or instruction from Fiscal Service or the Financial Agent relating to the federal entity’s use of Card acquiring services within a period of 30 calendar days from the date of receipt, or as specified in the inquiry. Fiscal Service may suspend or discontinue services provided to a federal entity under this chapter if the federal entity fails to respond timely to inquiries or instructions (see Section 7075.30: CAS Program Non-Compliance Notice and Suspension of Service Process).
7075.20—Fines and Penalties
A federal entity that fails to comply with any provision of the Network Rules may incur fines and penalties imposed by a network. The networks have developed several programs designed to mitigate fraud and curb chargebacks. Such programs include but are not limited to the monitoring of chargeback rates, improper Card acceptance, improper processing of declined transactions, and abnormal fraud or counterfeit sales activity. In the event that a federal entity fails to comply with any Network Rules, the federal entity is subject to operating procedures, modification requirements, fines, and/or termination of the federal entity’s right to accept Card transactions. Federal entities have full responsibility for any fines, fees, penalties, and/or operating procedures modifications levied by a network in accordance with merchant monitoring programs.
If a fine is imposed on a federal entity, the federal entity must remit the amount of the fine to the Financial Agent within 30 calendar days of notification of the fine. In the event that the federal entity fails to pay the Financial Agent on a timely basis, Fiscal Service, in its sole discretion, may pay the Financial Agent the amount owed by the federal entity and the federal entity authorizes Fiscal Service to obtain equivalent funds from the federal entity via the Intra-governmental Payment and Collection (IPAC) system to reimburse Fiscal Service. In such event, Fiscal Service provides the federal entity with information supporting the IPAC transfer.
7075.30—CAS Program Non-Compliance Notice and Suspension of Service Process
Federal entities using CAS must abide by all Network Rules and the policies specified in this chapter of the Treasury Financial Manual (collectively “CAS Program Rules”). Federal entities that fail to follow all applicable CAS Program Rules are subject to being placed on notice of non-compliance. The CAS Program Non-Complaint Notice Process includes the following steps:
- CAS may send an initial notice of non-compliance (the Initial Notice of Non-Compliance) to the federal entity deemed out of compliance with CAS Program Rules. CAS will make reasonable efforts to send such Initial Notice of Non-Compliance within 45 calendar days following the first date on which CAS identified the CAS Program Rule violation. The Initial Notice of Non-Compliance may identify, among other pieces of information, the specific rule violation, the cashflow(s) to which the violation applies, a brief explanation of why the federal entity is deemed to be non-compliant, and the time frame in which CAS expects the federal entity to become compliant. Federal entities must provide CAS with a written acknowledgement of receipt of an Initial Notice of Non-Compliance within 15 business days from the date of receipt of such Initial Notice.
- If a federal entity does not comply with the CAS Program Rule violations identified in the Initial Notice of Non-Compliance within 45 calendar days after receiving the Initial Notice of Non-Compliance, CAS may send a subsequent notice (the Follow-up Notice of Non-Compliance) to the non-compliant federal entity. The Follow-up Notice of Non-Compliance may identify the information set forth in the Initial Notice of Non-Compliance, and actions CAS may take if the non-compliant federal entity does not become compliant with CAS Program Rules within the time frame allotted. Federal entities must provide CAS with a written acknowledgement of receipt of a Follow-up Notice of Non-Compliance within 7 business days from the date of receipt of such Follow-up Notice.
- If a federal entity does not become compliant with CAS Program Rules within the time frame specified in the Follow-up Notice of Non-Compliance, CAS reserves the right to take any action specified in the Follow-up Notice of Non-Compliance, which may include suspending the provision of Card acquiring services to the non-compliant federal entity for those cashflows deemed non-compliant. If CAS, in its sole discretion, determines that suspension of Card acquiring services is appropriate given the circumstances, CAS may send the non-compliant federal entity a final notice of non-compliance (a Final Notice of Non-Compliance) which may identify the information set forth in the Follow-up Notice of Non-Compliance, the dates of prior communications with the federal entity regarding the Rule violation, and the date on which Fiscal Service will suspend Card acquiring services. If CAS decides to suspend Card acquiring services, such decision will be considered final and non-appealable. If a federal entity desires to reactivate a cashflow for which Fiscal Service has suspended Card acquiring services, the federal entity must submit a new CASA in accordance with Section 7030 of this Chapter.
Section 7080—Prohibition of Using Credit Cards for Debt Repayment Obligations
The Network Rules generally prohibit the use of credit cards as a means to pay debt obligations (this prohibition does not apply to the use of debit cards to pay debt obligations). Fiscal Service believes that this prohibition protects card-issuing banks from acquiring, through the credit card authorization process, debt obligations for which they are not the original underwriter. This protection is important to the issuing bank as it manages its own credit risk associated with its credit card product according to its own risk management principles and in compliance with regulatory guidelines.
Examples of debt obligations include but are not limited to: (1) loans (e.g., with a payment schedule and/or interest rate payment obligation); (2) obligations considered in arrears for lack of payment (whether held by the original party or acquired by a third party for the purpose of collection); or (3) late payment obligations triggered by the failure to pay an obligation timely (to include the amount of the obligation not paid timely).
A debt obligation does not include, among other obligations: (1) the purchase of a good or service (to include purchases in which full payment is expected within a period not exceeding 30 days and does not involve the payment of interest); or (2) an obligation established as a result of an “overpayment” which is due and payable in full within 30 days of notice to the payer.
These examples should not be considered all-inclusive of obligations that may be considered debt or non-debt. If a federal entity has a question around whether its collections constitute debt repayment for the purpose of credit card eligibility, please contact the Fiscal Service Program Contact.
Section 7085—Transaction Processing Procedures
7085.10—Processing Procedures for Signature Based Transactions
Before completing a Card transaction, a federal entity employee must determine, in good faith and to the best of his or her ability, that:
- The Card is valid on its face,
- The four digits printed below the account number are the same as the first four digits embossed on the card (for Visa and MasterCard Cards),
- If the Card bears a “valid from” date, that such date has passed, and
- If the Card bears a termination date, that such date has not expired.
The federal entity employee must examine one or more Card security features, if required by the Financial Agent or requested by the Card issuer, before accepting and processing a Card transaction.
7085.20—Processing Procedures for Mail Order, Telephone Order, Delayed Delivery, and eCommerce Transactions
Subject to the requirements set forth in Section 7050 – Validation, Authorization and Settlement, Federal entities may accept Cards over the internet (eCommerce), via telephone, or mail. An eCommerce transaction is defined as any transaction where cardholders initiated the sale by entering their card data over the internet. Card data and/or authorizations may not be accepted via email. A federal entity that accepts mail order, telephone order, delayed delivery, or eCommerce transactions assumes all risk associated with such transactions, including, but not limited to, fraudulent sales transactions.
The sales draft or transaction receipt must comply with the information outlined in Section 7100.
Federal entities must employ proper mechanisms to secure eCommerce based transactions, as described in NIST Special Publication 800-52 (revision 4). Any transaction where a secured session is not established with the cardholder’s web browser must not be completed.
If a federal entity accepts eCommerce transactions, the following information must be disclosed on the federal entity’s website:
- Complete description of goods, services, or collections,
- Returned merchandise and refund policy,
- Transaction currency,
- Customer service contact, including email address and/or telephone number,
- Export or legal restrictions (if applicable),
- Delivery policy,
- Disclosure of merchant outlet country on the same screen as the checkout screen or during the checkout process,
- Security method for the transmission of payment data.
7085.30—Processing Procedures for PIN-Based Transactions
Federal entities' Point-of-Sale (POS) terminal equipment, and related transaction equipment such as electronic cash registers operating through an integrated POS system or value-added reseller (VAR), must be fully compatible with the processing requirements of the Financial Agent, or its designated processor, and must be able to directly send, receive, and process information, on-line authorizations, and daily on-site reconciliation for the balancing of closeout procedures.
Federal entity POS terminal equipment must be situated to permit cardholders to input their PINs without revealing them to other persons, including federal entity personnel and surveillance equipment. The PIN must never be stored or displayed to any cardholder. The PIN must be immediately encrypted and must remain encrypted for transmission until received by the Financial Agent. Federal entity POS terminal equipment must comply with the Data Encryption Standards required by National/International and Regional Networks.
A federal entity is not permitted to complete any POS debit Card transaction via the federal entity POS terminal, that has not been authorized on-line by the Financial Agent and/or the National/International or Regional Network.
Section 7090—Returned Merchandise
A federal entity must not process a credit to a Card upon the return of merchandise unless the cardholder previously purchased the merchandise using the same Card. The refund or adjustment indicated on the credit draft must not exceed the original transaction amount. If any merchandise is accepted for return, or any services are terminated or canceled, or price adjustment is allowed by the federal entity, the federal entity must not make any cash refund to the cardholder and, instead, must process a credit draft to the cardholder’s account evidencing such refund or adjustment, unless required by law. Authorization is not required when a refund is given to a cardholder. In the event that the account is closed, the federal entity should still process the return to the original Card. In the event that the customer used a prepaid or “gift card” to make the original purchase and states that he or she no longer has the original Card in his or her possession, the federal entity may issue a cash refund to the cardholder.
A federal entity may limit its acceptance of returned merchandise provided that proper disclosure is made by the federal entity. Proper disclosure by the federal entity is determined to have been given at the time of the transaction if:
- The federal entity informs the cardholder orally of its return policy, and
- The federal entity’s return policy is clearly stated on the sales draft. The return policy on the sales draft should have the following words or similar wording legibly printed on all copies of the sales draft, in capital letters at least ¼ inch high and in close proximity to the space provided for the cardholder’s signature or invoice being presented to the cardholder for signature:
- “NO REFUND, ALL SALES FINAL”—For any federal entity that does not accept merchandise in return or exchange and does not issue refunds to cardholders.
- “EXCHANGE ONLY”—For any federal entity that only accepts merchandise in immediate exchange for similar merchandise of a price equal to the amount of the original transaction.
- “IN-STORE CREDIT ONLY”—For any federal entity that accepts merchandise in return and delivers to the cardholder an in-store credit equal to the value of the merchandise returned that may be used only in the federal entity’s place(s) of business.
Section 7095—Cash Payment/Cash Disbursement/Cash Deposit
A federal entity may not receive any payments from a cardholder with respect to charges for merchandise and/or services that are included on a previous sales draft resulting from the use of a Card.
Federal entities that accept PIN debit transactions may be required by certain networks to offer cashback services to cardholders. Except in connection with a PIN debit cashback transaction, an federal entity may not disburse cash to a cardholder and then process such activity as a Card sales transaction, nor may an federal entity process a money order or wire transfer transaction for a cardholder and then process such activity as a card sales transaction.
Federal entities may not accept cash, checks, or other negotiable instruments from any cardholder and forward a credit through a National/International or Regional Network, as a payment of deposit to an account maintained by the cardholder.
Section 7100—Delivery of Sales Drafts
A federal entity must deliver to the cardholder a true and completed copy of the sales draft evidencing a transaction involving use of a Card. This copy must be delivered at the time of the delivery of the goods and/or performance of the services, or, for transactions initiated at POS terminals, at the time of the transaction. The cardholder must not be required to sign a sales draft until the final transaction amount is known and indicated in the “total” column.
The sales draft must include all required information by the Card brands:
American Express: https://icm.aexp-static.com/content/dam/gms/en_us/optblue/us-mog.pdf
Federal entities accepting eCommerce Card transactions must produce a sales draft receipt.
All sales drafts must comply with the truncation requirements regarding Card numbers and expiration dates on receipts described in Section 7065 – Disclosure and Display of Cardholder Information.
A federal entity must not issue a credit when there is no corresponding charge. Federal entities must ensure that the same information required to be provided on a sales draft (see Section 7100) is entered legibly on each credit draft.
7100.20—Delivery of Non-electronic Sales Drafts and Credit Drafts (Short-Term Contingency Only)
A Card presented for payment must be inserted through a terminal. Federal entities should not deliver non-electronic sales drafts and credit drafts to the Financial Agent.
Guidelines for authorizing transactions manually when the terminal cannot read the Card electronically, and when terminal connectivity is down, are provided in Section 7085.
Section 7105—Equipment, Supplies, and Third-Party Software
Federal entities are responsible for purchasing point-of-sale terminals and related equipment and supplies. A federal entity may purchase terminals and supplies either directly from the Financial Agent or from another source of the federal entity’s choosing, provided that any terminal or device purchased by the federal entity meets the requirements of the Financial Agent and Fiscal Service. Federal entities may contact the Financial Agent’s help desk or Fiscal Service Program Contact to obtain information about supported products and pricing. Federal entities should check with the Financial Agent before purchasing equipment from a third party. The Federal entity assumes all risk associated with the use of equipment or supplies that are not provided by the Financial Agent.
If a federal entity elects to purchase terminals or supplies from the Financial Agent, the Financial Agent generally provides the requested equipment and related supplies with same-day shipping for all equipment orders that are received by 3 p.m. ET and all supply orders that are received by 12 p.m. ET.
Each federal entity is directly responsible for the acquisition and cost of the POS terminals and related supplies and makes the payment directly and timely to the Financial Agent or third-party provider, as applicable. All costs for equipment ordered from the Financial Agent are quoted and must be approved by the federal entity before ordering.
If a federal entity elects to purchase terminals or supplies from the Financial Agent and payment is not made at the time of purchase with a credit card, the Financial Agent directly invoices the federal entity for such costs at the end of the month. Invoicing is done at the established account level for the federal entity with the Financial Agent, not at a location or merchant ID level. Federal entities are responsible for providing billing contact information on their application and updating such information as necessary. A federal entity must pay the Financial Agent directly for any invoiced amounts within 30 calendar days of the receipt of an invoice.
A federal entity must seek a replacement terminal within three calendar days of its inability to process transactions and deposits. If the federal entity elects to seek a replacement for a broken terminal purchased from the Financial Agent, the Financial Agent may advise on a suitable replacement terminal. If a lower cost replacement terminal is provided, the federal entity must return the broken equipment to the Financial Agent within 30 calendar days and according to the instructions provided. Failure to return the equipment or failure to follow the correct instructions provided may result in the federal entity being charged for the full retail price of the equipment. All costs for equipment are quoted and must be approved by the federal entity before ordering.
Federal entities also are responsible for any and all costs associated with the use of third-party software or applications for Card processing. A federal entity may purchase and use software or applications from a third- party source of the federal entity’s choosing, if it meets the requirements of the Financial Agent and Fiscal Service. Federal entities may contact the Financial Agent or Fiscal Service Program Contact to obtain information about supported products or applications. Federal entities are encouraged to evaluate using Pay.gov instead of third-party software or applications.
Federal entities choosing to use third-party products or applications are responsible for costs associated with switching products or applications as directed by Fiscal Service in order to meet Fiscal Service’s or the Financial Agent’s processing requirements.
Fiscal Service may from time-to-time review the additional costs associated with processing of Card transactions and, at its discretion, decide to charge the federal entity through its Financial Agent. Fiscal Service will provide advance notification to federal entities of any such changes. Such costs include, but are not limited to, communication fees and costs of federal entity-requested reporting or special connections.
In the event the federal entity fails to pay an amount owed under this section to the Financial Agent on a timely basis, Fiscal Service, in its sole discretion, may pay the Financial Agent the amount owed by the federal entity and the federal entity authorizes Fiscal Service to obtain equivalent funds from the federal entity via the IPAC system to reimburse Fiscal Service. In such event, Fiscal Service provides the federal entity with information supporting the IPAC transfer.
Direct questions regarding this chapter to:
U.S. Department of the Treasury
Bureau of the Fiscal Service
Settlement Services Division
3201 Pennsy Drive, Building E
Landover, MD 20785
Financial Agent Contact/Help Desk assistance, call 866-914-0558
Summary of Updates in this Release
|Summary of Change|
|All||Extensive changes made throughout chapter.|
|Several||Added verbiage to comply with TFM chapter template.|