Treasury Financial Logo

Chapter 7000


pdf-icon PDF Version
(Click here to download Adobe Acrobat Reader)

This Treasury Financial Manual (TFM) chapter consolidates existing guidance and provides the requirements that federal agencies must follow when collecting obligations via credit or debit card.

For terms and definitions related to this chapter, please view the TFM Glossary

Section 7010—Scope, Applicability, and Network Rules

This chapter applies to federal agencies that are collecting or intend to collect obligations via credit or debit card (Card). Card acquiring services are provided by a financial institution that the Bureau of the Fiscal Service (Fiscal Service) designates as its Financial Agent. The Financial Agent credits and debits participating agencies for all Card transactions initiated by agencies for the collection of obligations. The Financial Agent may use the services of a merchant acquirer or processor to perform Card authorization, transaction processing or other services on behalf of the Financial Agent.

In addition to the requirements of this chapter, an agency also must comply with and be bound by the rules and regulations governing all debit and credit card transactions accepted by the agency (collectively, the Network Rules), any of which may be altered or amended periodically and without notice. Network Rules may include:

  • The Visa U.S.A. Inc. By-Laws and Operating Regulations; the Visa International Operating Regulations; and any other rules, policies, or requirements of Visa or any of its subsidiaries or affiliates (collectively “Visa Rules”);
  • The MasterCard Worldwide By-Laws and Operating Regulations and any other rules, policies, or requirements of MasterCard or any of its subsidiaries or affiliates (collectively “MasterCard Rules”);
  • The American Express Card Acceptance Operating Rules;
  • The Discover Network Operating Regulations;
  • The Interlink Network and Maestro U.S.A. Network rules and regulations (collectively “National/International Networks”);
  • The operating rules and regulations of various regional on-line debit card networks, Electronic Benefit Transfer (EBT) States, and EBT Processing Networks (collectively “Regional Networks”); and
  • The rules and regulations issued by any other network for which Fiscal Service may determine to offer Card processing services.

Agencies must follow and be bound by the Network Rules, as amended from time to time, except to the extent that the Network Rules conflict with federal law and/or the terms of this chapter. In the event of such a conflict, federal law and/or the terms of this chapter take precedence over the Network Rules. In the event that the Network Rules simply provide more specificity or clarity regarding a provision of this chapter, the Network Rules are not to be deemed to be in conflict with this chapter.

Section 7015—Authority

See, inter alia, 12 U.S.C. 90, 265, 266; 15 U.S.C. 1693o–2; 31 U.S.C. 321, 3301-3303, 3720.

Section 7020—Application

In order to accept Cards, an agency must establish a processing relationship with Fiscal Service by completing and submitting an application. Fiscal Service reviews the application to determine whether or not to approve it, based on factors such as the nature and amount of the collections for which the agency wishes to accept Cards. Fiscal Service reserves the right to withhold Card processing services for a specific cashflow if Fiscal Service determines that it is not cost effective or in the public interest.

An agency may not engage in mail order, telephone order, delayed delivery, and/or eCommerce transactions unless indicated on the agency application and subsequently approved by Fiscal Service. If an agency determines that a change in the collection process is needed, such as adding eCommerce transactions or over the counter transactions, the agency must seek prior approval from Fiscal Service through the application process.

The Financial Agent assigns an account number to each new account that an agency establishes. An agency must designate on its application a point of contact for each account. This point of contact is responsible for ensuring that proper reconciliation of Card activity occurs at the organization. This point of contact also must ensure that all correspondence from the Financial Agent and Fiscal Service is properly disseminated and/or that suitable action is taken within appropriate time frames. The Financial Agent should be notified promptly of any changes in the agency point of contact.

If an agency requires processing for an additional collection activity or at another of the agency’s locations, an application must be submitted to Fiscal Service for approval. Multiple locations may be requested simultaneously using a worksheet supplied by Fiscal Service. If an agency needs to change the Agency Location Code (ALC) to which deposits are reported, the agency must notify Fiscal Service Program Contact.

See the Fiscal Service website for current forms and information.

Section 7025—Honoring of Cards and Surcharges

7025.10—Honoring of Cards

Agencies must honor all valid Cards within the appropriate categories of acceptance when properly presented as payment from cardholders. Agencies must not:

  • Try to dissuade a cardholder from using any Card;
  • Criticize or mischaracterize any Card, services, or programs;
  • Try to persuade or prompt cardholders to use any particular Card; or
  • Engage in activities that harm the business or brand of Visa, MasterCard, American Express, or Discover.


An agency must not directly or indirectly require any cardholder to pay a surcharge in connection with a transaction. Additionally, an agency cannot charge or add a fee to the transaction amount when accepting a Card for payment.

Section 7030—Use of Service Marks

Agencies must display the Visa, MasterCard, American Express, and Discover promotional materials, in the same manner, at the points of interaction to indicate that all Cards are honored. The service marks should be placed near the entrance of the agency or posted on a website. No service mark for a specific Card type should be omitted from the display requirements.

Agencies may use the Visa, MasterCard, American Express, and Discover word marks on promotional, printed, or broadcast materials, in the same manner, to indicate Cards are acceptable for payment. No word mark for a specific Card type should be omitted when creating any promotional, printed, or broadcast material.

Section 7035—Validation and Authorization


Agencies must validate all Card present transactions by ensuring the signature on the back of the Card matches the signature on the transaction receipt. In the absence of a signature, agencies should validate the cardholder with proper identification and should require the cardholder to sign the back of the Card in their presence.

When the cardholder is not physically present for the actual transaction, the agency may, at its option, require the card validation code, the CVV2 for Visa Cards, the CVC2 for MasterCard Cards, and the CID for American Express and Discover Cards. These card security codes are security features for credit and debit card transactions, providing increased protection against Card fraud. Agencies should use the verification responses from the issuer of the card in their decision to accept or decline a transaction.

Refer to Section 7090 for more information on Card validation procedures.


Agencies must obtain authorization for each sales transaction for the total amount of the transaction. An authorization code indicates the availability of a cardholder’s credit or funds at the time the authorization is obtained.

If a sales transaction is not authorized, an agency must not complete the sale. A declined sales transaction is originated from the bank that issued the card.

Authorization must be obtained electronically, except if there is a loss of terminal connectivity. If the Card account number is not able to be read electronically from the magnetic stripe, the agency must manually key enter the Card account number and expiration date into the terminal and must obtain an imprint of the card. The cardholder must sign the draft with the imprint.

If a terminal loses connectivity so that authorization cannot be obtained either electronically or manually through the terminal, the agency must call the Financial Agent’s voice authorization telephone number and must obtain a valid authorization. The agency should write the authorization code on the manual imprinter slip, and then the Card must be imprinted and signed by the customer. When the terminal’s connectivity is restored, the agency must manually enter the transaction information directly into the terminal as a force post item.

The agency should retain an imprinted paper slip in accordance with the requirements in Section 7065.

An agency may not present to the Financial Agent, either directly or indirectly, any sales draft or credit draft that was not originated as a result of an act between the cardholder and the agency.

Section 7040—Settlement

The Financial Agent is authorized to credit and debit an agency for any sums due to and from the agency. An agency must deposit only transaction receipts that result from cardholder transactions with that agency.

Any agency that transmits completed batches to the Financial Agent must do so within one calendar day after completion of the Card transaction. This requirement does not apply:

  • Until the goods are shipped or the services are performed, unless the cardholder agrees to a delayed delivery of the goods or services at the time of the transaction; or
  • If the agency has requested and received authorization for delayed presentment, in which case the authorization number and the words “Delayed Presentment” must be legibly noted on the transaction receipt.

Section 7045—Limitations on Card Collection Transactions

7045.10—Transaction Maximums

Effective June 1, 2015, agencies must limit their credit card collections so that individual transactions are no more than $24,999.99. If the agency’s cashflow includes individual credit card transactions greater than $24,999.99, then the agency should use another electronic collection alternative for those transactions. Available electronic alternatives include Automated Clearing House debits or credits and Fedwire transactions.

Any individual credit card transaction greater than $24,999.99 will be rejected. Individual transactions greater than $24,999.99 may not be split into two or more transactions over one or multiple days. Splitting a transaction violates card network and Fiscal Service rules. For a customer that attempts multiple transactions on the same day with the same credit card, those transactions causing the total charge to exceed the limit of $24,999.99 will be rejected.

Agencies must change any regulations, policies, or other procedural documents to reflect the policies set forth in this Section. Additionally, agencies should reinforce this policy in communications with customers which should reference collection alternatives to Card payments.

Fiscal Service will revisit this policy periodically to review the maximum transaction dollar value limit as well as its application on a cashflow, program, agency, or other basis. Fiscal Service will be evaluating various applications of this policy with selected agencies in order to guide any future changes to this policy.

7045.20—Prohibition on Splitting Transactions

Federal agencies accepting payment by Card from customers who owe an amount on a bill, debt, or other obligation due to the federal government must prohibit the customer from splitting the total amount due into more than one payment transaction on one or more cards or on one or more days if the multiple transactions would cause the total charge to exceed the individual transaction maximum dollar amount. Splitting an amount owed into several payment transactions violates the Card network and Fiscal Service rules.

7045.30—Agency Compliance

The Financial Agent, either itself or through its merchant acquirer or processor, will reject any Card transactions that would cause the total charge to exceed the individual transaction maximum dollar amount. Agencies are responsible for working with their customers that are splitting transactions to avoid violation of compliance with Fiscal Service maximum transaction dollar amount.

Fiscal Service and its Financial Agent will monitor agency compliance with the prohibition on splitting transactions. Fiscal Service and its Financial Agent may provide assistance to agencies not in compliance or that request guidance.

Agencies should contact Fiscal Service’s Card Acquiring Service (CAS) at CardAcquringService@fiscal.treasury.gov if assistance is needed to comply with this Section 7045.

7045.40—Transaction Minimums

Agencies may not establish a minimum transaction amount as a condition for honoring a Card. This applies to credit and debit card transactions. Fiscal Service may allow or establish a minimum transaction amount in certain circumstances for security reasons or to meet an agency business or operating need.

Section 7050—Dispute Processing: Retrieval Requests and Chargeback Processing

7050.10—Retrieval Requests

Agencies should respond to a retrieval request for a draft within 10 calendar days if possible. If an agency does not submit a complete response within 30 calendar days of the network receipt of the draft retrieval, the draft retrieval can turn into an automatic chargeback, which the agency has no right to represent. This chargeback results in a loss of funds to the agency.

7050.20—Chargeback Processing

Agencies are debited automatically for any chargebacks submitted by a network to the Financial Agent. An agency should respond to a chargeback within 15 calendar days if possible. If an agency does not submit a complete and proper response to the chargeback within 45 calendar days, the chargeback is finalized, resulting in a loss of funds to the agency.

Agencies agree to resolve any claims or complaints arising from Card transactions directly with cardholders. If the authorized Card issuer notifies the Financial Agent that the issuer’s cardholder has been unable to resolve any such claims or complaints through proper agency channels, the Financial Agent and the agency work together to resolve the claim or complaint. If a claim cannot be resolved, the Financial Agent debits the agency for the amount of the claim and provides the agency a copy of the debit advice and supporting documentation.

The Financial Agent maintains an online system that allows for the automation of the chargeback process, and the Financial Agent communicates directly with the agency through this system to obtain all information necessary to resolve disputes.

When a chargeback is properly made, the Financial Agent debits the agency for the proper amount of the chargeback.

For a chargeback received for a transaction made on a foreign-issued Card, the chargeback amount may or may not match the amount of the original transaction due to the exchange rate conversion.

Any network fees imposed on the agency as a result of noncompliance with retrieval request or chargeback requirements may be passed through to the agency separately as a fine, or may be included in the chargeback or miscellaneous adjustment amounts for which the agency is debited.

Section 7055—Audits

All credits and debits to agencies are subject to review, audit, and correction by the Financial Agent, and any independent third party that has the authority to conduct such audits.

Section 7060—Disclosure and Display of Cardholder Information

7060.10—Disclosure to Third Parties

Agencies must not disclose a cardholder’s account information or any other personal information to third parties other than to the agency’s agents for the sole purpose of assisting the agency in completing the transaction or as specifically required by law. Suspicious requests for account information should be reported immediately to the agency’s point of contact at Fiscal Service.

7060.20—Receipt Truncation Requirements

Federal law prohibits printing more than the last four digits of a card number on a cardholder’s receipt. Failure to adhere to this law may result in statutory fines or penalties. Agencies are also prohibited from printing the card expiration date on the receipt. Both of these prohibitions apply to any cardholder receipt. In other words, the cardholder’s receipt should not contain the expiration date nor should it contain more than the last four digits of the Card number. Digits should be truncated using appropriate hash marks such as “x” or “*,” not by zeros. In addition, agencies should establish a plan to truncate this data on merchant copies of receipts as well. The truncation of merchant receipts is required by some states, and is an industry best practice. Agencies may be subject to network fines and/or statutory penalties for failure to comply with truncation requirements.

Section 7065—Retention and Storage of Card Data/Payment Card Industry Data Security Standard

7065.10—Retention and Storage of Card Data and Information

Agencies are subject to a number of requirements, including the Payment Card Industry Data Security Standard and the data retention requirements set forth in the Network Rules, relating to the retention and storage of Card transaction data and cardholder information. Agencies that fail to comply with the requirements of this section may be subject to network fines, and/or penalties, liabilities, or damages arising under federal law.

An agency must retain in its files at each agency terminal location or central location legible copies of each sales draft and credit draft for a period of at least 18 months for Visa, MasterCard, and Discover transactions and 24 months for American Express transactions. In addition, for any draft related to a contract for the delivery of services over an extended period of time, the agency must retain the draft for a period of 6 months following the date that the extended service period ends.

Agencies must not store any Card numbers on a web server or otherwise maintain a database of Card numbers on a machine accessible from the internet or by unauthorized agency local area network users. Workstations where Card numbers are keyed or otherwise entered are to be secured from the internet via the appropriate firewall and networking configurations.

If an agency stores a customer’s card number for future use, a customer must opt in for this type of service. An option must be offered for a customer to log in to their account and remove this option at any time. It is recommended that when customers view their accounts online that Card numbers and expiration dates are truncated.

Agencies may not retain the full content of any track on the back of a Card’s magnetic stripe, the CVV2/CVC2 or CID (the three or four digit code printed on the card), or the personal identification number (PIN) or encrypted PIN blocks subsequent to the authorization of a sales transaction. Agencies must follow the Office of Management and Budget (OMB) Personally Identifiable Information (PII) guidelines located on the OMB website. Each agency should contact its legal counsel to identify the specific requirement for reporting to OMB.

Agencies must immediately notify the Financial Agent as well as Fiscal Service Program Contact of any breaches of cardholder information.

7065.20—Payment Card Industry Data Security Standard (PCI DSS)

Agencies must comply fully with the PCI DSS. The PCI DSS is an industry standard supported by all Card networks that applies to any entity processing, storing, or transmitting cardholder data. The PCI DSS contains security requirements to help protect against unauthorized intrusions and account data compromises.

The method of PCI DSS compliance validation that is required for each agency depends on the agency’s merchant level. There are four merchant levels established by the networks based on transaction volume calculated over a 12-month period. Fiscal Service and the Financial Agent notify agencies that meet the thresholds for Levels 1, 2, and 3, and provide specific guidance on validation requirements and associated time frames for compliance. Agencies should consider themselves to be a Level 4, unless otherwise notified. Agencies should contact their Fiscal Service Program Contact or the Financial Agent with questions about the PCI DSS or the associated requirements.

PCI DSS compliance is an ongoing process, not a one-time event. Agencies need to continuously assess their operations and fix any identified vulnerabilities, in addition to annual validation requirements.

PCI DSS is in addition to agency requirements under the Federal Information Security Management Act of 2002 (FISMA) or any National Institute of Standards and Technology (NIST) guidelines. The PCI DSS standard is specific to Card processing and is an industry standard that applies to all agencies collecting obligations via Cards.

Section 7070—Training of Key Personnel

Agencies must review all Card collection processes and ensure that personnel assigned as business line (Chain) and location level (Merchant Identification Number) points of contact are properly trained to accommodate VISA, MasterCard, American Express, Discover, EBT, and debit cards, as appropriate. The Financial Agent offers training on its reporting tool, including such topics as reconciliation, reporting, and chargebacks. Agencies must ensure that training is conducted in conjunction with the Financial Agent and that all appropriate personnel are set up with access to the Financial Agent’s reporting tool.

Agencies may contact the Financial Agent to receive ad hoc assistance and training. Assistance and training may focus on how to reconcile Card activity daily, demonstrations on reporting capabilities, and how to operate or troubleshoot equipment, etc.

The Financial Agent may from time to time offer free training to agencies as part of its usual customer services, including courses, presentations, and webinars provided by third-party contractors of the Financial Agent. By notifying agencies of such training opportunities, Fiscal Service is not endorsing other products or services that the third party may offer.

Section 7070.10—Maintenance of Agency Contacts

Each agency should promptly inform Fiscal Service of changes in personnel assigned as Chain or Merchant Identification Number points of contact to ensure continued communications between Fiscal Service and the agency. Each agency should submit personnel contact changes to CardAcquiringService@fiscal.treasury.gov and identify the individual that has been replaced (if applicable) and the name and contact information for the new individual. In the subject line of the email, each agency should indicate “POC Addition” or “POC Change,” as applicable.

Section 7075—Disability Compliance

Agencies must comply with Section 508 of the Rehabilitation Act of 1973. Under Section 508 (29 U.S.C. 794d), agencies must give disabled employees and members of the public access to information that is comparable to the access available to others.

Section 508 covers the physical device or product used to gain authorizations, including internet, software gateways, terminal locations, and all equipment associated with providing the convenience of Card payment processing.

Section 7080—Failure to Respond

Unless otherwise specified in this chapter, each agency must respond to any written or email inquiry or instruction from Fiscal Service or the Financial Agent relating to the agency’s use of Card acquiring services within a period of 30 calendar days from the date of receipt, or as specified in the inquiry. Fiscal Service may suspend or discontinue services provided to an agency under this chapter if the agency fails to respond timely to inquiries or instructions (see Section 7090 below).

Section 7085—Fines and Penalties

An agency that fails to comply with any provision of the Network Rules may incur fines and penalties imposed by a network. The networks have developed several programs designed to mitigate fraud and curb chargebacks. Such programs include but are not limited to the monitoring of chargeback rates, improper Card acceptance, improper processing of declined transactions, and abnormal fraud or counterfeit sales activity. In the event that an agency fails to comply with any Network Rules, the agency is subject to operating procedures, modification requirements, fines, and/or termination of the agency’s right to accept Card transactions. Agencies have full responsibility for any fines, fees, penalties, and/or operating procedures modifications levied by a network in accordance with merchant monitoring programs.

If a fine is imposed on an agency, the agency remits the amount of the fine to the Financial Agent within 30 calendar days of notification of the fine. In the event that the agency fails to pay the Financial Agent on a timely basis, Fiscal Service, in its sole discretion, may pay the Financial Agent the amount owed by the agency and the agency authorizes Fiscal Service to obtain equivalent funds from the agency via the Intra-governmental Payment and Collection (IPAC) system to reimburse Fiscal Service. In such event, Fiscal Service provides the agency with information supporting the IPAC transfer.

Section 7090—CAS Program Non-Compliant Notice and Suspension of Service Process

Customer agencies using CAS must abide by all Network Rules and the policies specified in this chapter of the Treasury Financial Manual (collectively “CAS Program Rules”). Agencies that fail to follow all applicable CAS Program Rules are subject to being placed on notice of non-compliance. The CAS Program Non-Compliant Notice Process includes the following steps:

  1. CAS may send an initial notice of non-compliance (the Initial Notice of Non-Compliance) to the agency deemed out of compliance with CAS Program Rules. CAS will make reasonable efforts to send such Initial Notice of Non-Compliance within 45 calendar days following the first date on which CAS identified the CAS Program Rule violation. The Initial Notice of Non-Compliance may identify, among other pieces of information, the specific rule violation, the cashflow(s) to which the violation applies, a brief explanation of why the agency is deemed to be non-compliant, and the time frame in which CAS expects the agency to become compliant. Agencies must provide CAS with a written acknowledgement of receipt of an Initial Notice of Non-Compliance within 15 business days from the date of receipt of such Initial Notice.
  2. If an agency does not comply with the CAS Program Rule violations identified in the Initial Notice of Non-Compliance within 45 calendar days after receiving the Initial Notice of Non-Compliance, CAS may send a subsequent notice (the Follow-up Notice of Non-Compliance) to the non-compliant agency. The Follow-up Notice of Non-Compliance may identify the information set forth in the Initial Notice of Non-Compliance, and actions CAS may take if the non-compliant agency does not become compliant with CAS Program Rules within the time frame allotted. Agencies must provide CAS with a written acknowledgement of receipt of a Follow-up Notice of Non-Compliance within 7 business days from the date of receipt of such Follow-up Notice.
  3. If an agency does not become compliant with CAS Program Rules within the time frame specified in the Follow-up Notice of Non-Compliance, CAS reserves the right to take any action specified in the Follow-up Notice of Non-Compliance, which may include suspending the provision of Card acquiring services to the non-compliant agency for those cashflows deemed non-compliant. If CAS determines that suspension of Card acquiring services is appropriate given the circumstances, CAS may send the non-compliant agency a final notice of non-compliance (a Final Notice of Non-Compliance) which may identify the information set forth in the Follow-up Notice of Non-Compliance, the dates of prior communications with the agency regarding the Rule violation, and the date on which Fiscal Service will suspend Card acquiring services. If CAS decides to suspend Card acquiring services, such decision will be considered final and non-appealable. If an agency desires to reactivate a cashflow for which Fiscal Service has suspended Card acquiring services, the agency must submit a new CAS Application in accordance with Section 7020 of this chapter.

Section 7095— Interchange and Network Fee Definition

Interchange fees are fees paid to issuing banks for the acceptance of Card transactions. Network fees are fees paid to the network brands (e.g. Visa, Mastercard, Discover, American Express) for the routing of Card transactions through Card networks (e.g. Cirrus, PLUS, Money Pass, etc.)

Section 7100—Prohibition of Using Credit Cards For Debt Repayment Obligations

Card Network Rules generally prohibit the use of credit cards as a means to pay debt obligations (this prohibition does not apply to the use of debit cards to pay debt obligations). Fiscal Service believes that this prohibition protects card-issuing banks from acquiring, through the credit card authorization process, debt obligations for which they are not the original underwriter. This protection is important to the issuing bank as it manages its own credit risk associated with its credit card product according to its own risk management principles and in compliance with regulatory guidelines.

Examples of debt obligations include, but are not limited to: (1) loans (e.g., with a payment schedule and/or interest rate payment obligation); (2) obligations considered in arrears for lack of payment (whether held by the original party or acquired by a third party for the purpose of collection); or (3) late payment obligations triggered by the failure to pay an obligation timely (to include the amount of the obligation not paid timely).

A debt obligation does not include, among other obligations: (1) the purchase of a good or service (to include purchases in which full payment is expected within a period not exceeding 30 days and does not involve the payment of interest); or (2) an obligation established as a result of an “overpayment” which is due and payable in full within 30 days of notice to the payer.

These examples should not be considered all-inclusive of obligations that may be considered debt or non-debt, but represent Fiscal Service’s best assessment. If an agency has a question around whether its collections constitute debt repayment for the purpose of credit card eligibility, please contact CAS at: CardAcquiringService@fiscal.treasury.gov

Section 7105—Processing Procedures for Signature Based Transactions

Before completing a Card transaction, an agency employee must determine, in good faith and to the best of his or her ability, that:

  • The Card is valid on its face;
  • The four digits printed below the account number are the same as the first four digits embossed on the card (for Visa and MasterCard Cards);
  • If the Card bears a “valid from” date, that such date has passed;
  • If the Card bears a termination date, that such date has not expired;
  • The Card bears the signature of the cardholder; and
  • The cardholder’s signature has not been visibly altered.

The agency employee must examine one or more Card security features, if required by the Financial Agent or requested by the Card issuer, before accepting and processing a Card transaction.

The transaction receipt is to be signed in the agency employee’s presence, and the agency employee compares the signature on the transaction form to the signature on the Card to ascertain that they appear to be the same.

Note: The signature may, but need not be, the name embossed or printed on such Card. For American Express Cards, the agency must ensure that the Card is signed in the same name as the name on its face (except for prepaid cards that show no name on their face). If such identification is uncertain or if the agency employee questions the validity of the Card, the agency must call the Financial Agent’s authorization telephone number for instructions.

Section 7110—Processing Procedures for Mail Order, Telephone Order, Delayed Delivery, and eCommerce Transactions

Subject to the requirements set forth in Section 7020, agencies may accept Cards over the internet (eCommerce), via telephone, or mail. An eCommerce transaction is defined as any transaction where cardholders initiated the sale by entering their card data over the internet. Card data and/or authorizations may not be accepted via email. An agency that accepts mail order, telephone order, delayed delivery, or eCommerce transactions assumes all risk associated with such transactions, including, but not limited to, fraudulent sales transactions.

If a “signature” line is present on an eCommerce, mail order, or telephone order receipt, the type of transaction must be marked legibly on the “signature” line as follows:

  • “TO” for telephone order transactions;
  • “MO” for mail order transactions; or
  • “eCommerce” for electronic commerce transactions.

If an agency uses a terminal to process a sale over the phone, the signature line of the transaction receipt should be marked “TO” as indicated above.

The sales draft or transaction receipt must include the information listed in Section 70135.

Agencies must employ proper mechanisms to secure eCommerce based transactions, as described in NIST Special Publication 800-52. Any transaction where a secured session is not established with the cardholder’s web browser must not be completed.

If an agency accepts eCommerce transactions, the following information must be disclosed on the agency’s website:

  • Complete description of goods, services, or collections;
  • Returned merchandise and refund policy;
  • Transaction currency;
  • Customer service contact, including email address and/or telephone number;
  • Export or legal restrictions (if applicable);
  • Delivery policy;
  • Disclosure of merchant outlet country on the same screen as the checkout screen or during the checkout process;
  • Consumer data privacy policy; and
  • Security method for the transmission of payment data.

Section 7115—Processing Procedures for PIN-Based Transactions

Agencies' Agency Point-of-Sale (POS) terminal equipment, and related transaction equipment such as electronic cash registers operating through an integrated POS system or value-added reseller (VAR), must be fully compatible with the processing requirements of the Financial Agent, or its designated processor, and must be able to directly send, receive, and process information, on-line authorizations, and daily on-site reconciliation for the balancing of closeout procedures.

Agency POS terminal equipment must be situated to permit cardholders to input their PINs without revealing them to other persons, including agency personnel and surveillance equipment. The PIN must never be stored or displayed to any cardholder. The PIN must be immediately encrypted and must remain encrypted for transmission until received by the Financial Agent. Agency POS terminal equipment must comply with the Data Encryption Standards required by National/International and Regional Networks.

An agency is not permitted to complete any POS debit Card transaction, via the agency POS terminal, that has not been authorized on-line by the Financial Agent and/or the National/International or Regional Network.

Section 7120—Returned Merchandise

An agency must not process a credit upon the return of merchandise unless the cardholder previously purchased the merchandise using the same Card. The refund or adjustment indicated on the credit draft must not exceed the original transaction amount. If any merchandise is accepted for return, or any services are terminated or canceled, or price adjustment is allowed by the agency, the agency must not make any cash refund to the cardholder and, instead, must process a credit draft to the cardholder’s account evidencing such refund or adjustment, unless required by law. Authorization is not required when a refund is given to a cardholder. In the event that the account is closed, the agency should still process the return to the original Card. In the event that the customer used a prepaid or “gift card” to make the original purchase and states that he or she no longer has the original Card in his or her possession, the agency may issue a cash refund to the cardholder.

An agency may limit its acceptance of returned merchandise provided that proper disclosure is made by the agency. Proper disclosure by the agency is determined to have been given at the time of the transaction if:

  • The agency informs the cardholder orally of its return policy; and
  • The agency’s return policy is clearly stated on the sales draft that is signed by the cardholder. The return policy on the sales draft should have the following words or similar wording legibly printed on all copies of the sales draft, in capital letters at least ¼ inch high and in close proximity to the space provided for the cardholder’s signature or invoice being presented to the cardholder for signature:

--“NO REFUND, ALL SALES FINAL”—For any agency that does not accept merchandise in return or exchange and does not issue refunds to cardholders.

--“EXCHANGE ONLY”—For any agency that only accepts merchandise in immediate exchange for similar merchandise of a price equal to the amount of the original transaction.

--“IN-STORE CREDIT ONLY”—For any agency that accepts merchandise in return and delivers to the cardholder an in-store credit equal to the value of the merchandise returned that may be used only in the agency’s place(s) of business.

Section 7125—Cash Payment/Cash Disbursement/Cash Deposit

An agency may not receive any payments from a cardholder with respect to charges for merchandise and/or services that are included on a previous sales draft resulting from the use of a Card.

Agencies that accept PIN debit transactions may be required by certain networks to offer cashback services to cardholders. Except in connection with a PIN debit cashback transaction, an agency may not disburse cash to a cardholder and then process such activity as a Card sales transaction, nor may an agency process a money order or wire transfer transaction for a cardholder and then process such activity as a card sales transaction.

Agencies may not accept cash, checks, or other negotiable instruments from any cardholder and forward a credit through a National/International or Regional Network, as a payment of deposit to an account maintained by the cardholder.

Section 7130—Multiple Sales Drafts and Partial Consideration

An agency must not use two or more sales drafts originated by the use of a single Card for the purpose of avoiding authorization for the whole dollar amount. An agency must include all items of goods and/or services purchased in a single transaction in the total amount on a single sales draft, except in the following situations:

  • For purchases in separate departments of a multiple-department store; and
  • For partial payment transactions when the balance of the amount due is paid by the cardholder at the time of the transaction in cash, by check, with another Card, or any combination of these payment types.

Section 7135—Delivery of Sales Drafts

An agency must deliver to the cardholder a true and completed copy of the sales draft evidencing a transaction involving use of a Card. This copy must be delivered at the time of the delivery of the goods and/or performance of the services, or, for transactions initiated at POS terminals, at the time of the transaction. The cardholder must not be required to sign a sales draft until the final transaction amount is known and indicated in the “total” column. The sales draft must include the following information:

  • Truncated account number;
  • Truncated expiration date;
  • Name, city, and state of location;
  • Merchant number;
  • Sale amount;
  • Transaction date;
  • Payment brand (Visa, MasterCard, etc.);
  • Authorization code;
  • Space for cardholder to sign;
  • Balance of the cardholder’s prepaid account; and
  • Return policy (if restricted).

Agencies accepting eCommerce Card transactions also must include on the sales draft:

  • Transaction reference number;
  • Uniform Resource Locator (URL) where payment was made; and
  • Customer’s name.

All sales drafts must comply with the truncation requirements regarding Card numbers and expiration dates on receipts described in Section 7060.

Section 7140—Credit Drafts

An agency must not issue a credit when there is no corresponding charge. Agencies must ensure that the same information required to be provided on a sales draft (see Section 70135) is entered legibly on each credit draft.

Section 7145—Delivery of Non-electronic Sales Drafts and Credit Drafts (Short-Term Contingency Only)

A Card presented for payment must be swiped through a terminal. Agencies should not deliver non-electronic sales drafts and credit drafts to the Financial Agent.

Guidelines for authorizing transactions manually when the terminal cannot read the Card electronically, and when terminal connectivity is down, are provided in Section 7035.

Section 7150—Equipment, Supplies, and Third-Party Software

Agencies are responsible for purchasing POS terminals and related equipment and supplies. An agency may purchase terminals and supplies either directly from the Financial Agent or from another source of the agency’s choosing, provided that any terminal or device purchased by the agency meets the requirements of the Financial Agent and Fiscal Service. Agencies may contact the Financial Agent’s help desk or Fiscal Service Program Contact to obtain information about supported products and pricing. Agencies should check with the Financial Agent before purchasing equipment from a third party to ensure all requirements are met.

If an agency elects to purchase terminals or supplies from the Financial Agent, the Financial Agent generally provides the requested equipment and related supplies with same-day shipping for all equipment orders that are received by 3 p.m. ET and all supply orders that are received by 12 p.m. ET.

Each agency is directly responsible for the acquisition and cost of the POS terminals and related supplies and makes the payment directly and timely to the Financial Agent or third-party provider, as applicable. All costs for equipment ordered from the Financial Agent are quoted and must be approved by the agency before ordering.

If an agency elects to purchase terminals or supplies from the Financial Agent and payment is not made at the time of purchase with a credit card, the Financial Agent directly invoices the agency for such costs at the end of the month. Invoicing is done at the established account level for the agency with the Financial Agent, not at a location or merchant ID level. Agencies are responsible for providing billing contact information on their application and updating such information as necessary. An agency is required to pay the Financial Agent directly for any invoiced amounts within 30 calendar days of the receipt of an invoice.

An agency must seek a replacement terminal within three calendar days of its inability to process transactions and deposits. If the agency elects to seek a replacement for a broken terminal purchased from the Financial Agent, the Financial Agent will advise on a suitable replacement terminal. If a lower cost replacement terminal is provided, the agency must return the broken equipment to the Financial Agent within 30 calendar days and according to the instructions provided. Failure to return the equipment or failure to follow the correct instructions provided may result in the agency being charged for the full retail price of the equipment. All costs for equipment are quoted and must be approved by the agency before ordering.

Agencies also are responsible for any and all costs associated with the use of third-party software or applications for Card processing. An agency may purchase and use software or applications from a third- party source of the agency’s choosing, provided that it meets the requirements of the Financial Agent and Fiscal Service. Agencies may contact the Financial Agent or Fiscal Service Program Contact to obtain information about supported products or applications. Agencies are encouraged to evaluate using Pay.gov instead of third-party software or applications.

Agencies choosing to use third-party products or applications are responsible for costs associated with switching products or applications as directed by Fiscal Service in order to meet Fiscal Service’s or the Financial Agent’s processing requirements.

Fiscal Service may from time to time review the additional costs associated with processing of Card transactions and, at its discretion, decide to charge the agency through its Financial Agent. Fiscal Service will provide advance notification to agencies of any such changes. Such costs include, but are not limited to, communication fees and costs of agency-requested reporting or special connections.

In the event the agency fails to pay an amount owed under this section to the Financial Agent on a timely basis, Fiscal Service, in its sole discretion, may pay the Financial Agent the amount owed by the agency and the agency authorizes Fiscal Service to obtain equivalent funds from the agency via the IPAC system to reimburse Fiscal Service. In such event, Fiscal Service provides the agency with information supporting the IPAC transfer.

Section 7155—Intra-governmental Card Transactions

An intra-governmental Card transaction is defined as a sale of goods or services, or collection of other obligation by one government agency from another government agency using a government-issued Card. Agencies may accept Cards issued under the U.S. General Services Administration’s SmartPay contract for intra-governmental collections, if indicated on the agency application and approved in writing or via email by Fiscal Service.

Except in exceptional circumstances determined by Fiscal Service, each agency is solely responsible for all fees associated with processing the transaction, including interchange, processing fees and charges for intra-governmental transactions. Fiscal Service is not liable for any charges or cost incurred through an agency’s participation in an intra-governmental transaction. The Financial Agent directly invoices each agency for such fees and charges on a monthly basis. The agency pays the Financial Agent directly within 30 calendar days of the receipt of the invoice. In the event an agency fails to pay the Financial Agent on a timely basis, Fiscal Service, in its sole discretion, may pay the Financial Agent the amount owed by the agency and the agency authorizes Fiscal Service to obtain equivalent funds from the agency via the IPAC system to reimburse Fiscal Service. In such event, Fiscal Service provides the agency with information supporting the IPAC transfer. Failure to pay intra-governmental transactions may subject an agency to the CAS Program Non-Compliant Notice and Suspension of Service Process set forth in section 7090 of this chapter.

Fiscal Service reserves the right to require agencies to use the Fiscal Service’s Internet Payment Platform or IPAC to process intra-governmental transactions rather than allow these transactions to be conducted with a government-issued Card.


Direct questions regarding this chapter to:

Department of the Treasury
Bureau of the Fiscal Service
Settlement Services Division
3201 Pennsy Drive, Building E
Landover, MD 20785
Email: CardAcquiringService@fiscal.treasury.gov

Financial Agent Contact/Help Desk assistance, call 866-914-0558 


Summary of Updates

Section No.

Section Title

Summary of Change
Added verbiage and hyperlink redirecting readers to the TFM Glossary