Questions to ask any card processing provider before you sign on

KB article ID:none

General

    1. How long is the term of the contract?

    2. Can the court use other payment providers simultaneously, or is the contract exclusive?

    3. Is the court required to follow all of the rules and procedures of the various card brands, including Visa's operating regulations?

    4. Who pays the merchant account fees charged by the processor, Visa, MasterCard, etc.?

      1. If the court pays them, can the court use its own merchant account in order to be able to negotiate better fees?

    5. Will the court have its own merchant account/agreement, or is the provider a payment service provider (PSP) who aggregates transactions from multiple sponsored merchants (courts)?

      1. If the provider is a PSP, what is the maximum volume, for each card type/brand, which can be processed. As of June 2014, Visa's PSP rules limit the transaction volume allowed under the program to levels which many Judici courts are likely to exceed.

Security

    1. Do you use card swipers connected to a computer? If the answer is Yes, then:

      1. Do the swipers encrypt the card data so that the data is protected while passing across the computer? Some card readers pass the card number and other data to the computer in unencrypted plain text just like a keyboard. So:

        1. Courts and their I.T. staff need to take careful precautions to ensure that the computer doesn't ever get malware which logs all keyboard input. Keystroke loggers are widely available- ask anyone who's been spied on by a jealous spouse.

        2. You'd need to make sure that Clerk staff don't scanning card data into into some other program on the computer (Excel, an e-mail, etc.)

PCI compliance

If the court must follow all card brand rules, then the court has to be PCI compliant- all card types/ brands all require this, even if you don't take cards at the court. See Merchant compliance with PCI standards [Cnv link 3100] for more on this. And even if the provider is a PSP (see above), their contracts with their sponsored merchants are required to explicitly require the merchant to be PCI-compliant. So the following questions are appropriate:

    1. Is it necessary to install any software at the court? On what computer? This is to determine what hardware is in PCI scope.

    2. What PCI self assessment questionnaire represents the court's obligations with respect to PCI compliance? Compare the answer to what you determine from a few basic questions here. [Cnv link, https://sites.google.com/a/judici.com/courtsupport/3100#TOC-How-do-I-know-which-SAQ-applies-to-me-]

    3. Does the payment processor provide tools to assist the court in ensuring that it meets its PCI obligation

Convenience/service fees

    1. Do you charge an extra fee, on top of what is paid to the court?

    2. Do you charge such a fee when payment is accepted by the same payment clerk who handles cash and other payment forms?

    3. Do such fees vary depending on the payment amount, or are they a flat amount?

    4. If they vary, do you accept Visa for such payments?