Current through December 10, 2024
Rule 12-4-2.11 - Development/Hosting Options and Ultimate Responsibility for PCI-DSS and Fines and PenaltiesA. Through a contracted partnership with NIC and Mississippi Interactive (MSI), DFA now provides payment processing services through RFP 3564, Project Number 37577, Statement Of Work 001, Payment Processor Solution. MSI/NIC is the official "Merchant of Record" for payments processed online through the Common Checkout Page (CCP) and Transaction Processing Engine (TPE), reducing the PCI-DSS compliance responsibility for the State of Mississippi by locating the software and hardware for payment processing at NIC's PCI Compliant data center. Agency's will be responsible for training their employees on proper handling of credit card data should they receive it in any other manner outside of the NIC provided solution. This includes completing SAQ A attesting that they have outsourced all electronic processing and properly trained employees. *Please Note: CCP and TPE are components of NIC's PCI Compliant Payment Services that separate the state's online application from communicating directly with the payment processor.B. Responsibility for PCI-DSS continues for agencies that connect their applications to payment processors outside of TPE or CCP within in the state. Also, in the event that an application requires the manual handling or entry of credit card information by agency personnel, the agency is responsible for PCI compliance at the SAQ A level for all individuals within the agency processing those payments. For more information on PCI-DSS SAQ A, please visit: https://www.pcisecuritystandards.org/ .