Statutes, codes, and regulations
New Mexico Administrative Code
Title 2 - PUBLIC FINANCEChapter 60 - INVESTMENT AND DEPOSIT OF PUBLIC FUNDS
Part 8 - ACCEPTANCE OF PAYMENT CARDS AND USE OF ELECTRONIC FUND TRANSFERS
Section 2.60.8.9 - RESPONSIBILITIES FOR PAYMENT CARD ACCEPTANCE

N.M. Admin. Code § 2.60.8.9

Download
PDF
Current through Register Vol. 35, No. 23, December 10, 2024
Section 2.60.8.9 - RESPONSIBILITIES FOR PAYMENT CARD ACCEPTANCE
A. The fiscal agent shall provide payment card services, upon written request by the director of the board, to any agency so requesting subject to the terms and conditions set out in the fiscal agent agreement and individual payment card company agreements with the board.
B. The charge to an agency for payment card services will be the fee designated in the fiscal agent agreement or that set out in the approved third-party processor's agreement. The fiscal agent shall bill the appropriate agency through separate invoices for card processing fees and applicable treasury management fees, if any prepared by the fiscal agent in accordance with the relevant provisions of the fiscal agent agreement. At the end of each fiscal year, the fiscal agent shall submit a report to the board director summarizing the payment card fees and merchant equipment costs charged to each agency for that fiscal year. Each agency will be responsible for all fees as set out in any approved third-party processor's agreement with the agency. Each agency will ensure payments to service providers are timely and compliant with the service agreement.
C. Agencies may be assessed an incremental charge to cover the cost of compliance with payment card industry data security standards.
D. Agencies shall comply with the following payment card industry data security standards vendor management requirements:
(1) Maintain a current list of service providers handling cardholder data, including a description of the services provided;
(2) Maintain a written agreement with service providers that includes an acknowledgement that the service providers are responsible for the security of cardholder data that the service providers maintain in possession or otherwise store, process or transmit on behalf of the agency. The written agreement must also acknowledge any action or procedure that the provider undertakes that may impact the security of the agency's cardholder data environment;
(3) Establish and maintain a program to monitor the third-party service provider's payment card industry data security standards compliance status at least annually. This function will be performed by the State Treasurer's Office for services provided under the fiscal agent agreement;
(4) Maintain documentation describing which payment card industry data security standards requirements are managed by each service provider and which are managed by the agency. The State Treasurer's Office will maintain documentation regarding payment card industry data security standards requirements for payment card services provided by the fiscal agent; and
(5) Ensure compliance with any additional vendor management requirements mandated under subsequent releases of payment card industry data security standards requirements.

N.M. Admin. Code § 2.60.8.9

2.60.8.9 NMAC - N, 8-31-2000; A, 11-27-2003, Amended by New Mexico Register, Volume XXVI, Issue 15, August 14, 2015, eff. 8/14/2015, Amended by New Mexico Register, Volume XXIX, Issue 01, January 16, 2018, eff. 1/16/2018